Secure by Default

The goal of “secure by default” is to make the default configurations of products more resistant to attack.

To accomplish this, software must install in its most secure configuration and remain in that state until the user or administrator actively loosens it. For example, if a product is secure by default, the product is “locked down” when installation completes, meaning that only the minimum features are available, and any additional features require administrator authentication before they can be installed or activated.

What Is Microsoft Doing?

Features in Microsoft products were designed to be discoverable rather than secure by default. Microsoft would install and activate many of the features in a product to make it easy for a user or administrator to find and use them, even if they might never need them.

For example, when Windows 2000 Server was installed, it automatically installed the bundled Internet Information Services (IIS) Web server, and automatically configured IIS to support Internet Services API (ISAPI) extensions, which provide the ability to program the Web server to create dynamic Web pages, Web applications, or Web services. As a consequence, the Internet Printing Protocol (IPP) ISAPI extension, which enables printing from the Internet, was up and running on all Windows servers with IIS unless the administrator disabled the extension. Typically, administrators did not realize that IIS printing was even an option and left this feature enabled, waiting for a print job to process.