Re: Fw: Re: Odd Behavior - Windows Messenger Service

[Jay Sulzberger <jays () panix com>]

On Sat, 19 Jul 2003 Valdis.Kletnieks () vt edu wrote:

> On Sat, 19 Jul 2003 11:21:57 EDT, Michael Gale <michael () bluesuperman com>  said:
>
> > Sure it would be great is Microsoft released secured versions of Windows but
> > then average users like my parents and sales people would require a greater
> > understanding of computers and security in order to use them because they would
> > find all these features they so love to be disabled or blocked.
>
> Many people in the security field think forcing people to have enough of a clue
> to find things to enable them would be a Good Thing.
>
> How much random scanning on port 135 would there be if Windows simply
> prohibited wide-open sharing of C$ and anonymous enumeration of accounts?
> Yes, people would then have to *think* about who they really wanted to share
> their data with - which is more work than Redmond has traditionally wanted
> users to do.
>
> However, I am of the opinion that the Redmond model is a false time-saver,
> because it trades the "5 minutes to figure out how to share only the folder you
> want with only the other machines you want" with the "days lost when you get
> hacked by something via a wide-open share".

This is the paradigm case of "first, even most blunt, cost benefit estimate".

oo--JS.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html