I'm not entirely sure why, but safe computing comes naturally
to me. Like driving with seatbelts unfastened really bugs me.
I feel naked. Foreign apps are assumed hostile. Data might be,
so apps have to be armored. MS apps have to be reconfigured before
they could possibly be safe. Their defaults are in the realm of
criminal negligence. NIST has help.
I agree completely *but* as I say, I've been "caught" and I'm pretty
careful. From what I've seen of other other peoples' systems, if it's
inconvenient -- e.g. having to logoff/logon/logoff/logon to install
software -- people will not follow the "rules". Things that are accepted
globally as part of everyday life, like .doc files, are absolutely nuts but
nobody's making an effort to fix "it".
Direct connect anything to the Internet (even a buttetproof OpenBSD
box) is risky. What is the reward? Better first go through a
hardware firewall. Keep the worms out. Good apps and privilege
isolation (even on MS-WinNT+) will keep the trojans out.
I haven't seen a recent firewall but the one on our Netopia router had only
two very rudimentary factory port blocking profiles. If you have to learn
the ports to block, it's usually after the fact. As for "good apps" and
privilege isolation on M$'s OSes, IME people are very selective about which
rules they'll follow - if they don't like the rules, they bend them (see
above); if they really like the app, e.g. Skype, they don't even want to
hear about "vulnerable"... yes I know Skype is not so bad now -- still some
discussion/controversy there all the same -- but there were lots of red
flags when it first came out.