Happy 10 years of continuous virus free computing on OpenVMS alpha7.1 - VMS

This is a discussion on Happy 10 years of continuous virus free computing on OpenVMS alpha7.1 - VMS ; how many other OS's can claim that? well we can can on OpenVMS 7.1 and we have another 4 years planned on it ......

+ Reply to Thread
Results 1 to 15 of 15

Thread: Happy 10 years of continuous virus free computing on OpenVMS alpha7.1

  1. Happy 10 years of continuous virus free computing on OpenVMS alpha7.1

    how many other OS's can claim that?

    well we can can on OpenVMS 7.1

    and we have another 4 years planned on it ...


  2. Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1


    wrote in message
    news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com...
    > how many other OS's can claim that?
    >
    > well we can can on OpenVMS 7.1
    >
    > and we have another 4 years planned on it ...
    >


    I suspect this might cause some debate, but frankly I don't think this
    proves anything other than that malware authors do not see VMS as a
    worthwhile target, because they would profit very little from attacking it.
    Don't get me wrong, though, I love VMS.

    Regards

    Rob



  3. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    ultradwc@gmail.com schrieb:
    > how many other OS's can claim that?


    almost any non-Windoze OS,
    so what's the point ?


  4. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    On Jun 9, 4:52 pm, "Robert Jarratt" wrote:
    > wrote in message
    >
    > news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com...
    >
    > > how many other OS's can claim that?

    >
    > > well we can can on OpenVMS 7.1

    >
    > > and we have another 4 years planned on it ...

    >
    > I suspect this might cause some debate, but frankly I don't think this
    > proves anything other than that malware authors do not see VMS as a
    > worthwhile target, because they would profit very little from attacking it.
    > Don't get me wrong, though, I love VMS.
    >
    > Regards
    >
    > Rob


    and just how would they achieve anything with proper security set up?

  5. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    On Jun 9, 5:36 pm, Michael Kraemer wrote:
    > ultra...@gmail.com schrieb:
    >
    > > how many other OS's can claim that?

    >
    > almost any non-Windoze OS,
    > so what's the point ?


    I said virus free, but if I also said cert free, then you would
    have a bit of a problem making the assertion you just did ...

  6. Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1


    wrote in message
    news:825b46f9-fbf3-4d8a-8fb3-001ed9d514a5@d77g2000hsb.googlegroups.com...
    > On Jun 9, 4:52 pm, "Robert Jarratt" wrote:
    >> wrote in message
    >>
    >> news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com...
    >>
    >> > how many other OS's can claim that?

    >>
    >> > well we can can on OpenVMS 7.1

    >>
    >> > and we have another 4 years planned on it ...

    >>
    >> I suspect this might cause some debate, but frankly I don't think this
    >> proves anything other than that malware authors do not see VMS as a
    >> worthwhile target, because they would profit very little from attacking
    >> it.
    >> Don't get me wrong, though, I love VMS.
    >>
    >> Regards
    >>
    >> Rob

    >
    > and just how would they achieve anything with proper security set up?


    That would be true if perfect security were possible. I don't think there is
    such a thing as perfect security.

    Regards

    Rob



  7. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    ultradwc@gmail.com schrieb:
    > On Jun 9, 5:36 pm, Michael Kraemer wrote:
    >
    >>ultra...@gmail.com schrieb:
    >>
    >>
    >>>how many other OS's can claim that?

    >>
    >>almost any non-Windoze OS,
    >>so what's the point ?

    >
    >
    > I said virus free, but if I also said cert free,


    but you didn't. Stick to what you said.

    > then you would
    > have a bit of a problem making the assertion you just did ...


    by this measure, AmigaOS, Atari TOS and maybe even MS-DOS 3.something
    would be among the most secure OSs.


  8. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    Robert Jarratt wrote:
    > wrote in message
    > news:825b46f9-fbf3-4d8a-8fb3-001ed9d514a5@d77g2000hsb.googlegroups.com...
    >> On Jun 9, 4:52 pm, "Robert Jarratt" wrote:
    >>> wrote in message
    >>>
    >>> news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com...
    >>>
    >>>> how many other OS's can claim that?
    >>>> well we can can on OpenVMS 7.1
    >>>> and we have another 4 years planned on it ...
    >>> I suspect this might cause some debate, but frankly I don't think this
    >>> proves anything other than that malware authors do not see VMS as a
    >>> worthwhile target, because they would profit very little from attacking
    >>> it.
    >>> Don't get me wrong, though, I love VMS.
    >>>
    >>> Regards
    >>>
    >>> Rob

    >> and just how would they achieve anything with proper security set up?

