Spectre Strikes Again

Spectre Strikes Again

Back in April, I wrote an article entitled “Migrate your Alpha environment to another platform”; towards the end of the article, I talked about the Spectre virus, which hit the streets in 2018. For those of you who are unaware of this virus, it exposes a loophole in the modern processing technique of predicting future instructions. Spectre cons the processor into executing the wrong instructions, and in that split second before the system can correct itself, Spectre can access confidential information.

That was in 2018. Fast forward 3 years and we now have a new variant, see "Computer scientists discover new vulnerability affecting computers globally". It almost seems bad taste to talk about viruses in current times when the COVID-19 virus has created so much human misery and devastation: however, that is the name we have given malicious software which – in some ways at least - imitates biological behavior. Maybe it’s time we came up with a new name for these things!

Anyway, Spectre2 is now hitting the streets in a computer near you. Maybe we should call this type of malicious software “shark”, because just when you thought it was safe to go back in the water... Hold on, I am getting off topic here; my point is that there is another deadly “shark” in town, and yes, the collective we will find a way to defeat this one, but guess what: next year there will be another shark attack, and then another. These sharks just do not give up; why should they? They are predators looking for prey and modern technology is a ready meal.

Where am I going with this? Well, I am going down the route of mitigation: we will never stop these attacks, but wouldn’t it be good if we had some kind of shark net and not have to scramble around every time there was an attack. OpenVMS brings that shark net to commercial systems. As most of you readers will know, OpenVMS inherently brings multiple levels of security to an operating system, ranging from Access Control Lists to UIC categories, and much more . So, next time your CTO complains about the fact that they have to patch the servers because of the latest “shark” attack, just cock your head towards the OpenVMS server and suggest he reads the “Dummies guide to OpenVMS”.

Before anyone brings up that old chestnut of “the only reason OpenVMS is secure is because nobody knows about it”, just remember that OpenVMS was once the premier commercial OS, and it was not much of a target then either (and yes they did have hackers in the day).

Finally, a colleague of mine came out with a wonderful analogy recently (I haven’t worked out how to translate that into a shark paradigm yet without losing effect), he said:

“OpenVMS has a level of natural protection against viruses whereas other operating systems need regular vaccinations”.

Note: As an aside we are running some Advanced Software Engineering projects (more of that soon) and one of those projects is focusing on OpenVMS’s superior reliability and stability.

Double note: Vernon is still alive and well and poses no threat to your computer system.

Chris Brown

May 28th, 2021

Chris Brown

Director of Strategy for VMS Software, Inc.