As Thomas' statement shows, the real problem is that the avarage user still is not aware of the security issues. SuSE wants to sell their distribution so they have to sell what their customers want and that is usability, not security. If the attitude of the customers will change one day (which might - after all - happen, as the last months have shown), a "more secure" tradeoff between security and usability is feasable, but probably not now. In my opinion this is very very sad but it is the facts. So do not blame SuSE, try to raise security awareness among the users! (As Thomas said: They cannot ship brain with SuSE.)
i've been following this discussion and i agree with both sides of the argument. however, the question is what is the easiest way to educate the users and make them aware of the choices that they are choosing during the installation of the operating system. currently we have a situation where the user can select the 'style' of installation that they choose when they perform the installation (all, minimal, server etc etc), but it might help raise the user awareness of what is being installed if there was a _short_ readme linked into each of the installations that would detail what issues are connected with the installation and what would actually be installed by default. in this way the newbies could make a more 'educated' guess as to which installation they want and would be less surprised when somebody exploits a service that they where already running (without their knowledge). this would also help to introduce the newcomers to linux that they are actually running an OS that does have a network presence and which can be used (and abused) by other computers without your knowledge. most of this discussion boils down to education and the best point for education is at the install point (especially relevant after all the discussions concerning default passwords for SQL server on slashdot recently). just my 0.02 euros. Alex