    >
    > That would be true if perfect security were possible. I don't think there is
    > such a thing as perfect security.


    Sure there is! But no one can use the system!



  9. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    On Jun 9, 10:52 pm, "Robert Jarratt" wrote:
    > wrote in message
    >
    > news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com...
    >
    > > how many other OS's can claim that?

    >
    > > well we can can on OpenVMS 7.1

    >
    > > and we have another 4 years planned on it ...

    >
    > I suspect this might cause some debate, but frankly I don't think this
    > proves anything other than that malware authors do not see VMS as a
    > worthwhile target, because they would profit very little from attacking it.
    > Don't get me wrong, though, I love VMS.
    >
    > Regards
    >
    > Rob


    Why does nobody here appear to know that the OS architecture of
    OpenVMS provides an inherent security advantage over all the other
    OS's mentioned here?

    Yes, a perfect security coupled with a practical, usable OS is
    probably an unreachable goal. But the integrated architectural
    advantage of OpenVMS brings it much closer to such a goal than any OS
    which just layers security features on top of it's architecture.

    While it is possible to write a virus for OpenVMS, and maybe even
    infect a user-mode process, perhaps through a buffer-overflow in a
    poorly programmed third-party application also running in user-mode.
    It is very much more more difficult on OpenVMS to actually to use a
    buffer overflow or other exploit to gain any higher mode privilege to
    actually control or degrade the security or stability of an OpenVMS
    system which has been properly configured. The basic principles have
    been mentioned by myself and others in this forum years ago. In fact
    they were mostly well developed in the MULTICS OS in the 1960's, and
    promptly ignored by the Unix fathers who had other goals than a secure
    OS in mind. OpenVMS developed these principles a little further while
    maintaining a practical and manageable balance of features.

    - First, a secure OS architecture must have at a minimum 3 security
    rings or modes. This is simple common sense, since it is necessary to
    protect the kernel from the third-party apps and the third party apps
    from the user. All Unix, Linux and Windows derivatives have only 2
    security rings/modes. OpenVMS has 4 rings. The extra ring is used to
    protect the (eventually changeable) CLI from the user, and the other
    higher modes from the CLI.

    - Second, all services and privileges which can be requested from a
    higher mode must be performed through a standardized calling standard
    that only permits calls where the parameters are "called by
    descriptor". This virtually eliminates buffer overflows as a source of
    attaining higher mode privileges or services for which a process was
    not explicitly entitled. Buffer overflows are the source of the vast
    majority of the security vulnerabilities announced for all the other
    OS's the past 30 years. Building such protection into you OS provides
    a significant advantage that is much less dependent on the honesty or
    skill of third-party developers, and does not not depend on needing to
    acquire, read, understand and debug their source code (which may or
    may not be what your executable was really built from).

    Unfortunately, you will generally not find the above principals in the
    currently used University-level texts on OS Design. And, the
    professors appear to be ignorant of, or be uninterested in these
    principals, which disprove Microsoft's recurring mantra that all OS's
    are relatively equally insecure. In the many OS design books I have
    reviewed, I have never seen a mention of a descriptor-based calling
    standard coupled with a minimum 3 protection mode design. These
    principals however become apparent when understanding Ruth
    Goldenberg's IDSM books and various MULTICS security articles.

    Here I would like to mention, an accidental bug can potentially be
    more clever at degrading security than the best hacker/cracker.
    Consequently, good security design is actually synonymous to good
    reliability design of a system. Both reliability and security are
    compound LCD qualities, meaning it is only as strong as it's weakest
    link, and due to it's complexity, and the difficulty to balance
    usability and security, the OS is traditionally one of the most
    neglected links of the IT security quality chain. Consequently,
    security features are often only layered add-ons in most OS's allowing
    widespread configurations which default to not having these add-on
    security features. This leads to the large "ecosystem" of easily
    exploitable OS instances which hackers are taking advantage of.

