On Sat, 25 Jan 2003, Neil J. McRae wrote:
I think you are on the right lines below in suggesting that products and services should be supplied safe and not require additional maintenance out of the box to make them so (additional changes should make them weaker)
There is no such thing as safe! You have control over what risks you want to take the aim should always be to lower them but if you want safe, pull the power plug, place your box in a large metal container and sink it in very deep waters.
Agreed but on the assumption people will connect their new PC to the Internet the supplied OS should be appropriately configured.
I don't know of an industry where costs aren't always being lowered.
I dont know of one where prices are below cost values such that players of all sizes regularly go bankrupt and services are squeezed harder and harder.
Microsoft and XBox is an example, lots of industries have loss leaders. Still waiting on evidence that most security issues are due to Microsoft though!
A loss leader does not cause bankruptcy, they have a profitable section to sustain the loss making product. In our industry we just seem to run with too small a margin. Hmm dont think I can argue the Linux vs MS point tho, its a big can of worms! This may be academic tho in our discussion, are you saying COLT uses MS servers in favour of linux for its public services? The question of which is more secure depends on numbers, application, etc I see loads of linux patches every month that I dont install because I have not installed or disabled most features in my OS. I believe if you count security bulletins linux has in fact overtaken microsoft. On the other hand if you count incidents you'll find the Codered, Nimda and probably this one too at the top of the list. But then offset that against the market penetration MS has into joe public.. and so on. Heres my advice to the uninitiated. Run linux, run firewalls, disable what you dont need and listen to folks who have real world experience. Steve