“Wow, the previous article generated a lot of feedback, which is
nice. This implies that this is something people are concerned
about, and it should be addressed a bit more. Some people also
brought up issues I didn’t cover, and I will admit I didn’t cover
the solutions as thoroughly as I should have. Feedback ranged from
“Excellent article” to “You’re not being realistic, we can’t get
rid of X”. In addition, I made one small error, saying that
Mandrake defaults to installing Postfix – I checked
mail.linux-mandrake.com, and it replies with Sendmail banners. In
retrospect, I see that it claims to be an old version with known
holes, so I suspect the banner is false and put there to confuse
attackers….”
“There is also a lot of controversy over whether to enable
things by default or not. There are basically two
arguments:”
“Don’t enable things by default-make users turn them
on. This is a lot safer, and generally speaking users will
notice much faster that things are turned off, than they will
notice that they are turned on (if NFS is running, most home users
will not notice it, nor will they use it).”
“Or, enable things by default and make life easier for
users. This will generate fewer complaints (“NFS is broken!” –
“No it’s not, you just have to turn it on!”). This is generally
what most vendors do (for example, Sun and IRIX, with their love of
RPC-based services).”