× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2006

RE: How Secure is Windows, Really?

Joe,

Please,


Don't use your
iSeries as a file server and you cannot get infected.  


Even if you don't use your iSeries as a file server as you say, shut down
Netserver, FTP, HTTP, etc., there are still plenty of ways to load data onto
the iSeries using green screen 5250 commands. It happens. Maybe not to you,
and that is good, but I can tell you it happens to others. And IMO it's a
rather extreme measure to not use all the wonderful modern iSeries features
just for the sake of keeping infected files off the system. There is an
easier way!


However, it should
also be noted that even if you do get an infected file in 
your IFS, IT WILL
NOT HURT YOUR iSERIES.  It can only cause damage if the virus is
subsequently sent to some other "compatibly vulnerable" 
operating system.



I'm not saying a virus will hurt the iSeries just by sitting on the IFS -- I
think we all know that. It has to execute to cause harm. Academically
speaking, I have seen proof-of-concept examples of unix code that runs just
fine in PASE, and scripts in Qshell. But that is not a normal case,
typically we see the files read from the system onto a PC which execute
there.


I'm not sure what you mean by a virus in a QSYS save file.


I mean saving stream files to a save file. SAV/RST, SAVLICPGM/RSTLICPGM. Not
SAVLIB/RSTLIB (unless there are save files in there with embedded stream
files). I think we all know it cant magically appear in a save file - I
don't know why you say that.


This has nothing to do with the iSeries; 


Why did IBM create a Hyper PTF to deal with it?


Having iSeries AV software wouldn't have helped at all.


Never said it would. iSeries AV software prevents the system from acting as
a Typhoid Mary. Its stops the infections from spreading, which is what its
supposed to do.


I challenge you to provide any evidence of an iSeries being 
affected by a
virus running on the iSeries itself.


Again you are going back to viruses running on iSeries. I am not saying they
are. I'm not sure if your question is regarding a real virus or an academic
one. Academically all a virus has to do it copy itself to another location
(Code red is still one of the most widespread viruses today, just cant get
rid of the damn thing!). Very easy to do, I do it every day. [I deleted my
examples I had listed here since this is the Internet] If you are talking
about affecting the system, that is called a payload. A payload can be as
simple as creating a symlink that points to another file, or as extreme as
deleting a file or directory (yes even a library). Again, very easy to do,
many of us do it to accomplish our normal business work. Only difference is
one is malicious. I'm trying to border on explaining myself to you without
writing a primer on how to write an iSeries virus. But please, that is not a
point I wish to make and is not really what I want to say so please lets
just move on.

(As a side note see news item at bottom of this message for an interesting
story that occcurred as far back as 1988 on a System/38. I think they are
wrong at classifying this as a virus, really more of a bomb since it did not
replicate. But addresses your point about iSeries programmers not being
'sick that way'. It happens in every business on every platform. It can come
from within and from a competitor. And for the record - NO the AV software
wont help that -- Please I'm not trying to sell you AV software, just trying
to address your points!)


Moral of the story?  If you're bringing in viruses into your 
system, you
ought to check them at the door. 


I've already explained that, I don't know what else to add. You should check
them at the door. And keep checking them in case they were missed at the
door.


Just don't tell me that putting AV software on 
my iSeries does anything more than stop the iSeries from being a vector of



spread.


I've never done that! 


and in the end, chances are all those viruses 
won't affect my
iSeries anyway!


As I said before, I have dealt with several cases of iSeries being affected
by viruses running elsewhere on the network. Perhaps they havent affected
your iSeries but I wouldn't want everyone to think its not possible and it
has never happened. Every iSeries and every business is different and
unique! 

The moral of the story is the spreading of viruses by the iSeries affects
the company's bottom line and is something that most CEOs are concerned
about. The numbers speak for themselves (and they're not my numbers). I
doubt very much they care about the exact technical means of distribution,
or if one particular server was not affected in any way but was the source
of the infection. Typhoid Mary did not contract Typhoid fever, refused help,
yet caused suffering to others. In the end she was banished to an iSland, we
don't want that!

Thanks again for listening and Happy New Year,

Mike Grant
Bytware, Inc.
775-851-2900 

http://www.bytware.com

Texas hunts virus villains; first defendant charged with sabotage - Donald
Gene Burleson
Software Magazine,  Oct, 1988  by Steve Polilli
Texas Hunts Virus Villains

The eyes of Texas are upon Donald Gene Burleson, a former security
administrator at a Fort Worth securities brokerage and the first person
brought to trial under the state's computer crimes statutes.

Burleson, whose criminal trial began in September, is accused of tampering
with sales commission records during a late-night visit to his former
employer's IBM System/38 installation. An indictment charges him with
placing a delayed-execution program that would gradually destroy the
commission files into the computer at the USPA & IRA brokerage. Such a
program is commonly called a computer virus.

If convicted of the felony, Burleson could be sent to prison for up to 10
years and fined as much as $5,000.

Prosecution testimony alleges Burleson entered the company's offices at
about 3 a.m., Sept. 21, 1985. The incident occurred three weeks after a
Texas computer sabotage law took effect and two days before Burleson was
fired for reasons unrelated to the virus. Reasons for the firing were not
disclosed.


CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.