[Info-vax] VMS x86 performance ?

geze...@rlgsc.com gezelter at rlgsc.com
Mon Nov 2 12:41:58 EST 2020 

On Monday, November 2, 2020 at 8:41:43 AM UTC-5, Simon Clubley wrote:
> On 2020-10-30, Phillip Helbig (undress to reply) <hel... at asclothestro.multivax.de> wrote: 
> > In article <rnhl9b$rio$2... at dont-email.me>, Simon Clubley 
> ><clubley at remove_me.eisner.decus.org-Earth.UFP> writes: 
> > 
> >> On 2020-10-30, Arne Vajhøj <ar... at vajhoej.dk> wrote: 
> >> > 
> >> > I don't think VSI will feel insulted if I say they are not one of the 
> >> > worlds largest IT companies. 
> >> > 
> >> 
> >> They might. :-) 
> >> 
> >> VSI claim that out of all the operating systems produced in the world, 
> >> theirs is the most secure. 
> >> 
> >> They might not appreciate you bringing them back down to Earth. :-) 
> > 
> > So which one is the most secure? 
> >
> First off, it most certainly is not VMS. 
> 
> However, the above is a good question. We can't talk about the "most secure" 
> because it's impossible to know that, but we can talk about "more secure 
> than VMS". 
> 
> I would consider z/OS to be way more secure that VMS. 
> 
> Linux suffers from having a monolithic and fully privileged kernel address 
> space in the same way as VMS but it also has features that VMS doesn't 
> which make it more secure. At one level, it has KASLR, and at the other 
> end of the scale it has full mandatory access control capabilities in the 
> form of SELinux. It also has other security and isolation features that 
> VMS does not. 
> 
> Microkernel based operating systems are by design more secure because much 
> of the kernel/privileged attack surface is pushed into normal user-level 
> processes. This goes even further with formally verified microkernel designs 
> such as SeL4. 
> 
> I would also argue that a system which is heavily probed by security 
> researchers is more secure than one which is not, because the researchers 
> find, and hence force to be fixed, issues that would otherwise remain 
> undiscovered.
> Simon. 
> 
> -- 
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP 
> Walking destinations on a map are further away than they appear.
Simon,

The real efficacy of ASLR depends upon the entropy of the randomization. Brute force script attacks are prevented effectively, but if the entropy is not high, one can simply keep trying by brute force.

With regards to Linux, some of the approaches used by Linux are due to other factors, such as the prevalence of superuser processes.

How effective a security regime is depends upon the totality of the security measures, not an individual measure. Some measures are more necessary than others due to one choice or another.

- Bob Gezelter, http://www.rlgsc.com

More information about the Info-vax mailing list