|
Ooops. Thanks Ed. There are 8 total possible values for QFRCCVNRST 0-7. So I meant set to level 7. Patrick Botz ----- Forwarded by Patrick Botz/Rochester/IBM on 10/30/2002 03:36 PM ----- Ed Fishel To: Patrick Botz/Rochester/IBM@IBMUS 10/30/2002 03:13 cc: PM From: Ed Fishel/Rochester/IBM@IBMUS Subject: (no subject) Pat, > Set QFRCCVNRST to level 8 (don't let anything on that can't be retranslated). That should have been level 7, there is no level 8. Ed Fishel, edfishel@us.ibm.com 507-253-2119 or tie line 553-2119 ----- Forwarded by Ed Fishel/Rochester/IBM on 10/30/2002 03:11 PM ----- Patrick Botz/Rochester/IBM To: midrange-l@midrange.com @IBMUS cc: Sent by: Subject: (no subject) midrange-l-admin@m idrange.com 10/30/2002 02:30 PM Please respond to midrange-l From: Leif Svalgaard <leif@leif.org> > If you had a malware checker > that, for instance, could check a save file before you restored > anything from it, you would have a somewhat better defense. > If malware is detected, have the vendor explain what is does > and why it is there. A malware checker is not sufficient. It has the same problem as a virus scanner; you can only update the malware checker after something has been unleashed. A much better alternative is to always retranslate anything that comes on your system and not let it on if it can't be retranslated. By always retranslating, you can remove any viruses that *might* be there without having to know for sure if there are any. You can do this today in V5R2. Configure your system to force retranslation of executables. Also use the service tools lockdown system values function so no install exit can change the system during install and change it back. