|
As an iSeries anti-virus provider I feel compelled to comment on some of these points since I deal with viruses every day and iSeries customers with virus related issues.
As to iSeries anti-virus software, in my opinion that's one of the bigger misrepresentations in our marketplace. You can only put a virus on an iSeries by copying a file into the IFS from an infected non-iSeries machine.
This is a bit of a tricky statement. The IFS is the entire system, it encompasses all (7?) file systems. That's why the I in IFS stands for Integrated. To say that something must be copied to the IFS is to say that it must be copied to the disk in some way. That's not any different than Windows. But I could also create a symlink to somewhere in QFileSvr.400 and access that file without physically having the file on disk! What I think is meant is the files must be copied to the root '/' file system? However, I have seen viruses in QOPT, QSYS (save files), QOpenSys and root all come to mind. There is a general mis-perception that the IFS is separate from the iSeries and is somehow not being used or takes special action to use it (not to imply you are saying that, its just my experience talking with iSeries users). Regarding the statement they must be copied from a non-iSeries machine: I have seen viruses go from iSeries to iSeries plenty of times -- basically any way you can move stream file data from one iSeries to another you can transfer a virus. I have seen viruses go from system to system using FTP, QOPT, tape, journals, even completely automated using HA solutions (if you infect a file on systemA then it gets replicated to systemB). Of course its not the virus doing the replicating but it still got to systemB nevertheless. I have seen customers that restore data from backup tapes and reinfect files, I have seen viruses get on the system from installing 3rd party software (I wont name names, but you would be very surprised) using save files and RSTLICPGM. I have seen them come in through automated EDI transfers. The iSeries is a server and its very good at moving data! I think what is meant is the viruses must INITIALLY get on an iSeries system via a non-iSeries machine. That is partially true, at some point the file had to get there from somewhere (ie Windows), but after that it can go from iSeries to iSeries quite easily using any of our data transfer methods mentioned above (ie I could FTP you a save file, I could burn a DVD, all using my iSeries).
The virus cannot affect the iSeries, and so really isn't an iSeries virus in a traditional sense, any more than a virus on a CD is a "CD" virus.
I was personally involved in a customer incident where their iSeries telnet server kept crashing. They spent several days with Rochester support loading PTFs and eventually replaced some hardware. Days later it turned out to be a virus (runnning on a Windows PC) that was flooding their telnet server with bad packets. There's a PMR out there that addressed it, quitely as a 'Intergrity problem'. Was their iSeries affected? If you ask this customer I can assure you they wont agree the system cannot be affected. And how do you think they felt about the 2 days of downtime they had?! To make matters worse, once they cleaned the infected PC, the problem came back a week later because the infected file was still on their iSeries and it reinfected their PC but they never checked there. Yes they had antivirus running on their PC but it was freeware and it didn't know about the virus. I know of other real situations but I should leave it at that. Intel viruses aren't going to be running in QBATCH, but that is not required these days to affect a networked server.
They are typically just Windows viruses that are stored on an iSeries. So the place where you need to run your anti-virus software is the machine that is putting the bad files onto your iSeries in the first place.
I'm surprised at how often I hear this. Yes you certainly need to run AV on a Windows PC - no question. But there are 2 basic problems with this approach as your only defense: 1. Anti-Virus software can only detect 'known' viruses (there are exceptions, like McAfee's heuristic technology can make an 'educated guess', but even that is not 100%). That means if I (figuratively speaking) was to create a virus today, and send it to you, your PC will not detect it. That is because your PC's AV vendor doesn't know about it yet, has not put the detection into their virus defintion files, and you have not updated your definitions. Now the virus runs and lets say it copies itself to the IFS. Tomorrow you update your virus defintions and your PC gets cleaned up. But the infected file remains on the iSeries. Now you backup your iSeries to tape, and maybe you have HA replicating your iSeries to a DR machine. The result is Windows 0, iSeries 2 (3 if you count the tape backup). Not good. 2. In order for this method to be effective, you would need to insure all PC's have the latest virus definitions (scheduled automatic updating), that they actually run the update every day without ever erroring out, that no one is ever able to disable or shutdown the AV software, that they never get a virus that shuts down their AV software (I have lots of interesting stories about this one), that they never install any software that disables the software (even temporarily) without their knowledge (more stories about this one too), that you never let anyone connect a laptop to your network without first inspecting their virus defintion levels. And you would want to monitor all of this so you would be alerted in some way before it happens. That's a lot of work! And even then, after all that, there is still #1 above! The iSeries has probably the best anti-virus technology in existence. It cant be shut down by a virus (unlike Windows). Once a file has been marked as infected it cannot be opened in any way (without changing the system value QSCANFSCTL). Once a file has been scanned successfully it is not scanned again by every other user accessing that file, even if you move the ASP to another iSeries! There can be a permanent record made in QAUDJRN for proof of scanning (good for those regulatory requirements). Sorry if that sounds like a sales pitch its just I'm excited about the technology -- its very impressive what IBM did. Just another example on how the iSeries is better than other platforms (yet gets little respect)!
(Don't get me wrong: there is a niche market for anti-virus products for those companies who use their iSeries as their primary file server, not just their business logic server. I won't argue the pros or cons of that; it's a business decision based on cost of disk vs. security and ease of backup.) Joe
Thanks for taking the time and interest Joe. I hope the information is helpful. We don't want any of those misrepresentations out there! Mike Grant Bytware, Inc. 775-851-2900 http://www.bytware.com CONFIDENTIALITY NOTICE: This e-mail message and any attachment to this e-mail message contain information that may be privileged and confidential. This e-mail and any attachments are intended solely for the use of the individual or entity named above (the recipient) and may not be forwarded to or shared with any third party. If you are not the intended recipient and have received this e-mail in error, please notify us by return e-mail or by telephone at 775-851-2900 and delete this message. This notice is automatically appended to each e-mail message leaving Bytware, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
