Catch.... You're in the wrong place.... If you want security discussion at your level there are the uber leet places for you..... If you want to help us less than leet dorks please feel free.... But your uber leet attitude in this less then leet world does us no good and makes you look silly......
I don't think there is anything that Catch discusses that is above level for here. He has some good statistics and reports on some issues, but throwing around numbers and statistics does not mean that it can't be understood.



* Have to check by hand for any changes to files.
* No tools to check for "dictionary attack" vulnerability.
* Systems have to be reinstalled when merging domains. (Security ID is dependent on the currently installed copy of the system.)
* Microsoft sells an extra Firewall product.
* No easy way to check to see if a new user has logged in and changed their password (See below)
* There a literally hundreds of holes that allow any to create a Trojan horse without any special programming skills.(See below)
Man.. Whomever is writing this knows very very little about Windows. If the person that wrote this article spent more time trying to learn about windows than trying to bash windows they might realize their misconceptions are pretty funny.

First off, group policies gets rid of most of these issues.

You can Lophtcrack to check your password files.

filever is a tool that can check just about every property on a file and compare it to a file in a different location.. I use it pretty regularly when troubleshooting systems. I create a baseline off of a functioning lab machine and compare it to the machine in production. Makes for an easy way to find mismatched dll's and exe's..

You can very easily check if a person has changed their password. In fact I just wrote a script the other day that searched through the security log of 10 global catalog servers to determine where the login requests originated when an account is locked out. We have issues at work where people leave a session logged in and then change their passwords. I used only resource kit tools to write the script. It would only be a matter of looking for a different event code ID to find password changes instead of account lockouts. I can tell you the type of client that changed the password, the netbios name of the computer that was used, and I'm pretty sure I could get the IP either in the security log, or with a little bit of digging into the WINS database.

Hundred of holes? hehe... I think a standard linux distro has more holes than a standard win2k or 2k3 install.

The other post from this site was funny as well. No CLI in windows?? hehehe.. If you really believe these articles you need to do some of your own research into the help files on a window system. Or http://support.microsoft.com.