• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • MyDoom Puts iSeries IFS in the Virus Spotlight

    February 10, 2004 Alex Woodie

    As the tidal wave of e-mails infected with the MyDoom virus continued to circulate across the Internet last week, OS/400 security software vendors emphasized the importance of checking the iSeries Integrated File System (IFS) for Windows viruses. Bytware, which launched the first native OS/400 virus scanner last year, reported that some of its customers found MyDoom on their IFS systems, while Kisco announced a new deal with Symantec to distribute Norton AntiVirus 2004 with Kisco’s OS/400 security software, for PC-based IFS scanning.

    By some experts’ estimates, MyDoom became the most prolific Windows virus to date when it hit the Internet two weeks ago. The virus, which travels by e-mail attachment, installs a stealth program when activated that turns the victim’s computer into a node used by the virus writers to launch denial-of-service attacks. The first MyDoom variant spawned a DoS attack that crashed the Web site of the The SCO Group, while a second variant was less successful in its attempt to bring down Microsoft‘s robust Web site.

    MyDoom can enter the iSeries IFS in two ways, according to Bytware, which is based in Reno, Nevada. It can get there through an e-mail that has passed through OS/400, or the worm can copy itself to the iSeries IFS from an infected client PC, without the user’s knowledge. Either way, once MyDoom, or any other virus, has entered the IFS, the only feasible way to remove it is to scan the IFS with antivirus software and delete the little bugger.

    For years, mapping the IFS to a PC equipped with standard antivirus software was the only way to treat an infected IFS. While such a process can get the job done, it requires a bit of manual work to configure, and it can create security holes of its own if not done correctly. (Check IBM’s Web site for tips on proper PC-based IFS scanning techniques.

    PC-based IFS antivirus scanning can also be extremely slow when there are many files in the IFS that need scanning, because it must move the files over the local area network. Also, PC-based scanning will not always clean all viruses from the IFS, Bytware says. For these and other reasons, a native OS/400 antivirus scanner provides a more elegant and secure solution, which is why it was on the iSeries’ Large User Group list of requirements for years.

    Last June the LUG’s wishes were answered when Bytware launched StandGuard Anti-Virus, which provides a native OS/400 implementation of Network Associates‘ McAfee antivirus software (see “Bytware Launches OS/400 Antivirus Software to Treat IFS Infections” for more product information). Bytware officials report that the product, which costs between $750 and $10,000 (depending on the processor size) per OS/400 logical partition to license, has been well-received in the marketplace.

    One company that uses Bytware’s StandGuardAV, Saint-Gobain Containers, in Muncie, Indiana, installed the software to cut IFS scan times, as well as to provide a second layer of antivirus protection. Saint-Gobain has two iSeries servers that used quite a bit of IFS space for WebSphere, Domino, and Netserver workloads, says Mike Crump, an employee in the company’s IT department. “Using our existing product [from antivirus software provider Sophos] with mapped drives worked fine, but we were getting huge run times,” he says. “In one case I cut my run time from six hours to one hour” with StandGuardAV.

    Like most shops that follow good security practices, Saint-Gobain also runs antivirus software on its front-end PCs, which provides real-time virus scanning of infected e-mails as they hit the company’s network. As a result, Crump has not discovered MyDoom, let alone any other virus, on his company’s OS/400 servers. “I do like the product,” Crump says of StandGuardAV. “The product is easy to install and implement. Processing product updates and definition updates is very nice. . . . It is a bit pricey, in some perspectives, but in our case it was worthwhile.”

    Another OS/400 shop found MyDoom on its iSeries IFS. The company’s IT administrator, who asked to remain anonymous, said MyDoom made its way into the IFS when infected e-mails sent to generic e-mail addresses, such as mike@companyx.com, actually corresponded with valid e-mail addresses at the company, even though those employees didn’t use OS/400’s e-mail facilities. (OS/400 gave them SMTP e-mail addresses by default.)

    The administrator had downloaded a trial version of Bytware’s StandGuardAV just as the MyDoom virus storm hit in late January. The administrator noted that StandGuardAV’s e-mail scanning capabilities picked up most of the viruses that bypassed their PC-based Norton AntiVirus defense and made it to the OS/400 SMTP server. However, a patch for the software the administrator installed caused StandGuardAV’s e-mail scanning capability to stop working, which is when StandGuardAV’s IFS scanning kicked in and found MyDoom. The administrator says that overall he was very pleased with the way StandGuardAV worked, and is considering licensing the software, provided the patch is fixed. Bytware is working with IBM to fix the problem.

    For those customers who can’t justify the native OS/400 antivirus solution, mapping a PC to the iSeries IFS for remains their only option for detecting viruses and worms on the IFS. OS/400 shops have been doing this for years, but recent publicity of the IFS’s penchant for serving as an unwitting Typhoid Mary-esque virus repository has stepped up vendors’ attention to the problem.

    Kisco Information Systems last week announced its antivirus solution for the IFS: an agreement with Symantec to distribute copies of Norton AntiVirus 2004 that are good for 90 days with the Advanced and Enterprise editions of its SafeNet/400 OS/400 network security and exit point software. Along with the copy of the Norton software, Kisco is providing a set of suggestions and procedures on how best to use Norton AntiVirus for periodic scanning of the iSeries IFS from a PC.

    Rich Loeber, president of the Saranac Lake, New York, software company, says his company’s approach to IFS scanning provides a “compromise” between a native OS/400 scanning solution and doing nothing. “There are areas of the IFS that probably need to be scanned only infrequently, and others more frequently,” he says. “If customers aggressively use any antivirus software at the various entry points where viruses originate, that is always going to be their best protection. Using the Norton AntiVirus will let them periodically check the vulnerable areas of the IFS just in case viruses get past the initial point of checking.”

    In December, Kisco launched new editions of its SafeNet/400 software that featured a new GUI management console (see the recent Kisco story.) SafeNet/400 Advanced includes the GUI and can manage a single OS/400 server, starting at $2,495 per server. SafeNet/400 Enterprise is similar to the advanced edition and adds the capability to manage multiple OS/400 servers; it starts at $4,495. Go to www.kisco.com for more information.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tech Insight: Good Ideas Whose Time Has Come What You Should Know About Activation Groups

    Leave a Reply Cancel reply

Volume 4, Number 6 -- February 10, 2004
THIS ISSUE
SPONSORED BY:

ProData Computer Svcs
PowerTech
Quadrant Software
AURA Equipements
Affirmative Computer

Table of Contents

  • Stonesoft to Launch Firewall and VPN for iSeries
  • iSeries Software Vendors Looking to Open Source Advantage
  • MyDoom Puts iSeries IFS in the Virus Spotlight
  • AmNet Ditches Intel Server Farm for iSeries Scalability

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24
  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle