|
From: Lukas Beeler Without any intent to attack you directly or something like that, I've always found it silly to compare Windows/System I security, because it just doesn't work.
No offense taken, Lukas. But unfortunately, exactly such comparisons hjave to be made whenever someone is being conned into replacing an iSeries with a Windows machine.
Comparing a desktop OS, with desktop applications to a server which only allows access through 5250 security-wise doesn't work. A better comparison would be a Windows Server 2003 running as a Terminal Server, locked down to only allowing an ERP Application like Navision or Axapta to run.
But the problem is that the Windows servers being sold to replace iSeries boxes are not configured this way. That's because there are those Windows advocates who argue that a properly secured Windows server is as secure as an iSeries, but it is my position that, based on the continuing security exploits of Windows, that no Windows platform is secure.
OTOH, while i5/OS in itself is a very robust operating systems, the SOP of most customers I've seen is HORRIBLE. Lot's of systems still running on Security Level 20, the QSECOFR password unchanged, using unencrypted Telnet to access your information. That's not the fault of IBM, isn't it? However, many shops have an equally lax windows security practice. i5/OS just lacks the number to be a feasible exploitation target.
This argument doesn't apply to ANY hardware or software. If you're a security idiot in this day and age, you deserve exactly what you get.
And while we get PTFs by the truckload after just a quarter, Microsoft's amount of patches actually allows you to see what components are changed. While this is also possible with PTFs, usually you just don't have the time. Looking at 10 patches per month is feasible, but with about more than 100 PTFs per quarter, it's no longer feasible.
I can't even begin to respond to this. If you're as worried about what the iSeries patches do as you claim to be and yet you can't take the time to read the cover sheets for 100 lousy PTFs, then I'm confused. Whereas Microsoft is CONSTANTLY sending me updates like this: "Security issues have been identified that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer." I then have to go here: http://go.microsoft.com/fwlink/?LinkId=77563 Which in turn leads me to four different pages that look like this: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5581 Crap. If you can read forty or fifty of those a month of those a month, you can certainly scan a similar number of cover letters, especially if you limit yourself to ones that say "Security" rather than "Incorrect Output". (Heck, if Windows put out a PTF every time there was incorrect output, you wouldn't have time to use your computer between the updates.)
Security is very important topic, but the most problem lie in the administration itself, and not what get's shipped from the OS vendor.
I don't disagree with this point, but it still can't be used as some sort of excuse to say that Windows is as secure as i5/OS. It is not. Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.