[widebody911]

Quote:

Originally posted by mikester
Windows is no intrisically weak; it's default settings are.

That's like saying a stock 1950 VW bug is not intrinsically slow, it's because the user hasn't installed a 3L turbo engine in it.

That's the user's fault too. When you go home at night you lock your doors but on your PC you leave them all open and leave services you'd n ever use turned on an beaconing - "Here I AM!"

Back to the 'intriniscally' bit. Window's default model is 'leave every port open and every service running, and it's up to the user to figure it out before they get r00ted'. The average user wouldn't know a 'service' or a 'port' if you dropped it on their toe, in much the same way that an infant wouldn't know to close and lock the doors in the house.

People need to either learn to configure their computers or pay someone to do it for them or put a firewall on their network.

Again, most PC owners are IT infants. Your expectation of a new PC user being able to secure her machine is about as realistic as that of a new car owner being able to rebuild her transmission.

I investigate my network to see which ports/protocols I need to operate and then I close everything else down by turning it off at the server, blocking it with a firewall software at the server and access-listing it out of my network on the routers and firewalls.

That's great, but I'm guessing you didn't just bring home your first computer from the mall last night, sitting there wondering why the cupholder won't close now.

Granted, I'm a pro - but I don't blame Microsoft because they aren't the only ones with the problem. Try doing a bare bones install of Redhat and see how many services you said *NOT* to install get installed and turned on anyway.

I can't count the number of media-level installs of RedHat I've done. The only way you're going to get into a virgin box is via ssh or on the console. xinetd, telnetd, rshd and vsftpf/wuftpd, etc won't get installed unless you specifically asked for them to, and then chkconfig'd them on.

Solaris is the same way,

They've changed a lot of that with Solaris 10

Back to the windows weaknesses: there are fundamental flaws in both the structure of the OS and the implementation philosophies that have led to the mess we have today. Apart from having every frickin' port and service turned on, there are so many holes in the service daemons and the end-user apps that once something does come port sniffing, it's all over. It's not so much that the doors are open, but all of the walls of the house are set up to fall like dominoes.

To their credit, MS is finally getting around to fixing some of them, but it's too little, too late, and too slow.