Listed as number 1 in SANS's top twenty most critical Internet security vulnerabilities affecting all systems [17] is:
Default installs of Operating Systems and applications
Most of the Operating System distributions offer user-friendly installation procedures and scripts whose main aim is to get the system up and running as fast as possible with the administrator having to perform least amount of work. These types of installation and setup need to cater for various end users and thus install much more software than needed in any particular case. From vendors' point of view it is always better to enable functions that are not needed than to make the user install additional functions separately. In the end, users are not even aware of all the software installed on their system and fail to maintain it and patch promptly as security threats are discovered. Furthermore, many system services and ``trusted'' programs run with coarse grained privileges that far exceed their actual requirements. A security flaw in any of these enables an attacker to gain superuser privileges.