RE: How Secure is Windows, Really? -- MIDRANGE-L

I seem to remember about 5 years ago, a news article saying the
application service providers that M$ used no longer used as/400's
anymore... Can't seem to remember where I read it though.

"Holden Tommy" <Tommy.Holden@xxxxxxxxxxxxxxxxx> 12/29/2006 12:53:55

PM >>>
Anyone know what platforms M$ use to run their business apps on?  I'm
betting it ain't a windows PC or server... 


Thanks,
Tommy Holden


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta
Sent: Friday, December 29, 2006 11:52 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: How Secure is Windows, Really?

From: Lukas Beeler

Do you still know System i only shops, with thin clients? Not using

groupware? Not using internet access? Just 5250?


What does this have to do with the subject at hand?

Please note that I'm not arguing that windows is the best since

sliced

bread, just that the other offers aren't that much better, and the
System i alone doesn't even offer a choice.


A choice for what?  I am talking completely and solely about Windows
as
a
server replacement for iSeries.  Whether or not you use Windows as a
client
is not germane to this discussion, although as I've said in the past,
having
Windows on your network means you had better have some really good
security
procedures in place.

So you compare a perfectly configured System i Box to a Windows

server

configured by someone who doesn't know what he's doing? That's not
exactly fair ;)


I didn't say someone who doesn't know what they're doing.  I said
compared
to the standard Windows box that is sold to businesses.  They are
typically
sold with SQL Server and open ODBC access, and almost always use IIS
as
their web server.  Those two things alone make the Windows server the
most
vulnerable server platform on the market.

The windows platform has it's fair share of problems, but the rest

isn't

necessarily better.


You are absolutely and completely wrong.  The iSeries is better. 
Hands
down, no argument.  i5/OS is a much more secure platform than Windows,
regardless of the edition.  This is the point I'm trying to make.

Yeah. But a lot of the perceived windows problems you see in this

day

and age are because users have local admin rights - which is the
equivalent of running a System i with security level 20.


"Luckily, not all of the wounds were fatal!"  Remote Execution and
Privilege
Escalation exploits have been created that have nothing to do with
user
rights.

"Security issues have been identified that could allow an attacker

to

compromise a system running Microsoft Internet Explorer and gain

control

over it. You can help protect your system by installing this

update

from

Microsoft. After you install this item, you may have to restart

your

computer."


The System i doesn't even offer a web browser.


So what?  How in the world is this even an argument?

Well, either we compare server systems to server systems, where
microsoft didn't really have a horrible track record, or we compare
desktop to desktop systems, where IBM doesn't even offer a product.


This is absolutely untrue.  Microsoft has an utterly horrible track
record
on every system, it's just that desktop are even more horrendous.  But
even
on the servers, there is no comparison.  The number of exploits over
the
years that allow you to take control of an IIS server alone is
unbelievable.

I'm sorry Lukas, but your comparisons are simply baseless.  And it's
faulty
arguments like yours ("Windows isn't so bad" and "Windows server isn't
as
bad as Windows desktop") that are really VERY dangerous.  In fact, I
can't
think of anything more dangerous than saying Windows server is safe
because
it's not as bad as Windows desktop.

Joe