22 Aug
2006
22 Aug
'06
11:49 a.m.
On Tue, 22 Aug 2006, Dave McGuire wrote:
Sigh. I didn't say anything other than what I typed above. The world is
full of misguided and/or clueless people who think VMS is "old",
"dead",
"legacy" or some other such nonsense, while in fact it is extremely widely
used...just not in places that we hear about every day.
OK, now I think you're being unreasonable. Who, pray tell, has these vast
secret VMS installations that we don't hear about? Show me the VAXen.
Ahhh, somebody doesn't know how widely deployed
VMS systems are, but I
won't point any fingers!
So what you're saying is that VMS is more widely deployed than systems that
_were_ compromised at defcon 9? More than Win32, Solaris, Linux, *BSD? And
where are these millions of VMS deployments? I'm the secretary of a DC
metro area system administrators group (>300 members), and I've only heard
of one VMS system in the DC area mentioned in our group over the 5+ years
I've been a member. They were migrating off of it.
I'm not saying there aren't VMS deployments, but I think you're saying
they're comprably common to Windows, Mac or UNIX and everything I know
tells me that is wrong. VMS is not cracker-kiddie-resistant because it's
obscure...it's
cracker-kiddie-resistant because it's well-written.
I don't think it's fair for you to make this claim. There are millions of
known Windows, Mac and UNIX internet-facing computers that are under
attack every day. There are significantly fewer VAXen (100 times fewer?
1000? 10000 wouldn't surprise me), which are attacked significantly less
frequently.
You could be right, VMS could be very securely written; but until it has
been tested by throwing the same volume of script kiddies at it as other
OSen have had thrown at them you can't make any security claims based on
relative number of breakins.
Alexey