From: Tom Liotta

Joe Pluta wrote:

Uh. Here's what I did: I installed i5/OS, created an HTTP instance and
opened port 80 on my firewall.

I gotta admit, that's far less than I would do. I'd at _least_ also
install up to SP2... ummm... I mean, at least the cume level beyond
what was available at GA. No way I'd want an un-PTFed system open to
the world. You have the courage of your convictions, I'll say that
for you. I couldn't even get the new IDS stuff to work without PTFs
beyond the cume available at the time.

I usually install whatever cumes and groups are available when I do the
install. With image catalog, it's a pretty simple procedure, and of course
I only have to do it on one machine (well, in my case, two). And then I
install PTFs a couple of times a year, or when I need something specific
like a new JVM.

However, are you implying that there's a security hole in HTTP? Have you
heard of such a thing? Or are you just basing this on your experience with
Windows? Because I have never heard of an HTTP hack on i5/OS.


BTW, were you thinking of a comparison between i5/OS V5R4 and
Windows Server 2007? or Windows Server 2003? W2K7 has been a
significant improvement over W2K3, and W2K3 became very good...
eventually. Of course, 'eventually' means that service packs were
released and expected to be installed.

Technically, there is no W2K7, it's Windows Server 2008, and it's been
pushed out until February. And if you're running something that hasn't even
been officially released from Redmond, you have much more courage than I do!

http://searchwindowssecurity.techtarget.com/columnItem/0,294698,sid45_gci126
6328,00.html

And me, I mean any version of Windows. Not one of them is even close to
i5/OS, which is why they co-opted the Trustworthy Computing term.

Joe


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].