Is OpenVMS the most secure/stable OS around?

ngoht20 · ‎02-02-2007

Or is this just an old myth by system administrators?

I have read many articles that OpenVMS is so secure and stable that its used in many robust mission critical databases.

I dont know so I will ask the experts here.

Robert Gezelter · ‎02-02-2007

ngoht20,

By many measures, OpenVMS is considered one of, if not the most, secure and stable OS platforms on the market.

The reasons for this are many. Some of them are architectural, and some of them are due to the nature of the team that implemented the product.

One easy to grasp example is the use of descriptors for strings and similar structures rather than the "C"ism of zero terminated strings. Thus, the cases of "buffer overflow" problems on OpenVMS have been mostly cases of code in an ancilliary application that was ported from another platform.

Another example is the use of privilege. There is a fine granularity of privilege on OpenVMS, which allows privileges to be doled out on a finely controlled basis. Many other systems either have a single privilege bit, or a culture that requires high level privileges for many things.

Another key concept is that OpenVMS security is designed for the most complex case from the beginning, and then can be scaled down in simpler situations. Many other security paradigms were designed for simple cases, and extended when the environment became more complex. Extended designs often have problems, and these security schemes are no exception.

This information is covered in more detail in Chapter 128 "OpenVMS Security" in the Handbook of Information Security, Volume II (Hossein Bidgoli, Ed., Wiley, 2006). The summary and brochure for this chapter are available online at http://www.rlgsc.com/hinfosec/hinfosec.html [I will admit that I wrote the chapter].

I hope that the above is helpful.

- Bob Gezelter, http://www.rlgsc.com
- Bob Gezelter, http://www.rlgsc.com

Jan van den Ende · ‎02-02-2007

ngoht20,

Some time ago, in a COV discussion about VMS vs Unix security, Keith Cayemberg, an __IBM__ engeneer gave a summary of reasons WHY VMS is so much more secure.
I liked the compactness and reasonibg, so I still have it.

Don't rust yours pelled jacker to fine doll missed aches.

Jan van den Ende · ‎02-02-2007

Oops, I hit "Summit" too quickly.

Another demonstration of the security was the Defcon-9 hackers conference. VMS proved to be so "cool & unhackable", that for next defcons they changed the rules and VMS was not allowed to enter again, because that would not be fun.
Google "defcon 9" for various stories about it.

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

Robert Gezelter · ‎02-02-2007

Jan,

Perhaps a link to the COV posting to which you refer would be appropriate?

- Bob Gezelter, http://www.rlgsc.com

Jan van den Ende · ‎02-02-2007

Okay Bob,

This should lead to the whole context of that discussion as well. It is rather a flame-war, but..

http://groups.google.com/group/comp.os.vms/browse_frm/thread/fc80a3ae19220c44/239fd44ffb5c7866?lnk=gst&q=%22keith+cayemberg%22+%26+DESCRIPTOR-based+&rnum=6&hl=en#239fd44ffb5c7866

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

ngoht20 · ‎02-03-2007

Some people think that the DEFCON 9 OpenVMS team had its OpenVMS systems installed with a security software rather than just having the OS exposed to security threats by default.

Robert Gezelter · ‎02-03-2007

ngoht20,

My recollection of the description of the system was that it did not have any special security software installed.

I will attempt to find the report of the DEFCON 9 episode and post the link later.

- Bob Gezelter, http://www.rlgsc.com

ngoht20 · ‎02-03-2007

Great PLEASE!!!!! In the meantime I will Google for some info myself on it.

I would appreciate it.

I thought the team were using a security software to enhance the OS's security feature...

Ian Miller. · ‎02-03-2007

VMS has security designed in not patched on afterwards.

