Re: AntiVirus for OpenVMS

From: Hoff Hoffman (hoff_at_hp.nospam)
Date: 08/19/03 

Date: Tue, 19 Aug 2003 15:42:22 GMT

In article <d0141774.0308190639.1d501415@posting.google.com>, issinoho@slayme.com (issinoho) writes:
:A client is being forced by its security chappies to (a) implement an
:AV solution on their VMS boxes, or (b) come up with some irrefutable
:reasons why this is not required.

  You will not find irrefutable reasons, and you and the "security chappies"
  will and must have a better knowledge of the local system security
  environment and local requirements.

:Can anyone point me as to the best advice I should be giving my client
:- my initial thought are that the negligible risk makes the cost of
:any work wholly unjustified.

  Please read the security manual. This is your client, after all, and
  thus you are the expect. Accordingly, you should already be familiar
  with OpenVMS management and with system security recommendations.

  If there are Microsoft Windows data or program files stored on OpenVMS,
  for instance, these can be infected -- the infection will not adversely
  affect OpenVMS itself or OpenVMS applications. (Sophos can scan for
  these infections.) Windows application or data files that can be found
  on an Advanced Server share can be infected, obviously.

  There have been a few worms for OpenVMS, though I've not seen one in some
  years now -- the recommendations in the OpenVMS security manual will
  typically lock these worms out, and OpenVMS tends to install itself with
  security enabled by default. I am not aware of any OpenVMS virus that
  is loose in the field, but these and trojan horses and worms are certainly
  conceptually possible.

  OpenVMS lacks one of the central infection distribution mechanism found
  in Microsoft Windows systems: Olé's ability to invoke arbitrary and
  untrusted code, either directly or from within what would normally be
  considered a data file. I regularly receive mail containing Windows
  virii, and to date have found none that can infect OpenVMS -- I will
  regularly open and decode the Windows virii mail messages I receive,
  just to see what new vermin is now loose in the wild.

  Most common vulnerabilities are internal, of course, and breaches of
  OpenVMS are more often caused by outdated patch levels or incorrect
  system security settings. In either case, the guidelines for running
  an NCSC Class C2 environment (in the security manual) can be very
  helpful -- logs, security settings, privileges, etc. I would concentrate
  on this area first and before I would look for virii -- assuming there
  are no Windows shares configured on the OpenVMS server or cluster, of
  course. (If there are shares, then these can be infected. But again,
  the infections are hazardous only to the overall system load of serving
  the files should the infection "get busy", and obviously to the Windows
  systems that are the target.)

  I will here discount discussions of other resources that can become
  infected -- infected Windows-based DNS servers, for instance, can be
  a real problem for any platform using the DNS server, whether or not
  the local platform itself is directly infected.

  There have been various discussions of virii on OpenVMS over the years.
  Please visit the newsgroup archives for details. Also please see the
  OpenVMS Frequently Asked Questions (FAQ) section entitled "Are there
  any known viruses for OpenVMS?" -- barring a secuity hole found within
  OpenVMS, and barring a (better) viral transmission mechanism within
  OpenVMS, there are other security-relevent issues that I would concern
  myself about (first).

 ---------------------------- #include <rtfaq.h> -----------------------------
    For additional, please see the OpenVMS FAQ -- www.hp.com/go/openvms/faq
 --------------------------- pure personal opinion ---------------------------
        Hoff (Stephen) Hoffman OpenVMS Engineering hoff[at]hp.com

Relevant Pages

  • Re: Warning. New Windows vulnerabilty.
    ... >security center warning by putting a popup in systray that says your ... >see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >>> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Re: Warning. New Windows vulnerabilty.
    ... security center warning by putting a popup in systray that says your ... see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • RE: Honeypot stats
    ... > Subject: Honeypot stats ... While I will certainly agree with the positioning of Windows lack of ... security, one also has to consider the fact that Red Hat has released ... OpenVMS - the secure, ...
    (comp.os.vms)
  • Re: How To Utterly Destroy The Security By Obscurity Myth
    ... actually understand security state that OS X is protected mainly by its ... enabled significantly longer than Windows has. ... Internet Explorer = a wide open door for infection ...
    (comp.sys.mac.advocacy)
  • Re: Honeypot stats
    ... > security problems, then the OS wasn't very secure in the first place". ... > Security and memory management protection where explained like this: ... > productivity software associated with Windows had not yet been ported to ... > OpenVMS, doing so would not have the same effect on OpenVMS that it does ...
    (comp.os.vms)