** Reply to message from "Jonathan M. Slivko" <jonathan.slivko@earthlink.net> on Mon, 19 Apr 2004 13:57:43 -0400 (GMT-04:00)
-----Original Message----- From: "Jeff Shultz, WIllamette Valley Internet" <jeffshultz@wvi.com> Sent: Apr 19, 2004 1:39 PM To: "'nanog@merit.edu'" <nanog@merit.edu> Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
I can burn a CD from ISO in about 5 minutes - how about you? I'm talking about XP users who haven't even updated as far as SP1. Win98 users who have never run an update in their life... Win2k users are usually the most patched up that I've seen - because that went into mostly business environments.
This would at least get them up to the level of the playing field, where the routine updates are not as much of a hassle. Sure, you'll get the little old ladies and gentlemen who will drop by every month for their service pack fix, but that's just customer service.
Doesn't Windows XP automatically do this by default currently?
No, but it will ask you if you want to configure automatic updates. That's still not going to do much for the dialup user who has to download SP1. And we're also talking about the majority of customers who don't have WinXP - and won't be getting it.
If not, it's something that Microsoft should consider setting to "ON" automatically to help defend the users from hackers, and in the same turn, help defend the ISP's network from being maliciously attacked or used for illegitimate purposes.
Then you come up against the "I don't want MS messing with my machine without my permission!" bunch. Who, incidentally, have a valid point. Turning the firewall on by default in SP2 is going to have... interesting results I imagine. Esp. in company environments that use Netbios over TCP/IP. I assume it will firewall 137-140/445 by default.
However - I do think that Windows needs some more improvements in the area of security (which UNIX/Linux already has). However - to Microsoft's credit, they seem to be doing a rather nice job of actually beefing up their security practices. Now, if only they could figure out how to make Outlook/Outlook Express more security-concious because as of the time of this writing, the Outlook Express/Outlook defaults are extremely unsafe.
Does anyone have/care to post a URL that explains how to set Outlook Express/Outlook to be more secure?
That's easy. In Outlook Express: Tools-->Options-->Read. Check the box "Read all messages in plain text" You've just massively improved OE's security. Outlook.... doesn't do this yet, does it? I haven't dug through Office 2003 much yet. -- Jeff Shultz Network Technician Willamette Valley Internet