OT security on mainframe versus that on Windows was Re: RW's statement - what am I missing (was: help with tables

On Tue, 05 Feb 2008 17:41:58 -0600, Robert <no@xxxxxx> wrote:

On Tue, 5 Feb 2008 11:53:34 -0800 (PST), Richard <riplin@xxxxxxxxxxxx> wrote:

On Feb 6, 7:33 am, Robert <n...@xxxxxx> wrote:
On Tue, 5 Feb 2008 08:13:24 -0600, "Judson McClendon" <ju...@xxxxxxxxxxxxx> wrote:
"Robert" <n...@xxxxxx> wrote:

Microsoft isn't content with being a 'terminal company'; it wants to put Windows on back
end machines. IBM is vulnerable because a large portion of its revenues come from software
licenses rather than hardware. An end-user company can significantly reduce expenses by
replacing z/OS with either Windows or Linux. The reason WHY IBM promotes Linux is to fight
off Microsoft.

All this talk of replacing mainframe OSs with Windows or Linux gives me
pause. One reason why Windows is so plagued by virus and other security
threats is that most of the PCs on the planet run Windows, which means
most of the hackers have Windows "in their living rooms" so to speak, on
which to develop such attacks. Mainframe OSs have been far less prone
to similar attacks, in part because of better security, but also because few
hackers have access to mainframe OSs on which to design and test their
attacks. If mainframe OSs are replaced by Windows and Linux, that will
no longer be an issue.

In my opinion, the perception that z/OS is more secure than Windows is marketing BS.

Windows was designed to give 'a great user experience'. For example
opening an email in MS Outlook Express with a MS Word .doc could
automatically open MS Word. Macros in that doc could be automatically
run. Macros have a rich feature set. This makes it _so_easy_ and
convenient for the user. It also makes it easy and convenient for the
virus writer.

For (an older) example, setting up a netbios network exposed port 139
to make it easy for other users to find your shares. Connecting to the
internet without a firewall exposed that port to the world.

Unix, with its multi-user and acadaemic background (and its basis in
Multics) never went down the path of making it easy to do silly
things.

Mainframes never made it easy to do anything.

The reality that Windows _is_ less secure is _because_ of "marketing
BS", the marketing of 'so easy'.


It
is comparing apples with oranges, professionally managed back-end machines versus desktop
machines poorly controlled by unsophisticated home users.

Why doesn't the same perception apply to Big Unix? I work on Unix machines bigger than
most mainframes, having 128 CPUs and gigabytes of memory. For example, the world's
telephone networks run on Unix. We don't get hacked any more than mainframes, which is
very seldom.

You don't run IE, Outlook Express, or MS Word on those machines.

You are right. Neither would a Windows back-end server be running consumer software.

If Windows is so easy to hack, why aren't millions of corporate desktop machines a
security risk? They run IE, Outlook and Word. They have access to servers. Developers have
LOTS of access.

Desktops are secure because they're protected by firewalls and virus scanners. The only
way to connect to them from the outside is via VPN. Servers have additional protection
from desktops, such as SecurID.

As usual the devil is in the details. How locked down is the Internet
access? How locked down is the computer from upgrade? Is there a USB
port on the desktop and what can be hooked to it? Can CDs be read? Is
autoplay enabled? Is boot from CD enabled? What privileges is the
user allowed to boot up with? Corporate networks are all over the lot
on this.

I will agree that on the server side Microsoft proves a fair amount of
logging and I have been impressed with the information that I have
seen available for fixes that I have applied to my home systems. I
also believe that many shops do not take advantage of the vast amount
of information their operating system(s) vendor(s) provide. If the
complaints I read on bit.listserv.ibm-main are any indication, the
background and training of IBM mainframe people (and probably those of
other similar vendors) is to pay attention to these issues while their
PC counterparts are not. My experience with Windows XP Home is that
some of the functions that should be in the all users, always
available, configurable only by admins are not. When I log off
Webroot spysweeper shuts down and I "think" Zone Alarm Internet
Security might. I do know that both are fired up after logon rather
than as a part of the boot process. I know that on the IBM mainframe
and at least the HP system, security can be by user. I also can
believe that security administration is a full time headache
regardless of operating environment. I suspect that the varying
flavors of modern Unix as well as the long time mainframe systems from
various vendors are more armored and secure than Windows in part due
to different compromises in the design. I do not envy people in small
shops regardless of system because there is so much to do and consider
in this area.
.

Relevant Pages

  • Re: Cryptogram Comment
    ... Or had to go through setting up basic security for their ... > bother me with Windows questions. ... > machines are broken. ... and Linux and other open OS's make all patches FREE to redistribute. ...
    (sci.crypt)
  • Re: RestrictAnonymous registry key
    ... other machines are on the network I have to get a list of other machines ... completed their migration to Windows 2000 and above. ... browse lists anyway). ... security at the NTFS level, and Named Pipes are a whole 'nother issue - I ...
    (microsoft.public.win2000.security)
  • Re: Windows XP remember GP when removed from domain
    ... security template ... ... Windows Platform Support Team ... > machines is what I'd ... >>Security policy is an actual registry change that needs ...
    (microsoft.public.windows.group_policy)
  • Re: A suggestion for next months Malicious Software Removal download
    ... problem is MILLIONS of security hole Windows boxes flushing ... according security specialists at the AusCERT 2006 conference. ... The majority of these bots are home computers that are connected ... end user machines infected by a virus/trojan. ...
    (microsoft.public.windowsxp.general)
  • Re: Cryptogram Comment
    ... >> bother me with Windows questions. ... >> machines are broken. ... Just like if you don't know to tune up your car every year then you ... > and Linux and other open OS's make all patches FREE to redistribute. ...
    (sci.crypt)
Loading