Windows hasn't rendered active content by default since XP SP2. It has never
rendered it by default in Vista or Windows 2003.
Windows also no longer runs as administrator by default (I guess you havnt used
Vista yet).
Its not just in theory. For instance IIS is now so improved that many sites fed
up with the constant hacking, exploits, defacements and patching regime
dependency compatibility issues that they experience on Linux are migrating
over to Windows server 2003. This has been a consistent trend for some time now
and Apache just dropped below 60% market share for the first time since 2002 as
a direct result of cumulative migrations from Linux to Windows.
As you say 'most installations are now secure by default'. Touché.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eugen Leitl
Sent: 13 February 2007 10:34
To: or-talk@freehaven.net
Subject: Re: Re: PHP coder needs Tor details
On Tue, Feb 13, 2007 at 10:25:54AM -, Tony wrote:
This is offtopic, but...
Actually Windows does exactly the same thing. e.g. the 'Network
Service' and 'Local Service' accounts. See
http://www.microsoft.com/technet/security/midsizebusiness/topics/netwo
rksecurity/securingaccounts.mspx
The point is that rendering active content is default, and running everything
as administrator is default (in fact, most Windows userland software needs to
be installed and run as administrator) -- the technology and the culture
conspire to give us the 250 Mzombie Internet experience we love.
People seem to forget that the original and worst worm outbreak ever - that
efffectively shut down the internet for days was on UNIX...
That was a long time ago. Unix is diverse, and most installations are now
secure by default. The technology and the culture work together, and lower
profile is one of the key points that diversity is good, monoculture is bad.
Windows might have its problems but they are not unique.
You're correct only in theory.
--
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE