>Well yes, that is a possibiity. But then with Linux, using dip, you can set
>I'm mainly trying to disuade people from hardcoding passwords into dial-up
>scripts. I don't want someone walking up to a user's PC and clicking on an
>icon and 2 minutes later being connected to my network. The obvious way is
>not to have the same password each time.
In theory I agree. In practise, if I can eliminate the threat from everyone
who does not have physical access to the box, I have done a Good Thing and
have a much smaller threat to work on that can be handled physically rather
that electronically. Perfect security is rarely achievable and almost never
The role of the security policy is to determine what is necessary and to
provide authority to do it.
ps My FreeWare anti-virus software just handles low-level (MBR - boot sector)
viruses. Some have asked why it does not go after all viruses. My feeling
is to eliminate what is easy (and causes the most infections) first, then
go after the rest.