Here are some references

Buffer Overflow (near) Immunity in OpenVMS - Google
http://groups.google.com/groups?selm=3C23EA72.48874137%40gce.com&oe=I... <>

What you should know about HP OpenVMS and Malicious Code - Google
http://groups.google.com/groups?selm=3f43d8fe%241%40usenet01.boi.hp.com

OpenVMS among most-secure of operating systems
http://www.openvms.org/stories.php?story=04/01/09/3843093

Hackers attempting BO in Installed Priv. SW - failed!
ftp://dahmer.vistech.net/upper-deck/octogens-bo-notes.txt

Maximum Security -- Ch 19 -- VAX/VMS
http://www.ods.com.ua/win/eng/security/Max_Security/ch19/ch19.phtml

OpenVMS HACK FAQ - html -- at a well-known OpenVMS Hacker Hangout.
http://vmsbox.cjb.net/VMS/vmsHackFAQ.txt

Hackin' it old school with VMS - Tutorial
http://neworder.box.sk/newsread.php?newsid=5424

Gordon Bell's CyberMuseum for Digital Equipment Corp (DEC)
http://research.microsoft.com/~gbell/Digital/DECMuseum.htm <>

PDP11 Architectural Enhancement Strategy
http://research.microsoft.com/~gbell/Digital/PDP11_Arch_Enhance_Strat... <>Enhance_Strategy_75.pdf>

VAX Strategy c1979.pdf (application/pdf Object)
http://research.microsoft.com/~gbell/Digital/VAX%20Strategy%20c1979.pdf <>tegy%20c1979.pdf>

20th anniversary of OpenVMS - OpenVMS at 20 Nothing Stops it (pdf 2.5MB)
http://h71000.www7.hp.com/openvms/20th/vmsbook.pdf

25th anniversary of OpenVMS
http://h71000.www7.hp.com/openvms/25th/index.html

____________________
Purely Personal Opinion

Ian Miller. · ‎02-03-2007

and for VMS at DEFCON the report from one who was there is at

http://www.vmsone.com/~opcom/defcon9.htm

____________________
Purely Personal Opinion

Ian Miller. · ‎02-03-2007

HP white papers

Achieving the highest levels of IT security with HP OpenVMS
http://h71028.www7.hp.com/ERC/downloads/4AA0-2896ENW.pdf

Are some RISC-Based Clusters More Secure Than Others?
http://h71000.www7.hp.com/openvms/whitepapers/TCS_2004.pdf

Enough references yet? - I can go on :-)

____________________
Purely Personal Opinion

ngoht20 · ‎02-03-2007

Ian Miller,

Thanks but I had already read that article...

And many many thanks to the great links above also...

ngoht20 · ‎02-03-2007

So in conclusion to my thread topic here, would most people say that OpemVMS is the most or one of the most secure and stable opetating systems out there?

John Travell · ‎02-03-2007

Reference DEFcon 9, YES, the VMS box there DID have some security related software in use, BUT...
The point that some people seem to miss is that this was security MONITORING software.
As I understand it, the PointSecure application in use will highlight any insecurities you may have introduced into the system (file protections, insecure passwords, etc,) but does NOTHING of itself to actually ENHANCE the built in security that VMS provides.
JT:

John Travell · ‎02-03-2007

Sorry, I missed your last comment.
> So in conclusion to my thread topic here, would most people say that
> OpenVMS is the most or one of the most secure and stable operating
> systems out there?

Absolutely, YES. In truth, what else is there to compete ?
Certainly nothing from Microsoft. I doubt that any variant of Unix even comes close enough to truly be in the same game, even with all of the bolt-on security extras, let alone out of the box...

JT: (Self confessed VMS bigot)

Anton van Ruitenbeek · ‎02-05-2007

ngoht20,

The only OS what is more secure is a not working system. This is nonbreakable and you can not login.
The next level of security is a system, not connected to any netwerk.
But OpenVMS is the far most secure system you can get connected to the netwerk. If you can not get to the box, you cant get in. Period !
But ofcourse, anything stands with the security of the persons who are using and configuring it.
I know sites who are using OpenVMS for security but don't know how to configure.
Whitout using SecureOpenVMS and follow the correct lines of common sence it is more secure then any other OS can come in the future. And ofcourse, this is plain out of the box and fully documented whithin OpenVMS itself. As whe say in our country: FREE .

