Agreed. In order for a virus to have any effect on VM it would have to be written in such a way as to launch itself and run in CMS in a user virtual machine (extremely unlikely) and/or infect CP itself (next to impossible, if not completely impossible - certainly impossible from a non-priviledged virtual machine which your Linux/390's should be).
So the long and short of it is that even if you were to receive a virus on Linux/390, you are 99.999999999% sure it cannot effect VM in any way, with exceptions noted. Michael Coffin, VM Systems Programmer Internal Revenue Service - Room 6527 1111 Constitution Avenue, N.W. Washington, D.C. 20224 Voice: (202) 927-4188 FAX: (202) 622-3123 [EMAIL PROTECTED] -----Original Message----- From: Tzafrir Cohen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: Re: Newbie Virus question On Wednesday, February 05, 2003, Bill Stermer wrote: > Hi to all listers, > > We are still trying to get our management to buy off on Linux/390 and > commit to a zSeries upgrade along the way. During the round table > talks we were asked about virus protection and cross platform (Linux > to VM) damage possibilities. I have heard about Linux infections > before but had not heard about any mainframe specific virus that could > cross platforms. What about you folks on the list? Any virus mutations > that you are aware of which could be problematic to a newbie? There are very few linux worms. And this is not because it is difficult to write one (anybody for a shell virus?) but because: * linux (like most server-originated systems) systems were designed in advance to be multi-user systems (where a user cannot harm the system). Anything that allows a user to gain more priviliges is considered a hole that should be fixed immeditely (even if it is "theoretical"). * The syste is quite modular. Applying changes is generally quite easy. Systems tend to be kept up-to-date with security patches. (you're not afraid that they're going to break too much). As for a cross-platform "virus": it is theoretically possible, but not very likely. THe problem is a "worm", that is able to automatically infect other systems. Normally it wouldn't be able to "infect" a system, unless that system is very badly broken. Many of those holes require some platform-spesific code. It is possible to adapt the worm for multiple kinds of hosts and this has been done in the past. But most arent. At least not when you have so many poorly-maintained intel boxes that largely outnumber the other archtectures. (which are typically servers that are better maintained). (That doesn't mean you shoudn't secure your system, of course!) Anyway, there is no reason to run a virus scanner on linux, other than to scan data (files/mails/etc.) used by windows/mac clients (even if some vendors, like Symantec, would like you to believe otherwise). -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir
