If Microsoft set the 'deny by default, allow by exception' rule, idiot users would scream bloody murder when they installed the firewall and nothing worked by default.
Same problem they had with file sharing -- which is probably why they originally set the default share permissions to "Everyone - Full Control" and then to "Everyone - Read" to make it easy for idiots to share a folder.
Nothing new in this logic -- some organizations make everyone a member of the "Administrators" (or heaven forbid, "Domain Administrators") group to give them easy access to everything. Usually the trick of a lazy or ignorant admin.
In any case -- it is a no-win situation for them. If they made things too tight out of the box, they'd have tens of millions of complaints because nothing works -- if they do it as they have done -- they get millions of complaints because it is insecure by default. No way to make everyone happy.
Discussion on:
Message 1 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
