Opinion, based upon shipping status of other systems: They are shipped
from the manufacturer with maximum networking and access enabled so
that the recipient can do whatever it was they bought the system to do.
Also, some apparent holes were in place for final testing.
And then, after the user buys the system they LEAVE it like that, in
spite of documentation and a warning being shipped along with the
equipment.
BTW: Everyone else getting a massive number of viri-infected email
through the ietf mailing list? Not a good sign...
Keith Moore wrote:
perhaps because they are shipped that way?
Microsoft ships servers with most security features set to low security,
because customers whine and complain otherwise.
for the case of clients, it's more subtle than that.
Microsoft chose the security settings in such a way that low security
was too low, and anything higher was too cumbersome to use, because
they didn't want people to turn off proprietary features like ActiveX
that they believed would give them a competitive advantage. They
provided the appearance of flexibility and fine-grained control, but
not the reality.
Keith
--
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566