× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2008

RE: Anti-virus for i5OS

I can't speak for everything, but I have installed TAATOOL and AJS
without using QSECOFR. Also PowerTech, Domino, WebSphere, MQ Series,
Content Manager, Cybermation ESP and many others. I only remember one
thing that truly required use of the QSECOFR profile, but I didn't end
up installing that (for that reason) and it's been so long ago that I
don't remember what it was.

When I referred to the O/S, I was referring to the base O/S, in which
you have no choice because you have no other profiles available to use.
LPPs are not technically O/S.

Others can speak with more authority than I, but the bottom line is that
if a software package requires you to install as QSECOFR then they are
probably doing something under the covers that you need to know about.

In most cases users and applications request far more authority than is
required to do the job. It doesn't help that we work on a secure system
if we pay no attention to or disable the built-in security.

I'll say it again, if a vendor wants to require me to sign on as QSECOFR
for installation or requires some part of their application to run as
QSECOFR they'd better be able to give me a good justification. And I
don't currently know of any.

Regards,

Scott Ingvaldson
Senior IBM Support Specialist
Fiserv Midwest



-----Original Message-----
From: ALopez@xxxxxxxxxx [mailto:ALopez@xxxxxxxxxx]
Sent: Tuesday, April 01, 2008 2:04 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Anti-virus for i5OS

Seriously, I never install anything under QSECOFR. If something did
actually require use of QSECOFR to install I would tell the vendor to
fix it before I would install it. If IBM can avoid requiring QSECOFR
access for everything except the OS I would say that everyone else
should too.

I read statements like this and shrug my shoulders. Do you refuse to
use TAATOOL because it requires installation as QSECOFR? So much the
worse for you.

Does your change management software install as QPGMR? If so, how does
it promote software to production level, which presumably is run as
something other the QPGMR? If your change management software can truly
control what gets moved into production, what difference does it make
whether it's installed as QSECOFR or not? It already has access to the
very reason for having the system.

Even more questionable: if I install IBM's Advanced Scheduler, I do so
as QSECOFR since it's "part of the operating system". If I choose to
use Robot, I shouldn't install it under QSECOFR because it isn't? They
both do the same thing. What's the difference?

I'll certainly agree that too many packages run under faulty security
schemes. But saying that you won't install anything other than the
operating system as QSECOFR either limits the usefulness of your system
or is completely disingenuous.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.