Protecting IBM i from the Wild Wild Web
October 21, 2014 Alex Woodie
When Tim Berners-Lee invented the World Wide Web more than 20 years ago, he couldn’t have known it would turn into the Wild Wild West, a place where people are forced to take pains to protect themselves from malicious marauders, lest they lose precious data and money. Today’s cybercriminals are experts at taking advantage of weakness, including using malware to exploit vulnerabilities in corporate IT systems, including IBM i.
While IBM i’s attack surface is smaller than other platform’s, its proximity to less well-designed systems (coughWindowscough) make it more vulnerable than it would otherwise be. No server is an island these days, and interconnectedness and integration is a source of competitive advantage in the business world. But those inter-server connections also create weaknesses in one’s security protections.
For example when the BlackPOS malware was loaded on Target’s Windows point of sale (POS) systems, it provided the gateway for cybercriminals to obtain credit card and account information stored in heavily fortified databases; BlackPOS is also suspected in the recent Home Depot breach.
There’s no reason to believe that IBM i servers were any way involved in the Target or Home Depot breaches. But the whole affair is a valuable case study in how to properly configure security protection in today’s WWW (Wild Wild West). Target and Home Depot undoubtedly took great pains to protect their central databases of customer information. They were PCI compliant, and didn’t store data on POS systems, per PCI requirements. But at the end of the day, it didn’t matter, because the POS itself was compromised. As the old saying goes, you’re only as strong as your weakest link.
And let’s not forget that IBM i itself is also susceptible to harboring Windows-based malware in the Integrated File System (IFS). There’s no silver bullet to detecting and eradicating viruses and other assorted creepers that may worm their way into the IFS. The level of risk goes up whenever an IBM i server is attached to Windows clients.
It’s a well-known vulnerability that IBM has not shied away from. In fact, IBM was instrumental in bringing together Bytware and McAfee more than a decade ago to develop a solution for this problem. That partnership has lasted to this day, and last week, Bytware (which is a HelpSystems subsidiary now) released an updated version of that product.
The big news with StandGuard Anti-Virus version 7.2 is support for the latest malware detection product, called the McAfee 5700 Anti-Malware Engine. According to McAfee, the new engine runs faster and can dig deeper into files where malware might hide.
The McAfee5700 introduces native unpacking support for newer versions of ASPack, a Windows compression utility; AutoIt, a free Windows scripting language; and MSI, a commonly used Windows installer. It also brings better detection of exploitable Java code; a new live-memory scanning feature for detecting and removing malicious processes, threads, and files in Windows.
All in all, the new engine will give good guys a leg up on the bad guys in the never-ending battle for the WWW. It’s not a permanent fix, since things change so quickly on the Web. But it should afford customers some advantage against today’s sophisticated threats, if only for a while.
Using the latest scanning engine is central to having an anti-virus strategy, according to Heather Beck, product support manager for HelpSystems. “It needs to be updated often to deploy new advances in technology and to provide the maximum amount of protection against threats,” Beck say in a press release. The enhancements in StandGuard Anti-Virus 7.2 “allows its users to stay one step ahead of the cybercriminals.”
The McAfee 5700 Anti-Malware Engine was originally unveiled in April, but it took some time for Bytware and McAfee engineers to ensure that the new system works properly on IBM i, where it runs as a native product. McAfee supports the engine running on Windows, Linux, and AIX, among other operating systems. For more info see www.bytware.com.