Wireless security (was Re: [Wolves] PDAs - a vague question)

[Aquarius]

Ron Wellsted spoo'd forth:
> <rant>The biggest problem is the "it does what it say right out of the box" 
> requirement for everything when that is not alway appropriate.  MSBlaster, 
> Sobig et al could not have worked if the "features" they exploited were 
> disabled by default and had to be explicitly enabled.  When you buy a TV or 
> VCR, you have to set it up and tune in to the local stations.  OK, some 
> people stop at this point so the clock flashes 12:00 for the rest of time, 
> but they have done the minimum required to get it to work.  So why can't M$ 
> do the same? because they don't want to support what they sell? because they 
> know just how bad their code is?

Actually, in their defence, Windows Server 2003 does ship with stuff
turned off by default. I was pleasantly surprised to hear that that was
the case. It worries me that Linux distributions do *not* do this, so
there's a danger that MS have listened to some security lessons and
Linux distros haven't...

Aq.

-- 
"Out of the frying pan and into the very same, identical frying-pan.
 Smegging great."
	   -- Lister, "Last Human"