As earlier mentioned, OpenVMS is written for security and not as all the other OS's written for speed and patched security somewhere in it. Or you can buy some of these features for these OS's to let the manager think it's save.

AvR

NL: Meten is weten, maar je moet weten hoe te meten! - UK: Measuremets is knowledge, but you need to know how to measure !

Peter Quodling · ‎02-05-2007

The traditional reference point for security rating of systems used to be the US Department of Defense NCSC (NAtional Computer Security Council) Orange Book (Trusted Computer system Evaluation Criteria) (wiki it..)

It referred to multiple levels From the Basic D, through C2, and C1 where VMS and a few others sat, then to B3, B2 and B1 - a Secure Version of VMS (SEVMS) was released as a B1 product.

There was also a working prototype of an A1 system in ZKO in the early 90's. (That's 15 years ago, buckos).

This has been superceded by the "common Criteria", but I think HP don't bother with that anymore...

(I used to use OpenVMS Alpha workstations as firewalls. Left most of the unix solutions for dead...

As for stability. Call your local HP Office. Tell them that you want a five nines or 6 nines (99.999 or 99.9999% uptime) solution. They will get a VMS Specialist to talk to you. There are anecdotal stories at a Decus conference some years back of a vax-750 that had been running for 14 years without a crash, or any other failure...

Leave the Money on the Fridge.

Jan van den Ende · ‎02-05-2007

Peter wrote a.o.

>>>
As for stability. Call your local HP Office. Tell them that you want a five nines or 6 nines (99.999 or 99.9999% uptime) solution. They will get a VMS Specialist to talk to you. There are anecdotal stories at a Decus conference some years back of a vax-750 that had been running for 14 years without a crash, or any other failure...
<<<

well, we are not there yet, but maybe we still make a decent example as well:

f$getsyi("cluster_ftime") = 13-apr-1997 11:35:50

Which means, in two months time we will celebrate 10 year uninterrupted uptime.

fwiw,

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

Jerry Eckert · ‎02-06-2007

************
f$getsyi("cluster_ftime") = 13-apr-1997 11:35:50

Which means, in two months time we will celebrate 10 year uninterrupted uptime.
************

Our clusters haven't been up 10 years, but one just passed 5 years (20-Jan-2002) and another has been up since 21-Oct-2003. We have a standalone VAX 4105A that was last booted on 27-Sep-2001 -- 1958 days ago.

Honeywell's Multics is the only operating system I have used that was more secure than OpenVMS. It was the only commercially available system I am aware of that the U.S. Government certified for concurrent use by users at multiple security levels (Secret, Top Secret, etc.).

One interesting concept in Multics was that all "privileges" were controlled by access to the programs which implemented the privileged functions -- users or processes did not hold any privilege rights, per se. One could tell exactly who had access to any function by looking at the ACL on the program that performed that function.

There were 8 access levels (called rings): two privileged rings used by the system, two intermediate privilege rings that applications could use, the normal ring, and three less privileged rings that could be used for user-implemented limited subsystems. Data files as well as executable code had rings associated with them. Each file had three values that controlled which rings could read, write, and execute the data. This scheme protected sensitive data from being manipulated by untrusted users and also protected privileged code from untrusted data.

One example of the simplicity and flexibility of this scheme was the mail system. The mail data files were protected such that ring 4 (user mode) had read access; access to ring 3 was required to write the files. The only way for a user to execute in ring 3 was to run the mail utility, which had gates from ring 4 to ring 3 from the privileged routines.

To debug the code, the test mail files were created to allow both read and write access in ring 4. The gates were simply transfer vectors used to ensure that control was passed to the potentially privileged code at defined entry points; the target ring was determined by an external attribute of the file, and thus could be changed without modifying the code. Thus, the same code could be used for non-privileged testing or privileged production use with no modifications.

