[Info-vax] Anti-virus ?

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Aug 14 08:39:40 EDT 2023 

On 2023-08-11, Dave Froble <davef at tsoft-inc.com> wrote:
> On 8/11/2023 1:35 PM, Simon Clubley wrote:
>>
>> Linux is mainly a server operating system as is VMS.
>>
>> Many attacks occur through server-based components in addition to
>> client-based components.
>>
>> The difference is that Linux has various industry-standard protections,
>> including the third-party protections mentioned, that VMS does not.
>>
>> Oh, and BTW, judging by the fact Eisner has needed to be rebooted multiple
>> times over the years due to various services locking up presumably due to
>> attacks, I have little confidence that VMS in general would be robust
>> within an actively hostile environment.
>>
>
> Ok, I'm not about to declare VMS "hack-proof".  I doubt anything is.
>
> However, I'm going to call "bullshit" on Simon's statements.
>
> Having had VMS "lock up" in the past, not due to any attacks, Simon's snide 
> commend about Eisner is just plain bullshit.  Too many times I've seen "resource 
> wait mode" that never recovers.  Only a re-boot would clear the problem.  Was 
> that "an attack"?
>

If it's something that can be triggered by a non-privileged user, or even
worse, an unauthenticated user, then yes it absolutely most certainly is.

It's called a Denial of Service attack and those are _very_ much CVE
material.

Also, no server operating system, especially "the world's most secure
operating system" should be locking up due to resource wait conditions
the number of times that you imply above it is.

Now, about Eisner. My comments are _not_ snide, but based on what has
been going on over the last few years.

Every so often, Eisner's network services (including SSH) simply stop
working. Sometimes, basic stuff such as ICMP continues to work, but
anything involving process creation is utterly stuffed.

The now-standard routine is that one of us users posts on the Eisner
mailing list that Eisner is stuffed again, at which point VSI reboots it.

Eisner should be an absolutely golden opportunity for VSI to find issues
in a real world situation and then fix them in VMS so that VMS becomes
more robust for everyone. In Eisner, VSI is exposing to the real world
the operating system that VSI themselves are producing and selling.

Instead, Eisner has been locking up in the same way for years, so either
VSI can't find the external causes that's resulting in it locking up, or
it finds an issue, fixes it, but then another way of locking up VMS
comes along.

> None of Simon's "industry standard protections" protects against anything other 
> than some (not all) attacks.  I wish he'd stop insinuating that they solve all 
> problems, and that there must be problems without them.
>

Stop lying about what I have said in this matter David.

I have never said they solve all problems, but just that they are extra
layers that need to be defeated. I have also said that without these
extra layers it's easier to compromise a system.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list