Yes I am aware that as default XP Pro SP2 does come with an unpassworded administrator account. However any decent corporate roll out should have this disabled/passworded as new workstations are deployed. Certainly I accept though that the corporate managed environment is a wildly different place from most computer installations and most certainly outside of that regulated environment Windows performs poorly in comparison to OS.X
On VBA, I totally agree, I haven't yet seen any VBA that hasn't been for malicious purposes - and I'm in an academic environment where you'd think people would be using scripting.
.... However any decent corporate roll out should have this disabled/passworded as new workstations are deployed. Certainly I accept though that the corporate managed environment is a wildly different place from most computer installations and most certainly outside of that regulated environment Windows performs poorly in comparison to OS.X
....
That's just it. Security should not be the exclusive domain of those firms with the resources to employ enough IT staff to manage all of its personal computers. There are millions of computers in the hands of home users. There are millions more in firms where the management is done by the users. You can huff; you can puff; you can scream; and you can holler. Nothing you can do will get PC users to implement best practices security measures on their own.
However any decent corporate roll out should have this disabled/passworded as new workstations are deployed.
Then why shouldn't it be disabled/passworded by default?
Our IT guys came up with their own clever solution to this problem, but it strikes me as absurd that they should have to. As you point out above, Microsoft has done a lot of things to make Windows an enterprise-friendly OS. They have their own campus as a testbed. That they still haven't done an even relatively straightforward security measure like this makes me wonder where their heads are.
If I could snap my fingers and go back to when you could run all your ports wide open, have your mail server relay email from anywhere to anywhere, and read USENET without massive filtering or concealing your email address. But it's gone, and anyone who doesn't sacrifice always-on convenience and transparency for security these days is part of the problem.
Decent IT staff shouldn't have to waste their talents on this kind of crap. Corporate rollouts are enough of a pain in the best case.
Comments
On VBA, I totally agree, I haven't yet seen any VBA that hasn't been for malicious purposes - and I'm in an academic environment where you'd think people would be using scripting.
Chris
Originally posted by Chris Hinds
.... However any decent corporate roll out should have this disabled/passworded as new workstations are deployed. Certainly I accept though that the corporate managed environment is a wildly different place from most computer installations and most certainly outside of that regulated environment Windows performs poorly in comparison to OS.X
....
That's just it. Security should not be the exclusive domain of those firms with the resources to employ enough IT staff to manage all of its personal computers. There are millions of computers in the hands of home users. There are millions more in firms where the management is done by the users. You can huff; you can puff; you can scream; and you can holler. Nothing you can do will get PC users to implement best practices security measures on their own.
Originally posted by Chris Hinds
However any decent corporate roll out should have this disabled/passworded as new workstations are deployed.
Then why shouldn't it be disabled/passworded by default?
Our IT guys came up with their own clever solution to this problem, but it strikes me as absurd that they should have to. As you point out above, Microsoft has done a lot of things to make Windows an enterprise-friendly OS. They have their own campus as a testbed. That they still haven't done an even relatively straightforward security measure like this makes me wonder where their heads are.
If I could snap my fingers and go back to when you could run all your ports wide open, have your mail server relay email from anywhere to anywhere, and read USENET without massive filtering or concealing your email address. But it's gone, and anyone who doesn't sacrifice always-on convenience and transparency for security these days is part of the problem.
Decent IT staff shouldn't have to waste their talents on this kind of crap. Corporate rollouts are enough of a pain in the best case.