The Uneducated Enduser (Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT))

Doug White doug at clickdoug.com
Tue Apr 20 16:40:34 UTC 2004



[snip]
:
: My argument is that a computer needs to be in a safe state by default. I
: firmly believe that if I buy a brand new box from any reputable vendor
: with a premium operating system of choice I should be able to connect this
: device to a local broadband connection indefinitely. It needs to be safe
: without user training or user intervention.
:


It would be nearly impossible for computer software makers to provide against
any type of attack by those so inclined.  The result is that they are reactive
rather than pro-active.

Understand that the software maker wants his product to have all the features
and gee-gaws that make it attractive and simple to use, and most work well in
this area, but  over-compensating for any potential type of attack before
delivery is, in my opinion an impossible task.

One may wish that there were no vulnerabilities in any operating system, but
this is not the case.  There are vulnerabilities in all the operating systems
in place today.   Ther are many admins, (even if the admin is an uneducated
end-user) who do not bother to update their sofware or operating systems.

This practice is why Linux/Unix systems get chrooted, Windows machines get
compromised, even OSX.

Some of the vulnerabilities are in the chipset on the motherboard, be it Intel,
AMD, or Motorola.
The software maker must try to compensate for those failings as well.

As long as there arre otherwise bored miscreants who will continue to try to
exploit the vulnerabilities they will continue to happen, no matter what the
patch position is, no matter the OS or chipset used.

Thre are many security capabilities built into many OS distributions, and
relatively few are ever implemented.  Why?  Your guess is as good as mine, but
my guess is that it is time consuming of time that is not budgeted.

just my 0.02




More information about the NANOG mailing list