On Saturday 19 January 2002 10:47 pm, you wrote:
> Actually I would rather hope AOL would alter the Red Hat build into
> something that isn't so exploit friendly. 

What makes the Red Hat build so exploit friendly anyway (compared to other 
distros)..the newbie asks?

>I would be gravely concerned if
> the stock Red Hat build was put out there for the general AOL user. Those
> users should be using something that is pre-locked down. The code ought to
> be audited and it should be configured so that it can exist for long
> periods of time on the internet without requiring constant patching. 

I frequently see patches for many Linux applications designed to fix security 
holes.  Exactly how would AOL implement these many applications in the distro 
and provide perfect auditing when the developers seem to often miss security 
holes themselves?  I could be wrong since I am really new to Linux, but I see 
security patches all the time.  However, script kiddies don't seem to exploit 
them, (unlike Windows) so very little attention is made of it.
  
>As long as the various Linux/GNU system exploits keep coming it makes the
> environment undesirable for non-hobbiest/corporate settings.

My point exactly.  Linux, with all it's security measures, still seems to 
have it's share of problems.  I often see the term on this list; " security 
is a process not a product".  But the average public seems to think Linux 
"the product" is more secure than Windows "the product".  Am I wrong here?  
The idea of a process completely eludes most new Linux users.  Considering 
the complexity of security measures, can the average desktop (home) user 
really be expected to provide the level of expertise necessary to secure 
his/her own PC?  People at home rely on security products, and companies 
continue to serve them.  The idea that security is a process and not a 
product is not at the forefront of a home users concerns.  They will look to 
products like Norton or Zone Alarm for protection.  Even though they may  
mistake the level of protection offered.  In the end, I really don't think 
most new users of Linux will embrace the idea of "security as a process".  
They expect the OS to be secure.  And that expectation should be fulfilled as 
much as possible.  Please not that I do believe security is an ongoing 
process and not a product solution...but thats my two cents. 

Heck, half the people on AOL seem to think IT is the Internet!

<snip>