Andrew Rowley wrote, in part: >You can't really blame Windows in this case. >If you had a linklisted, APF authorized product that hooked into >system functions and was remotely updateable by the vendor without a >system restart, they could equally bring down all z/OS systems >simultaneously.
Exactly. This is a process problem on two levels: 1) ClownStrike (I can't seem to stop typing their name that way*) screwed up 2) The Windows ecosystem made it hard to undo that change #2 is on Windows, but Windows didn't cause the breakage. We've discussed the architecture that requires this level of security intrusiveness, and can whine about the company policies that mandate them. But if there were 1.4 billion z/OS systems in the world, many of them run by people who essentially know nothing about computers and have them connected to the Internet, I'm not convinced z/OS wouldn't have an equally nasty security problem. (And no, I can't quite imagine Aunt Maisie submitting jobs, but you get my point!) Yes, there are aspects that make z/OS probably inherently more secure; yes, the z/OS ethos is such that mainframe vendors think about this stuff more. But, again, with 1.4B such machines, the equation would change a lot. The general attitude at most vendors seems to be that you buy software engineers by the pound. That's one way you get things like this incident. And to people saying "This stuff never happened before we had Windows" -- sure it did. There were DOS viruses. What there weren't were over a billion clueless end-users connected to the Internet, essentially saying "Please infect me!" and necessitating a multi-$B industry of software that doesn't do anything except keep other things from happening. Nice work if you can get it, BTW. Finally, a comment re WordPerfect: I remember when Novell bought it for $1.8B, and then sold it a bit over a year later to Corel for $180M. I commented to my boss at the time, "Two more owners and we can afford it!" *And yes, "There but for the grace of &deity go any of us vendors..." ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