    To say OpenVMS is secure "only because it is not as popular" as other
    OS's is a patently and provably wrong statement. It is wrong when you
    consider OpenVMS's security architecture compared to other OS's, and
    it's wrong since OpenVMS has had it's "trial-by-fire". OpenVMS was
    actually a primary target of professional hackers in the mid 1980's to
    early 1990's. This has been documented in various books and articles.
    This was due to the large body of corporate and institutional secrets
    which were to be found on OpenVMS systems. For instance, NASA's SPAN
    network was DECnet based and a repeated target of Russian espionage
    such as witnessed in reports on "Hanover Hackers/Crackers", the
    loginout code exploit of Kevin Mitnick or the spread of the "Wank
    Worm". In all these cases it was necessary to have the password of a
    username with higher mode privileges to enable the compromise of a
    system. OpenVMS had it's "trial-by-fire" with regards to security long
    ago. And in those cases, it was "people" who proved to be the weakest
    link, not the OS. The same definitely can not be said of the
    competition in the enterprise OS market.

    The realization that the OS is the regulating central architecture to
    providing for enabling a secure system and reliable is diametrically
    opposed to today's mantra that the application alone should/is
    important to the customer, and the OS should be irrelevant.

    There are many other security principles which are realized in the
    design and practices surrounding the OpenVMS, but to a much lesser
    degree, if at all, in other Enterprise OS's.

    - no application can be more capable or secure than it's OS design
    permits. This is a result of the LCD compound quality of security
    mentioned above. Security is a chain of links, each of which must be
    strong on it's own. In the IT world, links of a chain are analogous to
    the layers of technology implemented starting from the user, network
    OSI layers, application layers down to the kernel, hardware and
    physical location of the system. For example, if an application layer
    is encrypting it messages to the equivalent application running in
    another city. That application is still not more secure that the OS
    underneath it, which when compromised, allows the viewing of the plain
    text when the user is reading it himself.

    - dependence on the review of Open-Source in terms of reaching a
    secure OS is a red-herring. Especially since OS and application code
    fluctuation and complexity virtually guarantees the perpetual
    existence of security impacting SW bugs. The OS design must provide
    mechanisms to explicitly avoid classes of exploits and coding bugs
    through the design of it's OS architecture. The corollary to this is
    that it is pure hubris to think anyone is so expert about the quality
    of all third-party applications they are using that they can maintain
    "a secure system" only because the purported source code is "open" and
    available for public review.

    - the segregation of all security/stability affecting activities into
    multiple clearly defined privileges, which limits exposure of higher
    modes to applications and users temporarily requiring a specific
    privilege.

    - protection of all individual OS structures, services, and objects
    (processes, threads, monitors, etc.) with "individual security
    profiles" which can be finely tuned to allow/refuse access to any
    other individual or class of OS structure, service or object.

    - the default installation of privileges and protections should start
    with a new user always having minimal but usable access to OS
    privileges and services.

    - user access to higher privileges should only be through known and
    validated applications installed with the needed privileges and coded
    to carefully to only allow intended actions.

    - A known/unknown bug in any privileged application that allows one to
    break out to a command line should still never allow the user to
    maintain an application-level privilege in that interactive mode. The
    capability to recognize this should be an inherent capability of the
    OS architectural design. OpenVMS does this, and on OpenVMS a system
    administrator can even refuse any or all users the privilege to have a
    command line. This totally eliminates a class of exploit.

    If you pull all the information together you can find on these
    concepts, and forget any bias you may have had indoctrinated in you
    about what an OS kernel is and must provide as a service. Then you
    should come to the inescapable conclusion that all Unix, Linux and
    Windows variants (please see the "Shatter Exploit" for an example of a
    failed OS API) are inherently non-secure by design, and to change that
    would require breaking completely with upward compatibility and
    leaving their valuable application ecosystem behind. Microsoft has
    already struggled with the upward compatibility and acceptance of it's
    VISTA OS while trying to implement only a very limited improvement of
    a coordinated restriction software installation and user privileges
    with it's UAC feature. Although perhaps a step in the right direction
    in terms of security, the feature is almost universally disliked by
    Windows user's and is often immediately turned off. Please see user
    comments here...<http://www.theinquirer.net/gb/inquirer/news/
    2008/04/22/windows-milestone-outed>


    Cheers!

