Security continued
Also don't forget users at the end who never or rarely update their systems.
This is really for me an open door for any good hacker, who want to test any security hole.
I take for example the last crisis with SQL Hammer.
I don't know if somehow it's possible to know some stats about sysadmin who really update and patch regularly their systems.
In my own company I have to play many times the firefighter, especially because we work with some 'sensitive' subject, schools and kids.
I admit I was not really proud about our security setup before I start here, but now we've implement some good fixes by adding some firewalls, but also an intrusion detection box, which don't work with IP.
To come back to the subject, I think many companies should look at their own security policies and stop blaming all the time Microsoft.
I am not going to enter the debate of pros and cons Microsoft, but at least they're doing something.