[4778] in WWW Security List Archive
Re: C2 improves executable content security, but doesn't solve the , prob
daemon@ATHENA.MIT.EDU (David W. Morris)
Wed Mar 12 05:11:40 1997
Date: Tue, 11 Mar 1997 23:47:50 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: Jay Heiser <Jay@homecom.com>
cc: WWW-SECURITY@ns2.rutgers.edu
In-Reply-To: <3325B3A7.3481@HomeCom.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 11 Mar 1997, Jay Heiser wrote:
> 3) IMHO, its harder for an inexperienced user to safely setup a UNIX box
> then it is for Win95, DOS, or the Mac. Given that most versions of UNIX
> respond to a variety of network protocols by default, a newbie would be
> much more at risk to use UNIX than Win95. UNIX is just not safe out of
> the box. It should be professionally administered if used on the
> Internet, but the 'less fortunate' operating systems you refer to don't
> have risky server daemons.
Win/95 is really easy to install in a risky fashion with no clue. The
advantage unix might have is the fear factor ... a newbie is less likely
to use a unix variant in the first place. All it takes to make a Win/95
installation vulnerable is to:
1. Configure TCP/IP as the default protocol
2. Configure MS File Sharing
3. Share your hard drives w/o passwords
The first happens by default or almost default and I think two and three
are pretty common in small organizations.
Dave Morris
