As much of a flame magnet as this post may be, I'd actually like to
commend MS for their security efforts on Windows XP.
If you don't know how to update your system, who cares, XP bugs you by
default to install updates. If you don't click on "OK" when it tells you
to patch security wholes, who's to blame? MS can't push it, or there'd
be yet another lawsuit.
If you're not clued enough to understand the concept of passwords in
networking security, they've put in a very simple fix, which disallows
any user to be used to connect to an SMB share if it has a blank
password. Quite a leap from Windows 2000 which doesn't even prompt you
for a password to the administrator account it creates.
While none of this would stop a determined hacker who has some reason to
get to data on your hard drive or something, it does stop the casual
exploit scanner from finding machines with open admin access and easy
access to install backdoor services, which is more than I can say for
most distros of various Unixes.
Most computer manufacturers offer their computers with antivirus which
automatically update.
The adware and spyware stuff, well, users install software, not much you
can do about it. Couldn't you just see MS not allowing the install of a
program on Windows because it's got spyware? That's a PR nightmare.
As another flame magnet statement, I'd just like to point out that
linux/freebsd/solaris et al are not designed for the average user to
install. The entire lure of linux as a desktop OS is that it's
customizable by the user who feels too confined in a "spoon-fed windows
environment".
Wouldn't shipping a system that has functionality disabled in lieu of
security go against this simple principle?
If you're such a "computer geek" that you decide you need linux, you'd
think you'd do a small bit of reading before jumping into it and
installing an insecure machine.
As for systems in a server environment, well, I just can't think of any
excuse for a sysadmin who installs insecure servers. If you didn't know,
than you shouldn't be installing the OS in a server environment anyway.
Best regards,
Hunter Pine