RE: How Secure is Windows, Really? -- MIDRANGE-L

Without any intent to attack you directly or something like that,

I've

always found it silly to compare Windows/System I security, because

it

just doesn't work.


No offense taken, Lukas.  But unfortunately, exactly such comparisons

hjave

to be made whenever someone is being conned into replacing an iSeries

with a

Windows machine.


Do you still know System i only shops, with thin clients? Not using a
groupware? Not using internet access? Just 5250?

Or are their running other Desktop OS (where IBM does not have any
offering), which have similar security problems as windows?

Please note that I'm not arguing that windows is the best since sliced
bread, just that the other offers aren't that much better, and the
System i alone doesn't even offer a choice.

A better comparison would be a Windows Server 2003 running as a

Terminal

Server, locked down to only allowing an ERP Application like

Navision or

Axapta to run.

But the problem is that the Windows servers being sold to replace

iSeries

boxes are not configured this way.  That's because there are those

Windows

So you compare a perfectly configured System i Box to a Windows server
configured by someone who doesn't know what he's doing? That's not
exactly fair ;)

advocates who argue that a properly secured Windows server is as

secure as

an iSeries, but it is my position that, based on the continuing

security

exploits of Windows, that no Windows platform is secure.


The windows platform has it's fair share of problems, but the rest isn't
necessarily better.

This argument doesn't apply to ANY hardware or software.  If you're a
security idiot in this day and age, you deserve exactly what you get.


Yeah. But a lot of the perceived windows problems you see in this day
and age are because users have local admin rights - which is the
equivalent of running a System i with security level 20.

I can't even begin to respond to this.  If you're as worried about

what the

iSeries patches do as you claim to be and yet you can't take the time

to

read the cover sheets for 100 lousy PTFs, then I'm confused.  Whereas
Microsoft is CONSTANTLY sending me updates like this:


Well, it seems that we perceive this issue differently. I see heck a lot
more PTFs than windows updates.

"Security issues have been identified that could allow an attacker to
compromise a system running Microsoft Internet Explorer and gain

control

over it. You can help protect your system by installing this update

from

Microsoft. After you install this item, you may have to restart your
computer."


The System i doesn't even offer a web browser.

Security is very important topic, but the most problem lie in the
administration itself, and not what get's shipped from the OS

vendor.

I don't disagree with this point, but it still can't be used as some

sort of

excuse to say that Windows is as secure as i5/OS.  It is not.


Well, either we compare server systems to server systems, where
microsoft didn't really have a horrible track record, or we compare
desktop to desktop systems, where IBM doesn't even offer a product.