The Question is:
I know this might be a little silly, because I can't remember the last time
that there was a "potemtial", or real Intrusion to my
system ( I run Audits bimonthly: analyze/audit), but is there a
Viral Detection product from Digital/Compasq that could be
installed on my Alpha, if management won't take my
analysis seriously that the Alpha isn't threatened?
Thanks for any reply.
Host Operations, NASA Hq.
The Answer is :
While it is technically possible to launch a targeted attack against
particular users or against most any operating system platform or
network, the OpenVMS Wizard is unaware of any wide-spread instance
of a virus attack launched against OpenVMS. Network and DCL-based
(virus-like) worms have very occasionally been seen, as have the
occasional and isolated Trojan Horse.
The typical PC anti-virus packages are based on comparing signatures
from known attacks, and the lack of active virii for OpenVMS makes
this approach (obviously) relatively difficult. Because of this,
sites that are concerned about modification to OpenVMS images can
choose to run one of the products that takes cryptographic checksums
of key images, and compares the checksums to their proper values.
Similar results can be achieved by making a CD-ROM copy of critical
files and using the OpenVMS DIFFERENCES command on a periodic basis.
A significant difference between a secure multi-user operating
system and a personal computer involves the level of system access
available to individual users -- the personal computer user often
has full access rights to change the system, load software from
questionable sources, activate VBS applications, and otherwise
mismanage the security. On a secure multi-user operating system,
there is more typically a trained system manager -- someone who
knows to beware of such pitfalls. The individual users of a
well-run multi-user system do not generally have the privilege(s)
needed to make changes to the system -- no matter how ill- or
well-intentioned these changes might be -- that will affect the
programs run by others.
For a perpetrator to launch an effective Trojan Horse attack
(where a program has unpublicized adverse side effects) against
an entire OpenVMS system, the perpetrator would have to trick
the system manager into loading and running the Trojan Horse
program. Other than that, an individual user of the system can
only jepardize those programs and data files over which they have
DECnet network worms are generally defeated through the use of
default network configuration settings. (OpenVMS is very careful
about what code is executed -- directly by the local network
software or by the local user -- on behalf of a remote user.)
Local worms are defeated via UIC-based protection masks and ACLs
on files and objects.
Over ten years ago, OpenVMS Development assembled an experimental
Trojan Horse attack against an application, for demonstration at
a DECUS Conference in Las Vegas. The purpose of that was to
demonstrate the Mandatory Access Control defenses in the SEVMS
(Security Enhanced OpenVMS) offering, and how they prevent such
attacks. If you want to run in an OpenVMS environment with
Mandatory Access Controls, you should consider SEVMS, which has
been evaluated at NCSC level B1 (as contrasted with Class C2 for
ordinary OpenVMS). Be aware, however, that to operate in a Class
B1 environment does require greater system management effort.
The result of this situation has been that OpenVMS has provided
a relatively unattractive target for virus authors.