Yes things have improved with MS server, in some defaults
but the defaults for the desktop have stayed in the open setting. they claim they'll be closing them in Vista. This still begs the question -
Unix, and most DOS based software, had these things default set to the secure options, and they've been pointed out as issues since W95 was released, WHY HAVE MS TAKEN 10 years to react? Makes you wonder, if they had some ulterior motive in having the systems unsecured.
Setting some of these setting to the secure option as default, still doesn't close off the designed holes for exploitation by MS applications. That was a bad idea from day one, yet they still have them, and they're still causing problems, over a decade later.
I've made Windows servers and networks secure, but it's taken three to five times the resources to do when compared with Unix / Linux set up. It also takes about triple the administration to maintain.
With one W2K Adv Svr set up, every patch applied to Windows crashed the system. We soon learnt to not apply patches until we had a super critical one to apply. Then we rebuilt the system, applied all SPs and patches to date, THEN we spent two days hardening the system. The troubled turned out to be, in order to harden the system we removed and closed off services that made the system vulnerable, and some were needed for MS to apply the patch. Great way to do business.