    Keith Cayemberg


  10. Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha 7.1 alpha 7.1

    Keith Cayemberg wrote:
    [snip of a good analysis of VMS's security by design philosophy]

    Thanks Keith - too bad it takes someone from IBM to tout the virtues of
    HP's most secure OS. I suppose there's still no chance of a rescue by
    IBM, eh? :-)

    All that's needed now are applications... :-(

    >
    > Keith Cayemberg
    >
    >



  11. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1 alpha 7.1 alpha 7.1

    On Jun 10, 1:50 pm, bradhamilton wrote:
    > Keith Cayemberg wrote:
    >
    > [snip of a good analysis of VMS's security by design philosophy]
    >
    > Thanks Keith - too bad it takes someone from IBM to tout the virtues of
    > HP's most secure OS. I suppose there's still no chance of a rescue by
    > IBM, eh? :-)
    >
    > All that's needed now are applications... :-(
    >
    >
    >
    > > Keith Cayemberg


    Yes, I was quite successful as a Senior Consultant specialized on the
    OpenVMS Market for IBM Global Services in Europe. But, I moved on to a
    major player in India's IT Services landscape almost 3 years ago. I'm
    still quite successful as an OpenVMS Consultant and also serving one
    of the same major OpenVMS customers in Europe as before. The customer
    wanted to retain the services and knowledge I could provide their VMS-
    based CIM landscape. :-)

    Cheers!

    Keith Cayemberg


  12. Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1

    In article <90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com>,
    ultradwc@gmail.com writes:
    > how many other OS's can claim that?


    I have never had a virus on Unix and I have been running it in it's many
    different flavors, frequently in rather hostile environments, for more
    than 20 years. I haven't had a virus on a windows box under my control
    in more than 10 years. I have never seen a virus on a machine running
    Primos and they have been around for more than 20 years as well. How
    about Unisys EXEC? zOS? MVS? It is much easier to count the OSes that
    are susceptible to viruses than those not. And even the worst can be
    safely operated.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  13. RE: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha 7.1 alpha 7.1


    > -----Original Message-----
    > From: Keith Cayemberg [mailto:keith.cayemberg@arcor.de]
    > Sent: June 10, 2008 7:07 AM
    > To: Info-VAX@Mvb.Saic.Com
    > Subject: Re: Happy 10 years of continuous virus free computing on
    > OpenVMS alpha 7.1 alpha 7.1 alpha 7.1
    >


    Keith,

    Excellent reply. Another keeper.

    :-)



    Regards

    Kerry Main
    Senior Consultant
    HP Services Canada
    Voice: 613-254-8911
    Fax: 613-591-4477
    kerryDOTmainAThpDOTcom
    (remove the DOT's and AT)

    OpenVMS - the secure, multi-site OS that just works.




  14. Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1

    In article <6b8hjeF37og03U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:
    >
    > I have never had a virus on Unix and I have been running it in it's many
    > different flavors


    Now you know "UNIX is the first virus witrh a human interface", so
    your statement refutes itself. 8-)

    As for Windows, we haven't had a security issue or BSOD since
    yesterday. Probably because we just got in this morning. Might
    not know if it's a virus for a while.


  15. Re: Happy 10 years of continuous virus free computing on OpenVMSalpha 7.1

    On Jun 10, 7:38 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    > In article <90d9d32c-ee99-435b-84d9-c46d97012...@e39g2000hsf.googlegroups.com>,
    > ultra...@gmail.com writes:
    >
    > > how many other OS's can claim that?

    >
    > I have never had a virus on Unix and I have been running it in it's many
    > different flavors, frequently in rather hostile environments, for more
    > than 20 years. I haven't had a virus on a windows box under my control
    > in more than 10 years. I have never seen a virus on a machine running
    > Primos and they have been around for more than 20 years as well. How
    > about Unisys EXEC? zOS? MVS? It is much easier to count the OSes that
    > are susceptible to viruses than those not. And even the worst can be
    > safely operated.
    >
    > bill
    >
    > --
    > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    > billg...@cs.scranton.edu | and a sheep voting on what's for dinner.
    > University of Scranton |
    > Scranton, Pennsylvania | #include


    how many cert patches have you had though?

+ Reply to Thread