Re: (no subject) -- MIDRANGE-L

Pat,

Good points, but then you run into some "bizneez partners" that like to
ship unavailable code as part of their "assure pound of flesh" management
style...:)

One of the BIG reasons we don't recommend some major software houses to
clients...

Don in DC

-------

On Wed, 30 Oct 2002, Patrick Botz wrote:

> From: Leif Svalgaard <leif@leif.org>
> > If you had a malware checker
> > that, for instance, could check a save file before you restored
> > anything from it, you would have a somewhat better defense.
> > If malware is detected, have the vendor explain what is does
> > and why it is there.
> A malware checker is not sufficient. It has the same problem as a virus
> scanner; you can only update the malware checker after something has been
> unleashed.
>
> A much better alternative is to always retranslate anything that comes on
> your system and not let it on if it can't be retranslated.  By always
> retranslating, you can remove any viruses that *might* be there without
> having to know for sure if there are any.
>
> You can do this today in V5R2. Configure your system to force retranslation
> of executables. Also use the service tools lockdown system values function
> so no install exit can change the system during install and change it back.
>
> Set QFRCCVNRST to level 8 (don't let anything on that can't be
> retranslated). Anything that gets retranslated is guaranteed not to be
> malware. If the application doesn't work after retranslating it's most
> likely because patches added by the vendor, programmer, interloper were
> removed. If it won't retranslate it's because: 1) the program was compiled
> prior to V5R1 and had observability removed; the creation templates (that
> are used to do the retranslation) were hacked in such a way that they were
> not understandable by the translator.
>
> Three system values in V5R2 now work as a set of filters that allow you
> very tight controll over what comes on your system. QVFYOBJSGN, QFRCCVNRST,
> QALWOBJRST. If you set all of these on your production system to their most
> restrictive values and lock down system values, you have a system that is
> easy to manage and difficult for anyone to distribute unwanted patched
> programs to your system. When installing software from trusted sources you
> have your choice of relaxing the system values during installation or, if
> they have not informed you of any *non-standard* implementations or of
> programs that adopt authority or use setuid(), you can install everything
> at the strictest level. If the install fails or the product fails it's a
> pretty good idea that the provider did something that could impact security
> or integrity on your system that they didn't tell you about.  They either
> didn't tell you because they don't understand security or because they
> understand it very well and don't want you to know.
>
> P.S. Retranslation is not related to observabilty in V5R1 and greater. You
> can remove observability in V5R1 and still retranslate a program. Prior to
> V5R1, removing observability removed the source code and the *translation
> templates*. In V5R1 and greater removing observability only removes the
> source code.
>
> Patrick Botz
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>