Secure by Default

Threat level definition

Secure by Default
Tim Mullen, 2003-04-27

With Windows Server 2003, Microsoft has finally produced an operating system that isn't begging to be hacked on the first boot.

Expand all | Post comment

Secure by Default - oh boy, here we go again. 2003-04-28
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-28
Anonymous (2 replies)

Secure by Default - READ BEFORE YOU POST. 2003-04-28
Anonymous (1 replies)

Secure by Default - READ BEFORE YOU POST. 2003-04-29
Anonymous (2 replies)

Yawn. Another "I'm more geeky than you" pissing contest. (N/T) 2003-04-30
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-30
Anonymous (2 replies)

Secure by Default - READ BEFORE YOU POST. 2003-05-01
Anonymous (3 replies)

Secure by Default - READ BEFORE YOU POST. 2003-05-02
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-05-02
Penguinisto (1 replies)

Secure by Default - Learn something (before you reply again). 2003-05-06
Anonymous (1 replies)

Oh puh-leeze - you have to resort to sematics games? 2003-05-08
Penguinisto

Secure by Default - READ BEFORE YOU POST. 2003-05-03
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-05-06
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-30
Anonymous

Secure by Default, Insecure by Birth 2003-04-28
Drek Software Inc. (2 replies)

Secure by Default, Insecure by Birth 2003-04-28
Anonymous

Secure by Default, Insecure by Birth 2003-05-03
Anonymous (2 replies)

Secure by Default, Insecure by Birth 2003-05-05
Anonymous

Secure by Default, Insecure by Birth 2003-05-06
Anonymous

Secure by Default 2003-04-28
alexbal

Secure by Default 2003-04-28
Anonymous

Secure by Default 2003-04-28
xenophi1e <oliver.lavery@sympatico.ca> (1 replies)

This article may be vaguely interesting for the one fact it contains, but the reasoning it demonstrates is quite deeply flawed.

Mr. Mullen is arguing from the premise that "Everything-on by default causes a system to be insecure". He then proceeds to argue that simply because the antecedent is now false in the case of win2003, the consequent, that windows is an insecure system is also false.

Clearly this is not a logically valid argument, in fact it is a classic error in reasoning. Windows may no longer install everything and the kitchen sink but this in no way implies it isn't begging to be hacked on the first boot. Having sane installation defaults does not make a system secure; it prevents the system from being obviously and fatally insecure.

While we should thank Mullen for his factoid, this article does little but convince me that his reasoning is hampered by extra-rational prejudices.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/157/19617#19617

It's partly real, but partly a PR thing 2003-04-30
Anonymous

Well, I'll give you this much, Timster... 2003-04-28
Penguinisto (4 replies)

Well, I'll give you this much, Timster... 2003-04-28
Anonymous (6 replies)

Well, I'll give you this much, Timster... 2003-04-29
Anonymous (2 replies)

Well, I'll give you this much, Timster... 2003-04-29
Penguinisto (1 replies)

Well, I'll give you this much, Timster... 2003-05-03
Anonymous (1 replies)

Well, I'll give you this much, Timster... 2003-05-05
Penguinisto

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
xenophi1e <oliver.lavery@sympatico.ca>

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Penguinisto

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Anonymous (2 replies)

Zealotry comes in all forms. 2003-04-29
matt@beatlab.org (2 replies)

Zealotry comes in all forms. 2003-04-29
blacklight (1 replies)

Zealotry comes in all forms. 2003-05-02
Penguinisto

Zealotry comes in all forms. 2003-05-06
Noran Rad

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-30
Anonymous (1 replies)

Well, I'll give you this much, Timster... 2003-05-02
Penguinisto

Well, I'll give you this much, Timster... 2003-05-03
Anonymous

Secure by Default 2003-04-29
blacklight

Secure by Default (Pathetic) 2003-04-29
Anonymous (3 replies)

Secure by Default (Pathetic) 2003-04-30
Th. Klein

Opinionated by Default (Pathetic) 2003-04-30
Bruce

Secure by Default (Pathetic) 2003-05-02
blacklight (2 replies)

Secure by Default (Pathetic) 2003-05-02
Anonymous

Secure by Default (Pathetic) 2003-05-03
Anonymous

Secure by Default 2003-04-29
Anonymous (1 replies)

Secure by Default 2003-04-29
Doug Sibley (3 replies)

Secure by Default 2003-04-29
Anonymous

Secure by Default 2003-04-30
Anonymous

Secure by Default 2003-05-03
Anonymous

Secure by Default 2003-04-29
Anonymous (1 replies)

Secure by Default 2003-05-01
Anonymous

Hrm 2003-04-30
DC0 (1 replies)

Hrm 2003-05-02
Ryan Lambert

Secure by Default 2003-05-02
Ryan Lambert

Where can I find the companion texts you cited? 2003-05-02
Jim Barrett (1 replies)

Where can I find the companion texts you cited? 2003-05-06
Anonymous

Partial list of on default default services in ws2003 2003-05-05
Anonymous (1 replies)

Partial list of on default default services in ws2003 2003-05-06
Anonymous

Privacy Statement
Copyright 2009, SecurityFocus