Bytware Unveils Anti-Virus Support for iSeries Linux

October 4, 2005 Alex Woodie

In 2003, Bytware helped uncover the misconceptions of iSeries security impenetrability and virus immunity with StandGuard Anti-Virus, which eradicates Windows viruses that can infect the iSeries’ Integrated File System (IFS). As one might expect, a similar threat exists for Linux worms and viruses to infect the IFS. Although there is not nearly the volume of malware for Linux as there is for Windows, iSeries shops now have a means to protect themselves through StandGuard Anti-Virus for Linux, which becomes available this month.

The iSeries has a remarkable, and well-deserved, reputation as an extremely secure computer platform on which to conduct business. Its object-oriented operating system, OS/400 (recently renamed i5/OS), keeps a very compartmentalized view of the world, and is not easily tricked into running unauthorized programs like viruses and worms.

For this reason, some people have concluded that the iSeries is virus-proof. However, this conclusion is incorrect. While there has never been a report of a wild OS/400 virus, it is nevertheless technically possible, and when it comes to guest operating systems and file systems, that assertion it is not even remotely close to being correct. In fact, the iSeries resembles the infamous Typhoid Mary when it comes to viruses on its IFS: while OS/400 is unfazed by the nasty bits of code, it can keep the numerous PC clients it serves perpetually infected with them, if pains aren’t taken to keep viruses off the IFS.

In 2003, Bytware unveiled StandGuard Anti-Virus (StandGuardAV). This product provides a native OS/400 scanner for detecting and eliminating Windows viruses, worms, and other malware, which pose the greatest threat in most iSeries networks. However, there are also viruses and worms written for Linux, which is growing in popularity for basic infrastructure tasks, such as file and print serving.

Last month at the COMMON conference in Orlando, Florida, Bytware announced StandGuardAV for Linux, which will protect Linux partitions running on iSeries servers, as well as standalone Linux boxes, from infection by Linux worms, viruses, and assorted malware.

StandGuardAV for Linux is based on the same McAfee antivirus scanning technology that the original StandGuardAV product is based on. The two products can also share similar GUI management consoles, which will make it easier for administrators to schedule and perform virus scans and take action when viruses are found.

StandGuardAV for Linux can detect an assortment of Linux viruses, including those hidden in compressed files, macro and script viruses, encrypted and polymorphic viruses, and viruses embedded in executable files and OLE compound documents, Bytware says. It also detects Trojan horses, worms, and other types of malware, including “root kits,” which are applications that invade a Linux server and acquire root privileges (equivalent to SECOFR authority in OS/400) for the user, a common first step in Linux infection.

Like the original StandGuardAV product, the Linux version is updated using DAT files downloaded directly from McAfee.

So what is the situation with Linux security? Should users be as concerned about Linux being used to distribute viruses as they are about Windows? Yes and no.

On the one hand, the iSeries can provide a safe-haven for any type of virus on the IFS, which could lead to users repeatedly becoming re-infected with malware when they connect to the iSeries. Bytware has seen this occur with Windows viruses on the IFS, and there’s reason to expect the same will happen with Linux. The real concern here isn’t Linux-based viruses, since there are so few Linux-based PCs in use compared to Windows-based PCs. The real concern is Windows viruses, and the capability of Linux servers being used to distribute Windows viruses.

Questions have been raised recently about the security of Linux as a whole. One security analyst group, mi2g from the U.K., published a study last year that concluded Apple‘s OS/X and Berkeley Software Distribution (BSD) operating systems were the safest operating systems, and Linux the least safe–even less safe than Windows–when it comes to hackers.

The group concluded this based on a study that found 65 percent of 235,000 successful attacks against permanently connected computers from November 2003 to October 2004 were against computers running Linux, while only 25 percent of the computers were running Windows. OS X and BSD accounted for less than five percent of the attacks, which led mi2g to its conclusion. (Of course, there is no mention of OS/400 in the reports, which is the way IBM and OS/400 shops like it.) The group was roundly criticized for its report, but it stands by its findings concerning Linux.

On the other hand, while there are numerous vulnerabilities in Linux distributions that could provide hackers with back-door access to un-patched e-mail, print, file, or Web servers, m2ig found the virus situation is not as critical on Linux as it is on Windows. The group concluded that nearly all security breaches due to viruses, worms, and other malware involved Windows machines, and that there was no “significant economic damage” done as a result of malware on Linux, BSD, Mac OS X, or other open-source-based operating systems.

Despite the small threat posed by Linux viruses, there are Linux viruses in the wild, including ones like Bliss, Staog, Remote Shell Trojan, Ramen, Lion, and Slapper, and best practices dictate companies do something to protect themselves from them. If the increase in Linux servers and the number of viruses overall is any indication, the number of viruses and the market for Linux antivirus solutions are also growing. Now you can count Bytware among the likes of Avast, ClamAV, Computer Associates, Central Command, F-Secure, Kaspersky Lab, RAE Internet, Symantec, TrendMicro and others.

Bytware says StandGuardAV for Linux will ship near the middle of October. The Reno, Nevada, company will offer special pricing to existing StandGuardAV customers who purchase StandGuardAV for Linux. For more information, visit www.bytware.com.

Text.

Tags:

Revolutionary Performance Management Software

At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

OUR FEATURES

PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

Customizable Performance Reporting

Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

User Defined Performance Guidelines

No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

Understanding The Impact Of Change

Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

Comprehensive Executive Summary

Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

Combined Real-Time Monitor And Performance Analysis Tool

With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

Cloud Performance Reporting Is Easy

Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

Detailed Job Analysis

PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

Save Report Capability

Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

Professional PDF Reporting With Branding

Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

Check it out at perfscan.com

Admin Alert: Limiting the Long Reach of OS/400 Security Officers REXX Can Talk to Other Languages

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search