I can't imagine that you're really serious... so I'll have to assume you were playing devil's advocate. Otherwise I'm afraid the majority of us would have to disagree with you - particularly anyone working in tech support... ;-)
I agree that vendors/developers should do their utmost to ensure that their product is secure from the outset, and that once a security flaw is discovered it should be made public, along with a fix. However, I have to challenge the idea that exploiting known holes is going to make life better for anyone. Assuming a person were sufficiently inexperienced to patch and update their IIS box to a relative level of security (because let's face it, the internet is a major security flaw) - how, pray tell, will they be able to: A) Get apache or an alternative going, B) set it up securely and C) keep it updated? Linux is cool, and those of us who use it realise that. But it's not the answer for everyone, and if you're realistic about it you can easily see why. philip brock > Yes, and the sort of home user that has an unpatched IIS, and the > attitude towards security that leads to this situation, is likely to > have many other holes open, so perhaps scanning would be a good idea. > > Exploiting any found holes could be a great way to switch someone from > windows to linux too. > > Kurt
