First: no, I don't have to compare a Windows server to an iSeries server,
because I don't see a valid reason to run a Windows server in an iSeries
shop, except maybe as a file server.  Instead, there are dozens or even
hundreds of those little virus-infested XP desktops littered throughout the
office.

(And by the way, as far as I know the Sony rootkit spyware worked on Windows
servers as well as desktops, but I'm not certain of that.)

Second, if you "assume" that a legit profile can be had, then all bets are
off on any machine.  As long as the legit profile has enough rights, you can
do anything.

(Of course, if you set up single sign-on and then put your SSO server on a
Windows machine, you are in effect giving away all your passwords, since we
know the Windows machine can be busted, but that's why putting SSO on a
Windows box is goofy.)

No, the right thing is to start with the assumption that all you have is
standard access to the machine through public network access.  If you have
an unsecured wireless network, you've got a different set of problems than
if you have a firewalled system that only allows port 80 HTTP access to a
DMZ machine.  But even in the latter case, if the DMZ machine is a Windows
machine, any number of buffer overrun exploits have been found that can, in
Microsoft's words, allow a malicious user to take control of your computer.
There never has been a single reported buffer overrun exploit on the
iSeries, whereas Microsoft sends out patches nearly daily fixing theirs.

Let's repeat that, just in case I wasn't clear: THERE HAS NEVER BEEN A
BUFFER OVERRUN EXPLOIT ON THE iSERIES.  I don't understand how a Windows
advocate can keep a straight face and say how Windows is comparable to the
iSeries in security.  It's simply not true.

Finally, as to a keyboard logger: if you have that sort of thing on your
network, you've lost control of your system and your IT manager needs to be
fired.  In addition, anybody using that sort of software must be arrested
and brought to trial.  To allow felonies as the standard assumption, well
heck, all I have to do is kidnap the IT manager and torture the password out
of him, maybe make him watch Springer episodes 24/7.

Joe


> From: Jim Franz
> 
> Joe - but the iSeries is a "server" and you need to match server to server
> to be fair.
> A well configured Windows server is way beyond XP Pro desktop.
> It is a given, proven over & over that MS desktop applications have had &
> continue
> to have problems. But now you have to picture that "more vulnerable"
> desktop
> communicating with the iSeries (Client Access or thru IE/html or
> whatever).
> A keyboard logger on the pc can log your iSeries
> profile & password....Now picture yourself not with your "development
> server", but
> a large corporate iSeries....
> I think you have to start with the assumption that a legit profile can be
> had. Now
> what doors do you need to close?
> jim franz



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.