[Info-vax] A possible platform for VMS?

[johnwallace4 at yahoo.co.uk]

On Saturday, 28 February 2015 22:58:43 UTC, Stephen Hoffman  wrote:
> On 2015-02-28 22:43:56 +0000, johnwallace4 at yahoo.co.uk said:
> 
> > Some people might believe "Microsoft has learned more than a few lessons
> > from those attacks" but that might come as a surprise to those who still
> > regularly see previously unpatched flaws in "all supported versions of
> > Windows".
> 
> Beyond Cutler and other ex-Digits that worked on Windows NT, I know 
> some of the folks that were working on Windows and on Windows security 
> over there -- they're very clever folks, and the tools they're using are 
> good ones.
> 
> > E.g. errors in JPEG rendering leading to remote code execution. How hard
> > can it really be to secure something like that be in a presentation-layer
> > OS like Windows?
> 
> Tougher than it looks.    Somebody handed SMG some keypresses on VMS, 
> and got kernel access.  What happens if VMS RMS is handed a 
> maliciously-crafted file or volume?
> 
> 
> 
> -- 
> Pure Personal Opinion | HoffmanLabs LLC

I can't answer "what happens if VMS RMS is handed a maliciously-crafted
file or volume" but I can speculate based on twenty years observation of
NT and thirty or so of VMS (also thirty or so of *ix).

I watched, and occasionally translated, as the SMG hiccup emerged but
don't want to comment on that here, except to say that nobody's perfect,
which is why consistent defence in depth can be an important consideration
in doing a proper job; no point having an ultra-secure door surrounded
by plasterboard walls (was that a Cutler comment?).

System robustness to unplanned conditions depends on various factors but
two things I want to mention here are philosophy (call it design,
architecture, whatever) and features.

VMS since day 1 has seemingly considered that preservation of customer
data was a fairly important subject. That's a core part of the philosphy
and lots of people know that.

So stuff inside VMS, and often in VMS apps, is designed defensively and
stuff is often checked for consistency as it is passed around. Same goes
for working practices, but that's another story.

If an unexpected inconsistency arises, action can (and often will) be
taken. The last resort is a system crash. There are features which mean
that if a system crash is necessary as a last resort, it will include
lots of potentially relevant debug info and there will be people available
to help interpret it. There will also be lots of other resources which
may or may not be helpful in diagnosing unexpected conditions (including,
but not limited to, privileges, quotas, accounting, operator logs, audit 
logs, and so on).

It's a mixture of philosophy and features which could fill far more
space+time than I have here and now.

In contrast, Windows offers us what? A GUI-based program loader and a 
bit of networking, plus (and, from a historic point of view, more
importantly) an ecosystem of MS-dependent professionals, forums,
bloggers, etc. OK I exaggerate, but only slightly. 

Looked at from another angle, Windows is perceived to offer cheap (at
least initially), and shiny. 

Windows doesn't offer secure (neither in confidentiality nor in
robustness). Windows doesn't offer consistency (neither from release
to release nor from product to product). Windows doesn't even offer well-supported, beyond the usual "re-install and try again". It's not
really obvious whether it really offers cheap, in general.

The historic stranglehold of MS on volume PC vendors has made things so
much easier for the Windows folks. The five or ten year future of
Windows clients is now rather less clear than it has been for a couple
of decades.

Windows may well be acceptable for lots of outfits. VMS was in that
position once, but times changed. The same could happen to MS. Much
as it happened to Apple (and then a miracle occured).

At the risk of getting repetitive again, one size does not necessarily
fit all (not in a sensible world anyway).