> I know some malware for Win10, but I cannot remind any for z/OS 1.4...
Partially because most of the community has a policy of publicizing vulnerabilities, but z/OS does not. The fact that you do not know of any malware for z/OS 1.whatever does not mean that it does not exist. Or expanding on Timothy's point, if you were developing malware, you would have an interesting decision which of the two operating systems to target. Windows is high number of instances/low value each -- kind of the WalMart shopping of malware opportunities. z/OS is low number of instances/high value each -- kind of the Tiffany of malware opportunities. With Windows you would take a shotgun approach: "how many machines can I infect, and hope to make some money off of a percentage?" so naturally some number of your targets would end up discovered and publicized. With z/OS, you would take a very targeted approach: "what one machine can I break into and steal a lot?" Whether you were successful or not, there might not end up being any publicity. Phrasing it differently, for Windows you would develop "malware" -- mass market malware, that would end up with a name and publicity (named by the anti-malware folks, not the authors). For z/OS, you would develop a specific targeted attack. It might be an "approach," not a "malware package," and might not end up with a name (other than "XYZ Bank's ATMs were down for the third day in a row ..." or "ABC Airlines experienced a massive outage yesterday ..."). The absence of evidence is not the evidence of absence. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Wednesday, July 12, 2017 1:26 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again W dniu 2017-07-12 o 08:40, Timothy Sipples pisze: > Clark Morris wrote: >> Running 1.4 on any system that isn't isolated is the equivalent of >> running Windows XP. > I think Charles Mills provided some interesting, useful follow-up remarks. > I wholeheartedly agree that sole reliance on "perimeter" defense no > longer makes sense, if it ever did. Risk assessments and comparisons > are tricky, but let me expand on Charles's remarks a bit. In my view, > the risks of being backlevel are probably greater than Clark's analogy suggests. > > Windows XP (final Service Pack) reached Microsoft's End of Support on > April 8, 2014, except for certain variants (point of sale/embedded > variants, mainly). z/OS 1.4 can beat that, by several years. z/OS 1.4 > reached its End of Service date on March 31, 2007. For perspective, > that date was before Apple's first iPhone shipped. That's over a > decade of security improvements and patches that just aren't available for z/OS 1.4. That's a lot! IMHO even z/OS 1.4 is worth more trust than i.e. Windows 10 I know some malware for Win10, but I cannot remind any for z/OS 1.4... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
