RE: White Paper on OS/400 Virus Resistance

Phil,

I thought we DID emphasis importance of the trusted translator.

A couple of extracts from the whitepaper. I have added the bold emphasis
here; it is not in the original paper:

'OS/400 is shipped with a âtrusted translator.â It is one of the key
architectural features in
OS/400 that provides protection against viruses. The translator takes
intermediate code
produced as a result of a compile operation and changes it into hardware
instructions.
The trusted translator only produces âvalidâ OS/400 programs. By
definition, a valid
program does not contain viruses.'

'Three global controls (system values) allow iSeries administrators to take
complete
control over what is restored onto the system.
 <snip>
 You can use Force Conversion on Restore (QFRCCVNRST) system value to
require
that all executable objects be âre-translatedâ (i.e. re-generate the
hardware
instructions) by the systemâs trusted translator before they are restored.
This
assures that if an executable object being restored to your system did
contain a
virus, the executable object is clean after it is restored. If an
executable object fails
re-translation, it will not be restored to the system. The ability to
re-generate
hardware instructions and remove potential viruses from a program object is
unique
to OS/400.
Â<snip>

Patrick Botz
These are my opinions and not those of my employer.



                                                                           
             "Hall, Philip"                                                
             <phall@xxxxxxxx>                                              
             Sent by:                                                   To 
             security400-bounc         "Security Administration on the     
             es@xxxxxxxxxxxx           AS400 / iSeries"                    
                                       <security400@xxxxxxxxxxxx>          
                                                                        cc 
             03/10/2004 10:03                                              
             PM                                                    Subject 
                                       RE: [Security400] White Paper on    
                                       OS/400 Virus Resistance             
             Please respond to                                             
                 Security                                                  
             Administration on                                             
                the AS400 /                                                
                  iSeries                                                  
                                                                           
                                                                           




> -----Original Message-----
> From: Mike.Crump@xxxxxxxxxxxxxxxx [mailto:Mike.Crump@xxxxxxxxxxxxxxxx]
> Subject: [Security400] White Paper on OS/400 Virus Resistance
>
> I've been looking for something that let's me communicate where
> OS/400 differs from the other operating systems and this does the
> job for me.....

One thing that I wish the authors would have done is really stressed the
importance of the use of the 'trusted translator'. Almost all of the
'nasties' they mention; manufacturing pointers, fooling CHKOBJITG, etc.,
*are* doable on the iSeries. Don't make the mistake (or be lulled into
believing) that it can't be done.

The trusted translator (Force Conversion on Restore) is the best protection
you have.

--phil