Trevoke- I'll go ahead and answer for catch. The default installation of a system should not be used to measure how secure the system is. How secure the system is depends upon the toolset and methodologies that exist inside of the operating system to secure it. Windows, OS-X, and any linux distribution can be just as secure at installation as OpenBSD if the developers and people responsible for packaging the system felt like turning everything off by default. How a system installs only tells you how secure the system is at installation, absolutely nothing about the overall security of the system can be gained from how it installs.
That is not what Catch is looking at. Catch is looking at what is the security potential of the product, not how it is configured out of the box.
I also find it funny that the linux diehards have such beef with this idea. Afterall the number 1 issue that most people have with a does xxxx operating system suit my needs is most of the time the person writing the article doesn't know crap about that OS, but they never admit that. Catch has admitted that he is not knowledgable with linux and is basing this article on the responses that he gets from "experts." If anything I think the final product will be very good as you will get his standpoint, and the standpoint of people that feel linux can be made very secure.
However, I think it will also be interesting as Catch has already stated he is seeing a wide range of answers. And in trusted computing you can't have a do it this way, this way, or this way, they all work the same, type of answer. You need best practices, and I think that is what he might uncover is that there are not best practices for doing more robust securing inside of linux. You have a lot of different people, who all do it different ways, with no idea of what is really the best way to do it.
