Ooops. Thanks Ed.

There are 8 total possible values for QFRCCVNRST 0-7. So I meant set to
level 7.

Patrick Botz


----- Forwarded by Patrick Botz/Rochester/IBM on 10/30/2002 03:36 PM -----

                      Ed Fishel
                                               To:       Patrick 
Botz/Rochester/IBM@IBMUS
                      10/30/2002 03:13         cc:
                      PM                       From:     Ed 
Fishel/Rochester/IBM@IBMUS
                                               Subject:  (no subject)






Pat,

> Set QFRCCVNRST to level 8 (don't let anything on that can't be
retranslated).

That should have been level 7, there is no level 8.

Ed Fishel,
edfishel@us.ibm.com
507-253-2119  or tie line 553-2119
----- Forwarded by Ed Fishel/Rochester/IBM on 10/30/2002 03:11 PM -----

                      Patrick
                      Botz/Rochester/IBM        To:       
midrange-l@midrange.com
                      @IBMUS                    cc:
                      Sent by:                  Subject:  (no subject)
                      midrange-l-admin@m
                      idrange.com


                      10/30/2002 02:30
                      PM
                      Please respond to
                      midrange-l





From: Leif Svalgaard <leif@leif.org>
> If you had a malware checker
> that, for instance, could check a save file before you restored
> anything from it, you would have a somewhat better defense.
> If malware is detected, have the vendor explain what is does
> and why it is there.
A malware checker is not sufficient. It has the same problem as a virus
scanner; you can only update the malware checker after something has been
unleashed.

A much better alternative is to always retranslate anything that comes on
your system and not let it on if it can't be retranslated.  By always
retranslating, you can remove any viruses that *might* be there without
having to know for sure if there are any.

You can do this today in V5R2. Configure your system to force retranslation
of executables. Also use the service tools lockdown system values function
so no install exit can change the system during install and change it back.

Set QFRCCVNRST to level 8 (don't let anything on that can't be
retranslated). Anything that gets retranslated is guaranteed not to be
malware. If the application doesn't work after retranslating it's most
likely because patches added by the vendor, programmer, interloper were
removed. If it won't retranslate it's because: 1) the program was compiled
prior to V5R1 and had observability removed; the creation templates (that
are used to do the retranslation) were hacked in such a way that they were
not understandable by the translator.

Three system values in V5R2 now work as a set of filters that allow you
very tight controll over what comes on your system. QVFYOBJSGN, QFRCCVNRST,
QALWOBJRST. If you set all of these on your production system to their most
restrictive values and lock down system values, you have a system that is
easy to manage and difficult for anyone to distribute unwanted patched
programs to your system. When installing software from trusted sources you
have your choice of relaxing the system values during installation or, if
they have not informed you of any *non-standard* implementations or of
programs that adopt authority or use setuid(), you can install everything
at the strictest level. If the install fails or the product fails it's a
pretty good idea that the provider did something that could impact security
or integrity on your system that they didn't tell you about.  They either
didn't tell you because they don't understand security or because they
understand it very well and don't want you to know.

P.S. Retranslation is not related to observabilty in V5R1 and greater. You
can remove observability in V5R1 and still retranslate a program. Prior to
V5R1, removing observability removed the source code and the *translation
templates*. In V5R1 and greater removing observability only removes the
source code.

Patrick Botz


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.










As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.