AOL fixing Microsoft default settings

Stewart, William C (Bill), RTSLS billstewart at att.com
Fri Oct 24 23:29:11 UTC 2003


Most ISPs don't provide users with a heavy-duty client that
replaces or patches lots of the operating system's functions,
though may will offer friendly customized browsers for
users who want them, and a few misguided carriers will 
provide drivers for PPPoE or other evil excuses for protocols (:-)

Generally, ISPs tell you the network settings to use on Windows,
and tell you or let you guess for other popular operating systems,
and they may give you a friendly dialer program that 
knows how to find their nearest POP but doesn't mess around much.

Making major changes to a user's OS violates the principle of
Least Astonishment (which is usually a policy problem,
not an operational one, though you could argue that having a 
random network protocol not work quite right on Windows
is less astonishing to most users than a flood of popups), 
but it also often fails to work successfully on 
security-compromised machines, which is an operational issue.

So it won't stop viruses or trojans or spammerbots or 
crackers or spyware or worms or bad ActiveX or Javascripts.
On the other hand, it could reduce some risks on machines that
aren't cracked, and could reduce the spam level they receive,
and can protect most of the users who aren't doing anything fancy,
so as long as it's part of some friendly user interface menu
and can be turned on and off it's ok.

The alternative place to provide this kind of protection
is in the network edge, which is probably the dial POP for
most AOL users.  If you implement it in a way that can be
turned on or off per user, that's usually much cleaner,
usually more scalable, and can work even when user machines 
are compromised.

	Bill Stewart, bill.stewart at pobox.com



More information about the NANOG mailing list