[snip] : : My argument is that a computer needs to be in a safe state by default. I : firmly believe that if I buy a brand new box from any reputable vendor : with a premium operating system of choice I should be able to connect this : device to a local broadband connection indefinitely. It needs to be safe : without user training or user intervention. : It would be nearly impossible for computer software makers to provide against any type of attack by those so inclined. The result is that they are reactive rather than pro-active. Understand that the software maker wants his product to have all the features and gee-gaws that make it attractive and simple to use, and most work well in this area, but over-compensating for any potential type of attack before delivery is, in my opinion an impossible task. One may wish that there were no vulnerabilities in any operating system, but this is not the case. There are vulnerabilities in all the operating systems in place today. Ther are many admins, (even if the admin is an uneducated end-user) who do not bother to update their sofware or operating systems. This practice is why Linux/Unix systems get chrooted, Windows machines get compromised, even OSX. Some of the vulnerabilities are in the chipset on the motherboard, be it Intel, AMD, or Motorola. The software maker must try to compensate for those failings as well. As long as there arre otherwise bored miscreants who will continue to try to exploit the vulnerabilities they will continue to happen, no matter what the patch position is, no matter the OS or chipset used. Thre are many security capabilities built into many OS distributions, and relatively few are ever implemented. Why? Your guess is as good as mine, but my guess is that it is time consuming of time that is not budgeted. just my 0.02