|
Hi, Without any intent to attack you directly or something like that, I've always found it silly to compare Windows/System I security, because it just doesn't work. Comparing a desktop OS, with desktop applications to a server which only allows access through 5250 security-wise doesn't work. A better comparison would be a Windows Server 2003 running as a Terminal Server, locked down to only allowing an ERP Application like Navision or Axapta to run. Every Desktop OS has it's huge share of security issues - Look at all the OS X Advisories, the Firefox vulnerabilities, the KDE and GNOME security issues, and all the SLED (SuSE Linux Enterprise Desktop) Security announcements. What those alternative operating systems lack are viruses/worms which use the vulnerabilities automatically - they are not a large enough target group to form a money-making botnet with. OTOH, while i5/OS in itself is a very robust operating systems, the SOP of most customers I've seen is HORRIBLE. Lot's of systems still running on Security Level 20, the QSECOFR password unchanged, using unencrypted Telnet to access your information. That's not the fault of IBM, isn't it? However, many shops have an equally lax windows security practice. i5/OS just lacks the number to be a feasible exploitation target. And while we get PTFs by the truckload after just a quarter, Microsoft's amount of patches actually allows you to see what components are changed. While this is also possible with PTFs, usually you just don't have the time. Looking at 10 patches per month is feasible, but with about more than 100 PTFs per quarter, it's no longer feasible. Security is very important topic, but the most problem lie in the administration itself, and not what get's shipped from the OS vendor. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta Sent: Friday, December 29, 2006 4:59 PM To: 'Midrange Systems Technical Discussion' Subject: How Secure is Windows, Really? While I realize there's a certain amount of "preaching to the choir" in this particular email, I still think that it's important to end the year with a real world look at the security of Windows. The Windows apologists have recently jumped on the "Vista is the most secure Windows ever" bandwagon and managed to morph that into saying that Windows is somehow comparable in security to the iSeries. NOTHING COULD BE FURTHER FROM THE TRUTH. I subscribe to Windows Secrets (a newsletter I highly recommend to anyone who has Windows machines in their network). Go here for the current edition: http://windowssecrets.com/comp/061229 In it, you'll find a brief article on ten current outstanding security threats ranging from Denial of Service to Remote Control, some of which have been outstanding since October. The article also points to a great page on this topic from the SANS Internet Storm Center: http://www.incidents.org/diary.php?storyid=1940&isc=56bdbad9f85fa3427d43 ec6b fdd4c389 This lists the 10 outstanding incidents and shows that, for client versions of the OS, four are rated critical and one important. For server versions, the issues are not as critical, but instead six are rated as important. My favorite, though, is the one marked "unknown", in which Microsoft "accidentally" released a patch that caused a security hole on Macintosh computers. Oooops! <grin> Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
