Re: Cerner hopefully is using Zotob to show why hospitals should run VMS! VMS! VMS!

From: Larry Kilgallen (Kilgallen_at_SpamCop.net)
Date: 08/25/05 

Date: 24 Aug 2005 21:34:00 -0500

In article <430ce096$0$67255$157c6196@dreader2.cybercity.dk>, "Dr. Dweeb" <NOSPAM_5msg0h202@sneakemail.com> writes:
> Z wrote:
>> bob@instantwhip.com wrote:
>>> you can on vms because vms doesn't get viruses ...
>>
>> Says who?
>
> I believe that about 15 years ago someone demonstrated the feasibility of
> developing a VMS virus, but I was not at that DECUS so I do not recall
> details, just second hand references.

It was written by Andy Goldstein (VMS Development Security Guru) and
it infected a particular (known) DCL Application. The purpose of the
demonstration was to show how Mandatory Access Controls prevented the
virus from being effective.

> However, in general, it is probably correct to say that VMS does not get
> vira - reasons a plenty, but technical skill of virus writers and lack of
> targets would be two good reasons, plus the general technical problem of
> actually getting the things to execute in a mode that could cause damage.

The standard statement is that there are no _known_ VMS viruses in the
wild.

When your management comes to you with NIST 800-53 Control SI-3 asking
for virus scanning of your VMS executables, point out that the way
virus scanning works for Microsoft systems is to look for known virus
patterns. Tell them you are prepared to do that on VMS as soon as
they provide you with a known VMS virus to scan for.

Relevant Pages