[Info-vax] VMS and security

Dave Froble davef at tsoft-inc.com
Mon Nov 7 23:24:07 EST 2022 

On 11/7/2022 8:30 PM, kemain.nospam at gmail.com wrote:
>
>> -----Original Message-----
>> From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of Simon Clubley
>> via Info-vax
>> Sent: Thursday, November 03, 2022 10:42 AM
>> To: info-vax at rbnsn.com
>> Cc: Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP>
>> Subject: [Info-vax] VMS and security
>>
>> On 2022-11-02, IanD <iloveopenvms at gmail.com> wrote:
>>>
>>> I would have thought VMS could leverage it's historical reputation in
>>> security to give it an advantage against Linux at least, but I'm not
>>> convinced it has done enough to ensure it's up to date in the modern
>>> security landscape and it really needs to make sure it has it's ducks
>>> all in a row and then some because any failure in the security arena
>>> could/would end VMS chances of making a comeback
>>
>> Unfortunately, the idea of VMS security somehow being comparable to
>> today's expected security standards is utterly delusional.
>>
>> Even Linux is _far_ in advance of what VMS offers.
>>
>> For example, Linux has mandatory access controls and VMS is still stuck
> back
>> in the DAC world.
>>
>> There's no ASLR/KASLR support on VMS.
>>
>> There's nothing like the Unix chroot jails on VMS.
>>
>> Compiler protections in generated code has been lacking on VMS compared
>> to what is available elsewhere, but John in recent years has started
> looking at
>> getting comparable protections in the VMS compilers, when it comes to
>> generating code, that currently exist elsewhere.
>>
>> Back in the 1980s/early 1990s, VMS was a leader in security and it has
> proudly
>> remained there while the rest of the world has moved on.
>>
>> Simon.
>>
>
> For those looking for additional security than what the base OpenVMS OS
> provides, they can always add 3rd party products like those from
> PointSecure.
>
> Reference: System Detective
> <https://pointsecure.com/products/system-detective/>
>
>
> Regards,
>
> Kerry Main
> Kerry dot main at starkgaming dot com

I don't use Linux, but it is my impression that just about everything in Linux 
is from third parties.  Nor is Linux restricted to a single vendor.

So why then should VSI be responsible for everything VMS needs?

Gotta love double standards ...


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list