Re: How to turn linux into VMS - memory refresher for Dave ...
david20_at_alpha2.mdx.ac.uk
Date: 04/27/04
- Next message: bArtMAnBarTManbaRtMaN: "Re: The JF MEZEI FAQ - Revised and Updated!"
- Previous message: Paul Sture: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- In reply to: glen herrmannsfeldt: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- Next in thread: jlsue: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 27 Apr 2004 17:42:04 +0000 (UTC)
In article <3Mjjc.44885$_L6.3266546@attbi_s53>, glen herrmannsfeldt <gah@ugcs.caltech.edu> writes:
>Main, Kerry wrote:
>
>(I wrote)
>
>>>There is a very good reason that VMS is not attacked by worms, and it
>>>doesn't have at all to do with VMS security.
>
>(snip)
>>>I believe that Windows and Solaris are still the popular web servers,
>>>and so are favorites for worm attacks. The statistics are against
>>>almost every other OS. Unless VMS becomes popular as a web server,
>>>there isn't much reason for worm writers to try.
>
>>>This reminds me of the story about being chased by a bear.
>>>You don't have to run faster than the bear, you only need
>>>to run faster than the person next to you.
>
>> I have to disagree to a certain degree.
>
>> While there is certainly an element of truth to this, the reality is
>> that the virus and hackers will typically migrate to the path of least
>> resistance. Why spend huge amounts of time to find out that you still
>> need to find a way to get elevated priv's on an OpenVMS server before
>> you can do any damage?
>
>Why spend all that time when there are so few OpenVMS servers
>compared to Solaris or W2K servers?
>
>> On other platforms, getting elevated priv's has proven to be a whole lot
>> easier, hence the number of events in the press.
>
>A trojan could probably get through. If OpenVMS were as popular
>as windows, and enough freeware were passed around. It might be
>that OpenVMS users are better at not running with excess privilege
>levels. People are getting better at running unix systems where
>server programs don't run root unless absolutely necessary, unlike
>they used to be.
>
By definition any system is vulnerable to Trojans.
User's running trojans on VMS aren't too bad since generally they will not have
privileges and there will not be any way for them to gain privileges.
Hence the worst they can do is affect their own files.
(Unfortunately on Unix systems local exploits which elevate users to root
are still far too common).
Privileged users on VMS or Unix running Trojans will compromise security on
those systems. Hopefully anyone in those positions will try to guard against
that eventuality.
>> This "it depends on volume" argument does not hold water as Apache is by
>> far more widely used Web Server on the Internet, but I would be willing
>> to bet that there are far more security patches for IIS than there are
>> for Apache.
>
>The ones I know of attack other services that are usually run
>on those systems. OS/2 is probably not so hard to break, and
>I have never heard of an OS/2 virus.
>
>I am not saying that the protection isn't there, only that the
>gain is not enough to make it worthwhile to attack compared to
>other systems. Many of them work on randomly selecting IP
>addresses, and so would spread very slowly attacking OpenVMS.
>
David Webb
VMS and Unix team leader
CCSS
Middlesex University
>-- glen
>
- Next message: bArtMAnBarTManbaRtMaN: "Re: The JF MEZEI FAQ - Revised and Updated!"
- Previous message: Paul Sture: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- In reply to: glen herrmannsfeldt: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- Next in thread: jlsue: "Re: How to turn linux into VMS - memory refresher for Dave ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
