moin, moin,

One of the advantages of m$ is that not every box can be a server, which
limits what can be done and also limits the services it can offer. Does that
really make it any more secure?

Last time I was working with a group of NT admins was when back-orifice came
out for win2k and was Open Sourced. At the time back-orifice was the best
remote admin tool for an m$ box available. If it could get a workstation it
would own the PDC. I think it worked for all flavors of m$.

Most m$ boxen, however, don't have a PDC and most are using a weak OS like
95 or 98. I would think a little C would make it possible to launch a
network attack, though. Is that correct?

Linux, OTOH, is definitely a powerful beast even if you've toned it down.
Easy enough to add stuff again: apt-get install ... :).

The real issue here is that we need to help those who are adminning machines
to make sure they've got security updates installed. Real easy to do with
debian. I've got a cron and a couple of lines of shell script that handles
most of it automagically. Gets *only* security updates.

Doing the same with others dists, in my experience, sucks. Mandrake might be
there with urpmi. RedHat might have it, but you have to pay for it. Security
updates should be *free*, as in beer! I don't care who the vendor is. Will
sun ever go there? I doubt it :(. m$? Not as long as they can charge for it
:(. There should also be a way to separate security updates from improvements
and other cruft.

Actually, I want to start pushing debian to categorize their security
updates: remote exploit, local exploit, physical exploit. Each of those
categories should list root or user access. An example is lilo updates. I
really don't care. If someone's in my house I have a bigger problem than
worrying about whether or not he knows more about Linux than I :). JLF
probably sees that differently :).

cioa,

der.hans
-- 
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
#  A t-shirt a day keeps the noose (tie) away. - der.hans