Phil, I thought we DID emphasis importance of the trusted translator. A couple of extracts from the whitepaper. I have added the bold emphasis here; it is not in the original paper: 'OS/400 is shipped with a âtrusted translator.â It is one of the key architectural features in OS/400 that provides protection against viruses. The translator takes intermediate code produced as a result of a compile operation and changes it into hardware instructions. The trusted translator only produces âvalidâ OS/400 programs. By definition, a valid program does not contain viruses.' 'Three global controls (system values) allow iSeries administrators to take complete control over what is restored onto the system. Â <snip> Â You can use Force Conversion on Restore (QFRCCVNRST) system value to require that all executable objects be âre-translatedâ (i.e. re-generate the hardware instructions) by the systemâs trusted translator before they are restored. This assures that if an executable object being restored to your system did contain a virus, the executable object is clean after it is restored. If an executable object fails re-translation, it will not be restored to the system. The ability to re-generate hardware instructions and remove potential viruses from a program object is unique to OS/400. Â<snip> Patrick Botz These are my opinions and not those of my employer. "Hall, Philip" <phall@xxxxxxxx> Sent by: To security400-bounc "Security Administration on the es@xxxxxxxxxxxx AS400 / iSeries" <security400@xxxxxxxxxxxx> cc 03/10/2004 10:03 PM Subject RE: [Security400] White Paper on OS/400 Virus Resistance Please respond to Security Administration on the AS400 / iSeries > -----Original Message----- > From: Mike.Crump@xxxxxxxxxxxxxxxx [mailto:Mike.Crump@xxxxxxxxxxxxxxxx] > Subject: [Security400] White Paper on OS/400 Virus Resistance > > I've been looking for something that let's me communicate where > OS/400 differs from the other operating systems and this does the > job for me..... One thing that I wish the authors would have done is really stressed the importance of the use of the 'trusted translator'. Almost all of the 'nasties' they mention; manufacturing pointers, fooling CHKOBJITG, etc., *are* doable on the iSeries. Don't make the mistake (or be lulled into believing) that it can't be done. The trusted translator (Force Conversion on Restore) is the best protection you have. --phil
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.