And, if someone builds an anti-virus program for z/OS, please tell me before you announce it publicly. I know some out-source companies I would like to buy stock in because MIPS are going way up.
Lloyd ----- Original Message ---- From: David Cole <dbc...@colesoft.com> To: IBM-MAIN@bama.ua.edu Sent: Tue, March 27, 2012 1:01:34 PM Subject: Re: Malicious Software Protection At 3/27/2012 11:19 AM, Pinnacle wrote: > There is a mainframe product that protects against malicious software. It's >called SAF, and it interfaces with ESM's like RACF, or ACF2, or TopSecret. "SAF" is not a product. It stands for "System Access Facility" and it is nothing more than an interface within z/OS into which a security system (such as ACF2, TopSecret and any ryo security system) can plug into to receive and respond to security calls. It really has nothing to do with anti-virus protection. For more information, see "<http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com.ibm.zos.zsecurity/zsecc_030.htm>http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com.ibm.zos.zsecurity/zsecc_030.htm " > It [z/OS] is the only operating system out there with built-in anti-virus >protection. On top of that, the hardware itself actively protects against >damage >through storage keys, protected memory, etc. > You have to explain to the auditors that anti-virus software is not needed on >z/OS, because it's intrinsic to the operating system and the hardware. I think you seriously misunderstand what a virus is... Yes, z/OS has exceptional security (and integrity and reliability) features for protecting against non-authorized programs. But I must emphasize... -->NON<--authorized programs! When it comes to AUTHORIZED programs, z/OS's integrity (which is what you are talking about with "storage keys" and such) is very good, but of course not bulletproof. Worse though, when it comes to SECURITY, there are some real problems! Because with the proper knowledge, it is TRIVIALLY EASY FOR AN AUTHORIZED PROGRAM TO SUBVERT SECURITY COMPLETELY! This is what mainframers constantly forget regarding security. For authorized programs there is no security. All that is necessary for a malicious program to do is to Trojan-horse its way (with the AC(1) attribute) into an authorized library, and you're done for! This is something I've brought up on this listserv from time to time before. In particular, for more information, please read a prior post of mine at "<https://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&I=-3&X=6EB01556E36E4D9CAC&Y=dbcole%40colesoft.com&d=No+Match%3BMatch%3BMatches>https://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&I=-3&X=6EB01556E36E4D9CAC&Y=dbcole%40colesoft.com&d=No+Match%3BMatch%3BMatches ". And please... stop confusing security with integrity. They are not the same. The "hardware protections" that so many people mention are not security protections, they are integrity protections. They help to keep careless programs from accidentally breaking things. When it comes to authorized programs, these "hardware protections" offer no protection at all! As far as I know there is no serious anti-virus program for mainframes. I believe strongly that there needs to be one, but I don't know of one. And at this stage of the mainframe culture, I would be seriously suspicious of the efficacy of any program that claimed to be anti-virus. I don't think that a serious mainframe anti-virus program can exist unless and until IBM itself makes a commitment to support an effort to make the mainframe anti-virus proof. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow Road VOICE: 540-456-8536 Afton, VA 22920 FAX: 540-456-6658 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
