[Dshield] More secure default configurations?
abuse at what4now.com
Sun Mar 20 04:53:22 GMT 2005
** Reply to message from Miles Stevenson <miles at mstevenson.org> on Fri, 18 Mar
2005 10:43:09 -0800
I have to disagree with you.
> All software should have the capability to be properly secured. Writing secure
> code and offering security functionality is the responsibility of the OS
> vendor. But configuring the security of a computer system appropriately is
> the responsibility of the system owners. Instead of blaming OS vendors for
> not implementing more secure default security configurations, how about
> persuading users that they should want more restrictive but secure
> configurations? If the majority of users demand (actually desire) more secure
> configurations of their systems, the laws of supply and demand will ensure
> that vendors will respond.
Lets talk about the most used system, Windows. Since Windows is sold as an
appliance (as it is advertised and sold to users as needing no training
whatever to use, which is false) it should be secure from the start. When
someone that does not have a clue about anything technical and buys a computer
to use at home it must be secure otherwise it will never be secure. When I say
secure I mean it should be locked down with a firewall so that the user can
send/receive email and browse the net but should not be allowed to execute any
executable and/or script. That way the user is does not get viruses and
trojans loaded on their system. This will allow most users (which will account
for more than +95% of the current Windows users) to access what they need and
not be vunerable to attacks, users that want to do more things will need to
learn how the system works and open up the system more. As it is now those
non-technical users are a real problem because their machines have been
compromised and are now probing are systems looking for more machines to infect
or they are sending us tons of spam.
More information about the list