At 3/27/2012 11:19 AM, Pinnacle wrote:
There is a mainframe product that protects against malicious
software. It's called SAF, and it interfaces with ESM's like RACF,
or ACF2, or TopSecret.
"SAF" is not a product. It stands for "System Access Facility" and it
is nothing more than an interface within z/OS into which a security
system (such as ACF2, TopSecret and any ryo security system) can plug
into to receive and respond to security calls. It really has nothing
to do with anti-virus protection. For more information, see
"<http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com.ibm.zos.zsecurity/zsecc_030.htm>http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com.ibm.zos.zsecurity/zsecc_030.htm
"
It [z/OS] is the only operating system out there with built-in
anti-virus protection. On top of that, the hardware itself actively
protects against damage through storage keys, protected memory, etc.
You have to explain to the auditors that anti-virus software is not
needed on z/OS, because it's intrinsic to the operating system and
the hardware.
I think you seriously misunderstand what a virus is...
Yes, z/OS has exceptional security (and integrity and reliability)
features for protecting against non-authorized programs. But I must
emphasize... -->NON<--authorized programs!
When it comes to AUTHORIZED programs, z/OS's integrity (which is what
you are talking about with "storage keys" and such) is very good, but
of course not bulletproof. Worse though, when it comes to SECURITY,
there are some real problems! Because with the proper knowledge, it
is TRIVIALLY EASY FOR AN AUTHORIZED PROGRAM TO SUBVERT SECURITY COMPLETELY!
This is what mainframers constantly forget regarding security. For
authorized programs there is no security. All that is necessary for a
malicious program to do is to Trojan-horse its way (with the AC(1)
attribute) into an authorized library, and you're done for!
This is something I've brought up on this listserv from time to time
before. In particular, for more information, please read a prior post
of mine at
"<https://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&I=-3&X=6EB01556E36E4D9CAC&Y=dbcole%40colesoft.com&d=No+Match%3BMatch%3BMatches>https://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&I=-3&X=6EB01556E36E4D9CAC&Y=dbcole%40colesoft.com&d=No+Match%3BMatch%3BMatches
".
And please... stop confusing security with integrity. They are not
the same. The "hardware protections" that so many people mention are
not security protections, they are integrity protections. They help
to keep careless programs from accidentally breaking things. When it
comes to authorized programs, these "hardware protections" offer no
protection at all!
As far as I know there is no serious anti-virus program for
mainframes. I believe strongly that there needs to be one, but I
don't know of one. And at this stage of the mainframe culture, I
would be seriously suspicious of the efficacy of any program that
claimed to be anti-virus. I don't think that a serious mainframe
anti-virus program can exist unless and until IBM itself makes a
commitment to support an effort to make the mainframe anti-virus proof.
Dave Cole REPLY TO: [email protected]
ColeSoft Marketing WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road VOICE: 540-456-8536
Afton, VA 22920 FAX: 540-456-6658
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
