You mention that text files work for UNIX. And so they do, being a devoted Linux user I fully agree. However, I cannot imagine a corporate IT department attempting to support an enterprise wide deployment of Windows and having to tweak config.sys files.

Without getting into the trite, tired argument of why *NIX hasn't taken off, I just remind you that despite the technical superiority of many design decisions, it has failed to. It has failed to when available free of charge while Windows products (when purchased separately) averaged almost $200 US dollars for a single machine.

There must be a compromise between features being disabled by default and everything enabled out of the box. Providing an installation system which allows more than a series of clicks on the next button would be a great start. Extending the WMC to include more control, finer grain, and better documentation of both functionality and consequences would be excellent.

As the original piece states, security is not cheap, easy, or a single product. Security is a mindset, a process, and non-stop. MS has the resources to make security a cornerstone of their product line, however it is going to take time and dedication. They have products which are secureable, they have management tools which would allow IT departments to design their own security policy, and enforce effectively, if those tools are extended in reasonable, intelligent fashions.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/315/10105#10105