Re: Here is a real reality check for every PC user... -- PCTECH

Joe - we do agree<grin>. I just wanted to make the point that there is muchmore toa truly secure iSeries than seclvl 50 (which i do use). My other major point(back tooriginal posting) is that I beleive the new generation of "hackers" are farmore criminalin nature, and it is less about denial of service (virus bombs, etc) andmore about

your data and your resources.
jim franz

----- Original Message -----From: "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>

To: "'PC Technical Discussion for iSeries Users'" <pctech@xxxxxxxxxxxx>
Sent: Thursday, December 29, 2005 10:53 AM
Subject: RE: [PCTECH] Here is a real reality check for every PC user...

Ick. I hate these conversations, because in most cases we're just"agreeing

in a loud tone of voice" <grin>.

Anyway, let me clarify a specific point and then we can move on. One ofthe

primary security breaches in Windows is through buffer overruns: the idiot
who programmed the code didn't check for data running over the end of the

buffer, and carefully crafted requests can then put executable code whereit

shouldn't be and cause bad things to happen.

This cannot happen on an iSeries.  You can't do it.  Feel free to prove me
wrong, and I'll be happy to eat crow, because you'll be uncovering a
security hole that's existed for over 25 years.  The point is that the
iSeries for all intents and purposes is a non-Von Neumann machine (as were

all its predecessors back as far as the S/38), and so is not prey tobuffer

overruns.  I'm not going to argue the technicalities, but if you can ever
create an iSeries buffer overrun exploit, I'll retract my statement.

So, from this standpoint, the standpoint of operating system stability,
i5/OS (nee OS/400, nee CPF) is more secure than Windows.  This is not
opinion, it's simple fact.

Second, yes, people can create unsecured iSeries environments.  Leave the

default password on QSECOFR, that's a great way. Hell, any machine thatis

not physically secured is subject to security breach (something people

amazingly forget -- they secure the heck out of their network then leavethe

door to the computer room unlocked).  But my point on that is that you are
more likely to have a non-IT person do something stupid on their desktop
than you are to have your iSeries mismanaged by professional IT staff (of
course, this depends on your IT staff <grin>).

So, from this standpoint, the standpoint of user engineering, again the
iSeries is more secure.  Again, not really subject to debate, is it?

Joe

From: Bob Crothers

Joe, just because a thing hasn't been done is no reason to assume it cant
be done.

Is the iSeries more secure than most windows boxes? Yes. No argumentfrom

me on that.

But is it hack proof?  No.  Not at all.

And you are also assuming that the people who control the box know what
they
are doing.  I deal with a lot of iSeries shops around the country...and I

can assure you that they are NOT all "well run secure machines". Someare

down right scary in fact.

--

This is the PC Technical Discussion for iSeries Users (PcTech) mailinglist

To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.