Wim Van den Wyngaert · ‎02-06-2007

http://en.wikipedia.org/wiki/Multics

Wim

Jan van den Ende · ‎02-06-2007

Jerry wrote (about Multics)

>>>
One interesting concept in Multics was that all "privileges" were controlled by access to the programs which implemented the privileged functions -- users or processes did not hold any privilege rights, per se.
<<<

Well, interesting about VMS is, if you want/need that, it _IS_ available, by the Protected Subsystem mechanism.

- enable a device to hold Protected Subsystems. Place ant relevant images on that drive.
- set up (some) subsystem identifier(s) in RIGHTSLIST
- associate the relevant subsystem identifier with the relevant image(s).
- allow relevant access to the relevant data only by way of the subsystem identifier.

Now the data can ONLY be accessed by users running an image that has the subsystem ident.
Of course, access to the image(s) should be under control of the "standard" access schemes, using protection mask and/or ACL acces control.

I have not often encounter Protected Subsystems "in the wild:, though. But if you need it, it is just there in standard VMS. No extra software, no extra licenses. Just set it up and use it.

hth

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

Sebastian Bazley · ‎02-07-2007

Slightly off-topic, but:

I believe some of the early Burroughs machines had a hardware feature that detected whether memory had been initialised or not. They used a special bit pattern that was not otherwise valid, so applications would fault if they read from memory that had not been set up.

This used a word with only the 1st (sign) bit set (i.e. the max negative number)

Jon Pinkley · ‎03-11-2007

This question is a bit like asking an xyz salesman: "Is the xyz the best/more reliable around?"

Asking here is likely to get you a different answer than asking in an OpenBSD or a Windows forum.

Security has been a design goal of VMS from early days, due in part to its wide use by government contractors working on military projects. However, at least in the US, all "secret" processing still had to be done in physically secured rooms with no network connections to the outside. This was true in 1995, I assume it is still true today.

There are other operating systems that have design goals of being secure, especially against remote exploits, for example OpenBSD. http://www.openbsd.org/security.html

OpenBSD has the problem of being based on unix, and the need to be compatible with the expectations of unix programs, and the use of the C language and the ease of unintentionally writing programs that are vulnerable to buffer overflow attacks. However, they have done a lot to mitigate these issues, for example, see http://www.openbsd.org/papers/ven05-deraadt/index.html

I do feel that VMS has suffered some from NIH (Not Invented Here) syndrome, perhaps with the exception of the recent move toward writing new code in C (I am not convinced this is a good thing from a security standpoint). However, because VMS doesn't run on any commonly used architecture (and yes, I include I64 in the uncommonly used set), it is therefore resistant to exploits aimed at the x86 instruction set.

VMS is not the cheapest platform to run on, yet there are still many industries where security and reliability (stability) are important, that continue to use VMS.

I think statements claiming current VMS is more secure than any future other O/S are only someone's opinion, just as this statement is.

p.s. Please have the courtesy of assigning points to people that help you.

it depends

comarow · ‎03-12-2007

Many places have attempted to move from VMS, wanting to go with what some IT officer reads about in the trade journals. They then find
they bought some cheaper hardware, and they go from where downtime is an incredibly rare event, and a few people can easily manage many thousands of users, to reboots, and needing an army of people to maintain it.

Then we have the waste of CPU, energy, management of having a gazillion systems all running the operating systems. With a VMS cluster, you can have 1 disk running the operating system (shadowed for reliability), and a few systems supporting many many thousands of users.

With a gazillion PCs, each one is running the OS. Each one subject to problems and needing to be managed. The waste is obvious.

Then we come back to the file system. Numerous systems can cluster and share a file system, with file locking at the record level built into the operating system/file system. Show me another OS that does that. Oracle 9i added that to it's product by emulating VMS.

Finally, we have the fact that the hackers coming from the universities don't know how to get into the thing. It's considered unhackable.

Now the big hole. By default, passwords are sent over the network in plain text, but there are protections one can add.

Have fun

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Is OpenVMS the most secure/stable OS around?

Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?

Re: Is OpenVMS the most secure/stable OS around?