> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hare > Sent: Monday, April 09, 2007 1:08 PM > To: [email protected] > Subject: Re: Effects of Linux on z...ISV support and z/OS > (Was: IBM to the PCM market) > > > Let's be fair - Windows security may or may not be bad. > > > What we usually see are examples of poor application > programming security. > At least from my viewpoint, Internet Explorer, Word, > Firefox, et al are > applications, they're not part of the core OS. > > Which is, of course, not to say that Windows OS security is > as good as > z/OS Security Server, but I think we just want to compare apples to > apples. > > Tim Hare
I agree that it's difficult to tell. Take I.E. (please!), MS swears to high heavens that it is so integrated into the system that it cannot be removed without breaking the system. And the new .ANI exploit is directly in the Windows rendering engine, which is again integrated intimately with the OS. This is like in the old days of OS/360 where tons of stuff ran key 0, and so could compromise reliability. That's where Windows is today. Too much stuff runs in ring 0. If it runs in ring 0, I consider it to be part of the OS. Firefox on Linux has few exploits that I'm aware of. But there are some. However, on Linux, it can only affect that one user. Unless it is being run as root (which only an <elided> would do), it cannot harm the OS itself or another user. Windows tends to have less separation of authority than Linux. There are exploits which can hurt Linux, of course. Mainly of old software that runs as root. Modern Linux software, even "system" type daemons, try to run with "reduced priviliges" by either chroot'ing or running the majority of the software in a separate process, running as a non-root user. (compare sendmail with postfix for email, for instance). -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
