Bytware Unveils Anti-Virus Support for iSeries Linux
October 4, 2005 Alex Woodie
In 2003, Bytware helped uncover the misconceptions of iSeries security impenetrability and virus immunity with StandGuard Anti-Virus, which eradicates Windows viruses that can infect the iSeries’ Integrated File System (IFS). As one might expect, a similar threat exists for Linux worms and viruses to infect the IFS. Although there is not nearly the volume of malware for Linux as there is for Windows, iSeries shops now have a means to protect themselves through StandGuard Anti-Virus for Linux, which becomes available this month.
The iSeries has a remarkable, and well-deserved, reputation as an extremely secure computer platform on which to conduct business. Its object-oriented operating system, OS/400 (recently renamed i5/OS), keeps a very compartmentalized view of the world, and is not easily tricked into running unauthorized programs like viruses and worms.
For this reason, some people have concluded that the iSeries is virus-proof. However, this conclusion is incorrect. While there has never been a report of a wild OS/400 virus, it is nevertheless technically possible, and when it comes to guest operating systems and file systems, that assertion it is not even remotely close to being correct. In fact, the iSeries resembles the infamous Typhoid Mary when it comes to viruses on its IFS: while OS/400 is unfazed by the nasty bits of code, it can keep the numerous PC clients it serves perpetually infected with them, if pains aren’t taken to keep viruses off the IFS.
In 2003, Bytware unveiled StandGuard Anti-Virus (StandGuardAV). This product provides a native OS/400 scanner for detecting and eliminating Windows viruses, worms, and other malware, which pose the greatest threat in most iSeries networks. However, there are also viruses and worms written for Linux, which is growing in popularity for basic infrastructure tasks, such as file and print serving.
Last month at the COMMON conference in Orlando, Florida, Bytware announced StandGuardAV for Linux, which will protect Linux partitions running on iSeries servers, as well as standalone Linux boxes, from infection by Linux worms, viruses, and assorted malware.
StandGuardAV for Linux is based on the same McAfee antivirus scanning technology that the original StandGuardAV product is based on. The two products can also share similar GUI management consoles, which will make it easier for administrators to schedule and perform virus scans and take action when viruses are found.
StandGuardAV for Linux can detect an assortment of Linux viruses, including those hidden in compressed files, macro and script viruses, encrypted and polymorphic viruses, and viruses embedded in executable files and OLE compound documents, Bytware says. It also detects Trojan horses, worms, and other types of malware, including “root kits,” which are applications that invade a Linux server and acquire root privileges (equivalent to SECOFR authority in OS/400) for the user, a common first step in Linux infection.
Like the original StandGuardAV product, the Linux version is updated using DAT files downloaded directly from McAfee.
So what is the situation with Linux security? Should users be as concerned about Linux being used to distribute viruses as they are about Windows? Yes and no.
On the one hand, the iSeries can provide a safe-haven for any type of virus on the IFS, which could lead to users repeatedly becoming re-infected with malware when they connect to the iSeries. Bytware has seen this occur with Windows viruses on the IFS, and there’s reason to expect the same will happen with Linux. The real concern here isn’t Linux-based viruses, since there are so few Linux-based PCs in use compared to Windows-based PCs. The real concern is Windows viruses, and the capability of Linux servers being used to distribute Windows viruses.
Questions have been raised recently about the security of Linux as a whole. One security analyst group, mi2g from the U.K., published a study last year that concluded Apple‘s OS/X and Berkeley Software Distribution (BSD) operating systems were the safest operating systems, and Linux the least safe–even less safe than Windows–when it comes to hackers.
The group concluded this based on a study that found 65 percent of 235,000 successful attacks against permanently connected computers from November 2003 to October 2004 were against computers running Linux, while only 25 percent of the computers were running Windows. OS X and BSD accounted for less than five percent of the attacks, which led mi2g to its conclusion. (Of course, there is no mention of OS/400 in the reports, which is the way IBM and OS/400 shops like it.) The group was roundly criticized for its report, but it stands by its findings concerning Linux.
On the other hand, while there are numerous vulnerabilities in Linux distributions that could provide hackers with back-door access to un-patched e-mail, print, file, or Web servers, m2ig found the virus situation is not as critical on Linux as it is on Windows. The group concluded that nearly all security breaches due to viruses, worms, and other malware involved Windows machines, and that there was no “significant economic damage” done as a result of malware on Linux, BSD, Mac OS X, or other open-source-based operating systems.
Despite the small threat posed by Linux viruses, there are Linux viruses in the wild, including ones like Bliss, Staog, Remote Shell Trojan, Ramen, Lion, and Slapper, and best practices dictate companies do something to protect themselves from them. If the increase in Linux servers and the number of viruses overall is any indication, the number of viruses and the market for Linux antivirus solutions are also growing. Now you can count Bytware among the likes of Avast, ClamAV, Computer Associates, Central Command, F-Secure, Kaspersky Lab, RAE Internet, Symantec, TrendMicro and others.
Bytware says StandGuardAV for Linux will ship near the middle of October. The Reno, Nevada, company will offer special pricing to existing StandGuardAV customers who purchase StandGuardAV for Linux. For more information, visit www.bytware.com.