--On 08 December 2002 23:16 -0500 Sean Donelan <sean@donelan.com> wrote:
It takes a lot of time to talk individual users through fixing their computers. Especially when they didn't break it. They just plugged the computer in, and didn't spend 4 hours "hardening" it. Most of the time we're not talking about very complex server configurations, with full-time system administrators. The "magic" CD would be for people who don't know they are sharing their computers with the Internet.
How unfortunate that the magic CD you refer is not the one with "Microsoft Windows" written on the front :-p Seriously, it is faintly ridiculous that we have operators talking about a magic CD to fix the broken default installations of various operating systems (I include Linux etc. here too). If OS vendors shipped, by default, less broken configs (or at least configs that turned services off - e.g. port 137 - when not required), much, though not all, of this problem would go away. Just like it is (now) considered irresponsible to ship a PABX/Voicemail system with open dialthrough, the same should be true of operating systems. In many such OS's, like it or loath it, automatic or semiautomatic update mechanisms already exist. This would seem to be a good use to put them too. Perhaps NIPC etc. should start talking to OS vendors. Concrete example (not to pick on MS for a change) - every time I've installed a Linux machine I spend 10 or 20 minutes rewriting the (kernel) firewall rules for the box to suit the apps I have installed. It's a completely automable task. Someone unfamiliar with either IP or UNIX would find writing such a script very hard and it would take them much longer. Do mainstraim distributions include such an automatically built script by default? Not to my knowledge. Alex Bligh