Operating System - OpenVMS
1747984 Members
4741 Online
108756 Solutions
New Discussion юеВ

Re: OpenVMS Security merits etc.

 
Brian Reiter
Valued Contributor

OpenVMS Security merits etc.

Hi Folks,

Just a quick request for help and information. Like many companies we're trying to persuade our clients to remain with OpenVMS rather than a migration to Windows. We've tried migrations in the past and as a rule it takes too long, the only benefits tend to be that the hardware is cheaper (but fails more frequently).

Anyway, security of the systems has again raised its head, and I'm just wondering if anybody has come across articles detailing the security/management aspects of the follows OSes. (I've been asked to produce a quick report on the OSes currently in use and I don't have the time at the mo' for a full scale internet browsing session)

OpenVMS (I know about this bit)
AIX Unix
LINUS
Windows (XP/Server)

I know I may get a slightly biased view :) from this forum but any links to articles/papers would be appreciated.

thanks for your help

Brian
8 REPLIES 8
Antoniov.
Honored Contributor

Re: OpenVMS Security merits etc.

Brian,
I remember another thread about this argoument http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=555089

Perhaps can help you ?

Antonio Vigliotti
Antonio Maria Vigliotti
Brian Reiter
Valued Contributor

Re: OpenVMS Security merits etc.

More interested in security info on all 4 platforms. I've just read John Wisniewski's security for OpenVMS presentation (well worth it), which covers most of what I wanted to know for VMS.

cheers

Brian
Ian Miller.
Honored Contributor
Keith Cayemberg
Trusted Contributor

Re: OpenVMS Security merits etc.


Here are a few more articles with statements concerning the security of Operating Systems other than OpenVMS.


Lead Windows developer bugged by security
http://www.nwfusion.com/news/2002/0905valen.html
Linux is favourite hacker target: Study - Globetechnology
http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/
Microsoft cerebrates fifteen years of poor security
http://www.theinquirer.net/?article=11108
Microsoft software 'riddled with vulnerabilities', trade body claims
http://www.theinquirer.net/?article=11249
MS: Secure computing is still a decade away
http://reviews-zdnet.com.com/4520-7297_16-4207833.html
Next-Generation Win32 exploits: fundamental API flaws
http://security.tombom.co.uk/shatter.html
Nimda Worm Shows You Can't Always Patch Fast Enough
http://www.gartner.com/DisplayDocument?doc_cd=101034
Reliance On Microsoft Danger To National Security
http://www.techweb.com/wire/story/TWB20030924S0008
Software vulnerabilities still dog operating systems
http://www.theinquirer.net/?article=13420
Would the real insecure OS please stand up?
http://arstechnica.com/news/posts/20021127-882.html

The discourse "Next-Generation Win32 exploits: fundamental API flaws" also known as The Shatter Exploit Paper is especially damning of Windows. Essentially, it states that the Win32 API has an inherently flawed design with regard to security, and this design can't be corrected without making all Win32 API based applications incompatible and obsolete.

Cheers!

Keith Cayemberg



Keith Cayemberg
Consultant
Wipro Technologies
Martin P.J. Zinser
Honored Contributor

Re: OpenVMS Security merits etc.

Hi Brian,

if security also encompasses "How often do I have to patch the system" the new TCO study comparing VMS and AIX might be of interest.

It is over at

http://h71000.www7.hp.com/news/tco.html

Greetings, Martin
Brian Reiter
Valued Contributor

Re: OpenVMS Security merits etc.

Hi Folks,

Thanks for your help. At least now we can give some very good reasons for not wanting to migrate important and vital system to a Windows platform. It may still happen but at least we aren't rolling over and agreeing with the client (and their possee of consultants).


regards

Brian
Robert Gezelter
Honored Contributor

Re: OpenVMS Security merits etc.

Brian,

The whitepapers already mentioned are a good start.

Another point would be my presentation at HPWORLD 2004 on managing user environments at
http://www.rlgsc.com/hpworld/2004/n227.html.

See the reports written by the late John Wisniewski of the (unsuccessful) DEFCON 9 cracking attempts against OpenVMS.

Also, see some of my published articles on OpenVMS.org.

I hope that the above is useful.

- Bob Gezelter, http://www.rlgsc.com