RE: How Secure is Windows, Really? -- MIDRANGE-L

From: QSCANFSCTL

Even if you don't use your iSeries as a file server as you say, shut down
Netserver, FTP, HTTP, etc., there are still plenty of ways to load data
onto the iSeries using green screen 5250 commands.


Oh bullcrap.  Sorry, but if you give your users the ability to load stuff
into your IFS under any but the strictest controls, then the likelihood of
you having a comprehensive security policy.

I tried being nice, but now you're pushing the envelope.  Let's start
talking reality.  There are very few ways to get something onto your IFS.
Pretty much the only ones that are not under program control (that is, not
requiring either a program or an OS/400 command to run on the iSeries) are
mapped drives and FTP uploads.  If you allow either one of these and don't
have the appropriate exit programs in place, your system is a vector for
just about anything.

Now we get to program control.  The only reason to have a program write a
file to your IFS is if you got it from someone else (I'm not even going to
dignify the concept of writing a program that creates a virus).  This file
is either from a trusted source or an untrusted source.  If you download a
file from a trusted source that contains a virus, you had best have a long
talk with that trusted source.  If, on the other hand, you are in the habit
of downloading files from untrusted sources, then you have far more serious
corporate problems than where your AV software runs.

So, in the end, the only way to get infected files on your system is either
through allowing infected files into your system and copying them to your
machine via criminally bad IT practices, or by directly downloading them via
some criminally bad programming practices.

And even after all that, the virus still can't hurt your iSeries!

Moving on.

And IMO it's a
rather extreme measure to not use all the wonderful modern iSeries
features


Nobody said anything about that.  If you map drives or allow FTP, make sure
you have the appropriate firewalls in place, the right authorities, and some
solid exit points.  Nothing in the real world should be putting files on
your IFS without your knowledge and consent.

just for the sake of keeping infected files off the system. There is an
easier way!


Yes!  Don't get infected files into your system!

I mean saving stream files to a save file. SAV/RST, SAVLICPGM/RSTLICPGM.
Not
SAVLIB/RSTLIB (unless there are save files in there with embedded stream
files). I think we all know it cant magically appear in a save file - I
don't know why you say that.


Yeah, that's exactly what I said.  Unless you've already infected your IFS,
you can't possibly get a bad file in a save file.  And if you are intimating
that vendors are shipping viruses in their licensed programs, then I think
you have a responsibility to say who they are, or else drop the subject like
the FUD it is.

This has nothing to do with the iSeries;


Why did IBM create a Hyper PTF to deal with it?


The Hiper (not Hyper) was created to address DoS attacks breaking Telnet.
The fact that IBM created a PTF to stop an external attack from causing
problems has nothing to do with iSeries viruses.

Never said it would. iSeries AV software prevents the system from acting
as
a Typhoid Mary. Its stops the infections from spreading, which is what its
supposed to do.


But it's unnecessary if you have good procedures already in place.  You get
no added benefit from iSeries AV software unless you have an unprotected
inbound infection vector.

I'm trying to border on explaining myself to you without
writing a primer on how to write an iSeries virus. But please, that is not
a
point I wish to make and is not really what I want to say so please lets
just move on.


Oh give me a break.  I can also install a program that does DLTLIB QSYS.
But I'm not that stupid.  The only real issue that makes a virus a threat is
if it can release its payload without an overtly stupid act on the part of
the administrator.  Exactly ZERO of the Windows viruses can do that on the
iSeries.

There are NO iSeries viruses.  None.

(As a side note see news item at bottom of this message for an interesting
story that occcurred as far back as 1988 on a System/38. I think they are
wrong at classifying this as a virus, really more of a bomb since it did
not
replicate. But addresses your point about iSeries programmers not being
'sick that way'. It happens in every business on every platform. It can
come
from within and from a competitor. And for the record - NO the AV software
wont help that -- Please I'm not trying to sell you AV software, just
trying to address your points!)


This is a complete falsehood.  Your entire reason for being in this thread
is to justify an iSeries AV product.  I was kind enough to originally say
that the product has usefulness in certain niche environments, and you went
on a FUD rampage.

The only point that matters is that iSeries AV software is of VERY limited
usefulness, and only under very specific circumstances.  None of the
arguments you have made changes that basic fact.

I've already explained that, I don't know what else to add. You should
check
them at the door. And keep checking them in case they were missed at the
door.


And you don't need to use your iSeries to do it, especially since the
iSeries more than likely isn't actually looking at the places you are most
likely to get a virus!

As I said before, I have dealt with several cases of iSeries being
affected by viruses running elsewhere on the network.


This has nothing to do with iSeries AV software.  Trying to sell iSeries AV
software based on the fact that an infected PC is causing network problems
is either deceitful or stupid.  As is comparing the iSeries to Typhoid Mary.
You won't spread infections in your network if you stop them in the first
place, and the only way that the iSeries can be the zero-point of an
infection is if you have an unprotected inbound infection vector.

<sigh>

I'm done here.

Joe