> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of gregh > Sent: Saturday, 19 July 2003 8:42 p.m. > To: [EMAIL PROTECTED]; 'Disclosure Full' > Subject: Re: [Full-Disclosure] Odd Behavior - Windows > Messenger Service > > > There are different levels of "open". > > Certainly are. In this case the term would be "wide open". > Take an easy example. Put a 98 box on your lan with a program > on it and go run it from any other machine while it is > waiting to be logged onto locally.
Well, "wide open" is same as anything else in the world. OP was talking about a *default* installation. I assume that you, as any other security aware person, will harden it's box before putting it on the Internet. And you can install a host based firewall and make it even more secure. Putting a 98 box on a LAN is equivalent with putting RedHat 6.2 on a LAN. > OK well I wont be condescending - I'll just say that if > Microsoft acknowledge that it is something they will take > care of by making it an option in the future as they said > when I reported it to them last year, then someone obviously > thinks it CAN be a problem. I don't really see a point in implementing this. So, if I understood you correctly, they won't allow any network connection to a box until you log in??? IMHO, that's not need feature at all. And besides, you won't be able to use it if you have a network logon (domain). What about when you lock your screen and go away? > That was in reference to: > > >> I don't see a reason on bashing WinXP for starting a RPC service > >> automatically when absolutely everything does that (don't > mention obsolete > >> Oses please). I still see no connection between WinXP starting a RPC service and a company next door to you not needing anti-virus. Anyway, this is going waaaay from the list charter (IMHO, again) and I won't participate anymore and filling everyone's mailboxes unless it will be related to some security issues. Best regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
