Operating Systems need to be secure by default.

An automobile manufacturer couldn’t sell cars without basic security – i.e. locks. It would be irresponsible. Even for country dwellers who may rarely or never lock their cars, the ignition lock is an essential safety feature. Imagine if a three year old could get in a car and start it! It would both be immoral and the car manufacturers would get their pants sued off in our litigious society.

Operating Systems need basic security built in and need to be secure by default. For example, an unpatched and unprotected Windows system on the Internet will be compromised in 20 minutes on average according to the SANS Institute! And this compromised machine can be used by hackers for denial of service attacks, to help hide malicious hackers tracks, to host kiddie porn or pirated software, to send endless spam, etc. In other words, your insecure machine on the Internet can adversely affect others, just like a drunk driver is a threat to more than just themselves.

Operating systems are NOT secure by default. Usually most of the settings are wide open in the default and hence therefore most commonly used configuration. Default passwords are often not changed and are easy to find – try googling “default passwords.” Although Windows has very recently made some needed but still impressive strides in the right direction with Windows XP Service Pack 2, OSs are NOT secure by default. This includes Windows variants, Linux and Unix variants, etc.

Actually ALL applications need to be secure by default. Yes, ALL applications! Even that game on your PC could contain a Trojan or be exploited and allow a hacker to gain a foothold on your machine and network.