Evo7,

You say:

"(a) All this functionality is built in to Windows (and much more to come) without any of the safeguards that UNIX provides to stop it being abused."

I think you may have misunderstood Steve Gibson's claim about the functionality Microsoft has added to Windows 2000 and XP... sure they're changing the API at the winsock level, but this doesn't compromise the machine any more than any other IP-enabled Operating System. Previous Win32 O/S's could be compromised by writing the virus/trojan to talk "below" the winsock layer, thus masking the source address that way. Secondly, ALL Unix operating systems implement the "full" version of the sockets API and have therefore been available for years to this type of attack.


"(b) 99+% of people treat their PC as no more complex than a toaster and never bother to understand what it does."

You're absolutely correct - unfortunately. However, it should be the joint responsibility of the PC manufacturer, the operating system supplier and the ISP to ensure that 99+% of people are secure in an "off-the-shelf" deployment.


(c) The ISP's don't seem to give a damn.

Again quite true, unfortunately.


(d) Always-on ADSL is just around the corner...

It's already here -- I'm currently writing this via a Freeserve ADSL connection. However, I do have the knowledge and resources to secure my PC (actually two of them connected via private IP addresses).


I was trying to think of a good analogy... the first one that sprung to mind was buying a car: you wouldn't expect to have to go to numerous 3rd party vendors to make the car safe -- it comes crash-tested with seatbelts, airbags, etc, etc. I think the PC industry has a lot of catching up to do in this respect.