[Info-vax] VSI strategy for OpenVMS

[Mark Berryman]

On 9/14/21 4:14 PM, Arne Vajhøj wrote:
> On 9/14/2021 5:05 PM, Phillip Helbig (undress to reply) wrote:
>> In article <shq9sa$djn$1 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?=
>> <arne at vajhoej.dk> writes:
>>> On 9/14/2021 9:38 AM, David Jones wrote:
>>>> On Tuesday, September 14, 2021 at 8:53:40 AM UTC-4, Jan-Erik 
>>>> Söderholm wrote:
>>>>> No, a web *browser* on VMS would do nothing positive for VMS.
>>>>> It is simply neither asked for or needed.
>>>>> Browsers are run on desktop environments.
>>>>
>>>> A GUI browser isn't necessary, but a current curl using up-to-date 
>>>> TLS and root
>>>> certificate list is pretty useful for download scripts.
>>>
>>> Direct download from the internet to VMS may not be wise or common.
>>
>> Probably much less of a worry than direct download to Windows.
> 
> No.
> 
> Risk wise Windows may be more targeted but it should also be more
> uptodate patch wise.
> 
> The big difference is the impact. The Windows desktop PC should not
> be critical for the business and there should be firewalls
> behind it and systems that are critiocal for the business. The VMS
> system most likely ruins something critical for the business.

Sadly, not true.

Let's see, there was the bug in Windows IIS handling of HTTPS that 
allowed anyone to whom the web pages were being served to take over that 
host and use it as a launch point to attack the rest of the network.

Then there have been bugs in Windows domain handling where, if you 
compromised any member of the domain, you owned the domain.

So no, the impact of compromising a Windows system is not necessarily 
small.  And no, as we have seen time and time again, too many windows 
systems are not kept up to date with their plethora of patches.

Mark Berryman