[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Painful USA Today article (was RE: ANN: RESTTuto
>Maybe it was relevant 10 years ago when "Is it plugged in?" was a >reasonable question to ask. But now that we are breeding a generation >of computer literates, isn't it about time to deliver software with all >the idiot features turned off rather than on? John * Half of the users who got code red did not even know that a web server was running on their machine - perfect example of your point * Every SQL Server worm I have seen so far depends on the DBA having installed SQL Server with a blank password - this is more a case of "laziness" than idiocy, and not really a "feature" that could be left turned off. But certainly the setup program could demand that SQL admins do not use blank password when installing. Protect them from their own laziness, basically. * The vast majority of Outlook worm damage did not rely on "automatic invocation" of code, but instead deliberately launching an attachment by the victim. But launching attachments with double-click could be considered a "feature" that helps the user be lazy. If users are forced to save the attachment to file, then open it from disk, would that have slowed the pace of the viruses? Probably slightly at least. * Installed by default in Outlook was the ability to have code send e-mail and lookup addresses on behalf of the user. The first outlook worms used that API. The new versions of Outlook (and patches for previous versions) made this impractical, so the next batch of worms connected TCP directly using port 25. Would installing with CDO (the automatic e-mail API) off by default have made a big difference? Possibly. So I guess the answer to your question is a resounding YES! In the four cases I mention above, the software has been changed and people are now forced to deliberately choose to be exposed, and are not exposed by default installation. "Deliver software with all the idiot features turned off rather than on" has become something of a religion at Microsoft in the past year. Along with, of course, a bunch of other axioms of good security, like "why the heck are you installing that as a service??" :-)
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|