Microsoft has it right with at least one thing. You can trust their software to do what it’s supposed to(except Outlook, but that’s another story). I’m talking about the base operating system here. Take for example both the Windows 2003 Server and Windows XP SP 2 operating system platforms..
Both OSes are locked down as factory defaults with most features not even installed by default.
Why is this a good thing?
Take for example an average joe user who just bought a computer a year back. He would take his computer home install his regular software (Like Office, Instant Messenger of his choice, Download Manager, Anti-Virus, etc.). His computing experience would be perfect for the next few days. And then his computer would be attacked by an RPC exploit hack that would render his computer compromised and ready for attack by other, more meaner viruses.
Point is, all he had to do to stop this kind of attack is to turn on a check box in his network settings dialog that “Protects his computer and network by limiting or preventing access to this computer from the Internet”. Now most people won’t even go to the particular dialog page (Advanced) where this checkbox is present. Even if they land up staring at the checkbox, trying to decipher it’s meaning, they will in all probability not figure out that this will turn on their firewall (which is a good thing) and since it’s off by default (which is most definitely a bad idea) they leave it be. And thus open up their PCs for attack.
I, as a Windows user was pleasantly surprised when I beta tested the SP2 of Windows XP and saw all these features done correctly. Even when you start off a base Windows 2003 server system, it has nothing on it. Every service on it must be manually installed and configured to suit the requirements. Now while this is an additional chore for the system administrators, c’mon guys it is your job after all, isn’t it? And the regular issues of Trojan horses and network port access will occur less frequently because of these extra measures; which will result in less work, overall for the same system administrators who installed the operating system.
Why the gripe?
There is the particular friend of mine who’s come to my office and gone home with a fresh system and always forgotten to install an antivirus or enable their firewall or some other security screwup and resulted in complete system compromise leaving her with no choice but a redo from scratch. Several times. Accompanied with data loss. And every time it hurts her as much (if not more) as my sys admin.
So. Kudos to Microsoft for their Trustworthy Computing initiative. You at least have one person who’ll always say it’s a good idea.
Further reading on the TWC initiative is available in an MS Word Document file, here.
Posted while listening to Rob Dougan – Furious Angel
This post helped me find out a very important bug in my particular blogging engine of choice.
I knew that I could name my posts. I went ahead and named a few important ones. What I *didn’t* know was that I was not supposed to put a space in the name because it causes the blogging engine to barf all over the park.
My bad.
-Dheeraj.