[Info-vax] Anti-virus ?

Dave Froble davef at tsoft-inc.com
Mon Aug 14 10:15:17 EDT 2023 

On 8/14/2023 8:39 AM, Simon Clubley wrote:
> On 2023-08-11, Dave Froble <davef at tsoft-inc.com> wrote:
>> On 8/11/2023 1:35 PM, Simon Clubley wrote:
>>>
>>> Linux is mainly a server operating system as is VMS.
>>>
>>> Many attacks occur through server-based components in addition to
>>> client-based components.
>>>
>>> The difference is that Linux has various industry-standard protections,
>>> including the third-party protections mentioned, that VMS does not.
>>>
>>> Oh, and BTW, judging by the fact Eisner has needed to be rebooted multiple
>>> times over the years due to various services locking up presumably due to
>>> attacks, I have little confidence that VMS in general would be robust
>>> within an actively hostile environment.
>>>
>>
>> Ok, I'm not about to declare VMS "hack-proof".  I doubt anything is.
>>
>> However, I'm going to call "bullshit" on Simon's statements.
>>
>> Having had VMS "lock up" in the past, not due to any attacks, Simon's snide
>> commend about Eisner is just plain bullshit.  Too many times I've seen "resource
>> wait mode" that never recovers.  Only a re-boot would clear the problem.  Was
>> that "an attack"?
>>
>
> If it's something that can be triggered by a non-privileged user, or even
> worse, an unauthenticated user, then yes it absolutely most certainly is.

I'm not sure what causes that particular problem, nor am I aware if it is still 
a problem.  My only point was that not all issues are outside attacks.

It is NOT, as far as I know, triggered by a user.

> It's called a Denial of Service attack and those are _very_ much CVE
> material.
>
> Also, no server operating system, especially "the world's most secure
> operating system" should be locking up due to resource wait conditions
> the number of times that you imply above it is.

Not seen it for years.  Only mentioned it as an example.

> Now, about Eisner. My comments are _not_ snide, but based on what has
> been going on over the last few years.
>
> Every so often, Eisner's network services (including SSH) simply stop
> working. Sometimes, basic stuff such as ICMP continues to work, but
> anything involving process creation is utterly stuffed.
>
> The now-standard routine is that one of us users posts on the Eisner
> mailing list that Eisner is stuffed again, at which point VSI reboots it.
>
> Eisner should be an absolutely golden opportunity for VSI to find issues
> in a real world situation and then fix them in VMS so that VMS becomes
> more robust for everyone. In Eisner, VSI is exposing to the real world
> the operating system that VSI themselves are producing and selling.
>
> Instead, Eisner has been locking up in the same way for years, so either
> VSI can't find the external causes that's resulting in it locking up, or
> it finds an issue, fixes it, but then another way of locking up VMS
> comes along.

Eisner, last I heard, runs on an Alpha DS20.  Not a platform that VSI can spend 
much or any time on.  x86 is their future, at this time.  So, yeah, I can 
understand "just reboot the damn thing".

>> None of Simon's "industry standard protections" protects against anything other
>> than some (not all) attacks.  I wish he'd stop insinuating that they solve all
>> problems, and that there must be problems without them.
>>
>
> Stop lying about what I have said in this matter David.

Lying?  Maybe perception.

> I have never said they solve all problems, but just that they are extra
> layers that need to be defeated. I have also said that without these
> extra layers it's easier to compromise a system.

Well, it seems all you ever mention.  And I'll agree, extra layers, whatever 
they are, can be a good thing.


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list