[Info-vax] OpenVMS versus Windows/GE Telemetry Control Systems.
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Jan 15 15:09:40 EST 2013
On 2013-01-15, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2013-01-15 18:46:39 +0000, John Wallace said:
>
>> Stuxnet was quietly working its way around Window boxes for a long
>> while (maybe a year?) before it got serious attention. Ignorance is
>> not necessarily bliss. If folks haven't yet looked into Stuxnet or its
>> successors (eg Duqu), there's no time like the present, and the
>> Wikipedia article on Stuxnet isn't a bad start, although for further
>> reading I'd recommend Ralph Langner and maybe Symantec.
>
> Red October, most recently. Also Flame, which shares features with
> Stuxnet and Duqu.[1]
>
> VMS is lacking defensive features such as address space layout
> randomization[2], execution disable, lacks various safer C calls
> (strcpy_r and other parts of C11 aren't available, and strnlen, strlcpy
> and strlcat and similar calls are lacking), lacks compiler flagging for
> what are now increasingly deprecated calls (e.g. everybody's favorite
> example being gets), and lacks sandboxing.
>
You missed out VMS not supporting Mandatory Access Control based
security. :-)
It's enabled on every Internet facing Linux box, both client and server,
that I am responsible for, both at home and work. It's only one tool in
a list of tools, but I consider it to be a very important one to be used
whenever available.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list