Guus,

I can only truly relate to this thread from my personal experience. In the course of my work as a Network consultant (basically I perform network admin duties for several small businesses), I have noticed that many people and smaller businesses don't know or seem to care about security. The overwhelming majority of people I work for expect the network server and gateway to work like a personal Win98 machine - i.e. single user with nothing locked down. This kind of mentality has been carried forward to 3 Window -> Linux migrations which produced 3 new clients of mine :-)

What I have seen from these 3 clients is that the company has 1 person in-house who has the supplemental duties as an administrator, but deals mostly with workstations. This in-house admin hears alot of talk on the web concerning the security benefits of running Linux over windows and persuades management to make the switch (or management makes the switch because of MS's new licensing scheme). Neither management, nor the in-house admin knows even the basic theory of how security should work for a multi-user, internet-connected network. As a result of this, and because of the ease in installing the newer Linux distributions such as RedHat and SuSE, a properly secured system in NOT setup to begin with, nor is it properly maintained for security patches.

The end result of this or similar sequence of events is a hacked network and upset management people due to loss of data and work time.

IMHO, the major distributors of Linux need to concentrate not on a slick-working GUI environment, but on having a secure OS on first installation - itmes such as www, ftp, and telnet services running chroot'ed, with ftp being limited to real users by default, and having better firewalling capabilities out of the box (iptables with a more intuitive setup utility instead of ipchains). Also, having a better default password policy would be good as well (say a minimum of 8 characters, must be mixed, witha 30 day max lifespan for ALL accounts). Once better secured default installations are accomplished, then the distro's can work on making the interface prettier and more friendly. Thats just my opinion.

Cheers,
Bob