[EMAIL PROTECTED] <> wrote on Saturday, June 19, 2004 4:49 AM: > There is nothing to _prevent_ an untrained administrator from granting > that privilege to all users (I have seen worse), but there is > a damping > effect provided by the fact that behavior _defaults_ to constraining > those users.
I think you missed my point completely. A little over ten years ago, the same "damping effect" was provided in TCP/IP as you say is present for DECNet. That is the sum total of my point. The only difference is popularity. As with so many other security comparisons, the technology has very little difference, it is merely the quality of system administrators that sets the systems apart. There are complaints over the monoculture of Microsoft, but if the users and administrators of existing unsecured Microsoft systems were to jump to other operating systems, they would a) choose the easiest, most open systems, and b) leave them just as unsecured as they were before. That's not to say that some operating systems don't have technological boundaries that make it easier to remain secured. But it is to say that _unless_ those technological boundaries exist, moving an admin or a user from one operating system to another will not improve their security situation in a meaningful manner. There is something to be said for using the less popular platforms, of course - viruses and worms tend to be written for maximum damage, to infect maximum numbers of systems, and can only achieve that by attacking the most popular platforms. For all that it is bug-ridden and full of security holes, a Windows for Workgroups 3.1x system put on the Internet today would probably remain unhacked for months or even years. Alun. ~~~~
