Our problems (assuming we're professional sysadmins rather than home dabblers) are several.
1. Home users - don't have adequate protection and get turned into zombies. They then bombard us. OK - this is dealt with by an externally facing firewall but see #2 below.
2. Office workers with laptops or VPN connections to the internal LAN - get 'infected' (see #1 above) and then connect to the internal LAN. They then bombard any newly set-up PC before we get a chance to patch it. BTW you still have to connect to a network if you have a SUS or SMS server.
The "need to patch before I put it on the network" / "need to put it on the network to get the patches" IS a real problem for many sysadmins.
---------------------------------------------------------- If you're happy and you know it clap your hands ---------------------------------------------------------- Does HoTMaiL come with a spell checker?
In an corporate environment, you will have SUS or SMS running. If so, no need for internet access.
If you don't have this, just place a firewall on the box, or before the box. How hard can this be ? You do it the same way, as you would do before you would patch debian/*bsd/gentoo/ect/ect/ect.
There is no real problem here. Don't blame microsoft if you can't come up with solutions to simple security "problems".
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
