Re: Is VMS losing the Financial Sector, also?

In article <Qwmji.3514$Np2.127@trnddc07>,
John Santos <john@xxxxxxx> writes:
Bill Gunshannon wrote:
In article <468ce6ad@xxxxxxxxxxxx>,
Mark Berryman <mark@xxxxxxxxxxxxxxxx> writes:

Bill Gunshannon wrote:

In article <FA60F2C4B72A584DBFC6091F6A2B86840250A3EF@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"Main, Kerry" <Kerry.Main@xxxxxx> writes:

-----Original Message-----
From: bill@xxxxxxxxxxx [mailto:bill@xxxxxxxxxxx]
On Behalf Of Bill Gunshannon
Sent: July 5, 2007 12:43 PM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: Is VMS losing the Financial Sector, also?
=20
In article <90d24$468d09bd$cef8887a$5386@xxxxxxxxxxxx>,
JF Mezei <jfmezei.spamnot@xxxxxxxxxxxxx> writes:

Mr Main, with ragards to your patches issue.

In the late 1990s, the weenies would convince management to

deploy

Windows because it was a lot cheaper, there were a lot more

available

staff and it had an assured future. When asked if there was a

virus

problem, the answer would inevitably be "we'll set it up properly

and it

won't affect us".

By the time they got hit with I LOVE YOU or some other

debilitating

event, their deployment of windows was so entrenched that it was
impossible to change to a real OS so thet learned to live with it

and

try to minimise the damage.

Your story of Vista switching back to VMS because of a windows

virus is

very good, but unfortunatly rare.

=20
And probably not the whole (or even the real) story as what people
use
Vista for can not be done on VMS. Vista is a desktop operating
system,
not a server operating system.
=20
bill
=20

Bill...

mmm.. you missed the point.

The earlier URL points to a company called VISTA that packages or uses a
mission critical software package called SCADA on a number of platforms.
One of their Customers was running Windows Server and was down for 2
days because of a nasty virus. Subsequently, they have since switched to
OpenVMS on Integrity and by the report, the migration went very well.

Absolutely zero to do with client stuff.

OK, sorry. When one uses the terms "Vista" and Windows in the same
paragraph today certain assumptions are bound to be made. So then,
this just goes back to the original argument about someone was doing
with a servert hat allowed it to come in contact with a virus!! If
the VMS system is managed as badly as the Windows system obviously
was they are bound to have problems even with VMS. Not necessarily
the same problems, but problems and possibly security problems. No
OS is immune from the effects of incompetent sys admins.

If I read you correctly you seem to be claiming that only incompetently
managed Windows systems get infected. If so, you are far from correct.
There are many documented cases of systems being hacked and/or
infected even though they were up to date on patches and running current
antivirus software (as well as other protections).


There is a lot more to admining any system than just that. Starting
with a proper config.


Look up the impact
of almost any zero-day exploit to name just one example.


I don't have to all I have to do is look at systems that are not being
hacked/zombied/infected. A properly admined IT system, no matter what
the OS, is going to be stable, secure and usefull. The reciprical also
applies, no matter what the OS.

The fact that the news is loaded with cases of systems being hacked only
points out the fact that with the proliferation of IT systems has come
a dearth of competent sysadmins. Just because you admined the 2 PC's in
your high school library when you were a sophmore doesn't make you a
sysadmin. Any more than the fact that you ran a web site on Linux
out of your dad's garage during the dot-com boom made you an "IT
Professional". Maybe, in the name of true investigative reporting,
the journals running these aryicles should also publish the credentials
of the parties responsible for maintaining the systems. Oh wait, if
we did that we would have to stop bashing Windows, Unix. Can't have
that now, can we.....

bill


If competent administration is all that is needed to prevent a system from
being hijacked, then why do you need *any* antivirus software at all?

And why do you *ever* need to apply any patches?



So, what, is everything mutually exclusive here? Using anti-virus
software (are you aware that you should actually be using at least
two different anti-virus prodicts?) and applying patches (as needed
based on your system and operational necessity) is part of being a
competent sys admin.










The answer, of course, is that a system exposed to a virus or an unpatched
exploit can get hacked anyway, no matter how competent the administrator.

Well, being as we are talking server boxes and not desktops, a competent
sysadmin doesn read email or surf the web with the server box which would
eliminate pretty much all the standard attack vectors. Which comes back
the Los Alamos story. Just how did the server get exposed to the virus?

Keeping up on patches and A/V is part of the job of the administrator.

Of course it is. But that doesn't mean installing every patch wether it
applies to your system or not or applying it the second you hear it exists.
It is the sys admins job to decide the impact and then decide when and even
if the patch is an operational necessity. For example, if my server does
not need to serve up webpages I certainly wouldn't install the IIS component
on it. So then, why would I apply IIS patches?


But there is a race condition. What if the bad guy attacks before the
O/S vendor knows about the exploit,

Not knowing "the expolit" this question can obviously not be answered.
Of course, what if a meteor hits your data center and lands right on
top of your prime server? I try no tot loose sleep over things over
which I have no control.

or the A/V vendor designs, implements
and distributes a test for it?

If you don;t let your servers access the known virus vectors this is a
non-problem.

Then you're up the creek. What are the
chances of this happening? Obviously, the more viruses and serious O/S
bugs, the greater the odds.

Well, the virus ones are easy to avoid, as I (and others) have repeatedly
pointed out. The others take a much more complete scheme but can be avoided
as well.

bill


--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
bill@xxxxxxxxxxxxxxx | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
.

Relevant Pages

  • Re: F$UNIQUE library function
    ... Windows 3.1 was current and W/95 and W/NT were waiting in the wings. ... well Win 3.1 and 98 were never server OSes in the first place. ... Unix and everything else not VMS, no surprise they base their understanding ...
    (comp.os.vms)
  • Re: Banana Republic (was Re: OpenVMS Book Wins award)
    ... HP/VMS sees nothing wrong with prohibiting the run-time discovery of clients ... island that is VMS? ... Adobe/Flex also with long-term TCP/IP Socket support is standardizing ... Execution Server Processes re-usable on a transactional basis ...
    (comp.os.vms)
  • Re: Quo vadis Galaxy or VMS (a bit rambling)
    ... Generally VMS is a different kind of animal ... >>I wonder if Galaxy is still seen as where future systems will ... > shrink unless a different model that the one-app, one server model ... > Stacking and OS Stacking. ...
    (comp.os.vms)
  • Re: Walk a mile in their thongs (Oz footware - if some find the imagery disturbing :-)
    ... There is a server having an SOAP API/interface ... You'd like your VMS server to act as a client ... Tier3 can't talk SOAP, XML/RPC, Java RMI, CORBA, or Swahili either. ... If gSOAP on VMS were to be restricted to client-only then maybe it'd go ...
    (comp.os.vms)
  • Re: Announcing: gSoap for OpenVMS blog
    ... I realy do not see why I should bother at all, ... services from your own VMS system? ... and yet I've implemented a very effective (although still crap) ... Which part of that requirement involved a new HTTP Web Server eh? ...
    (comp.os.vms)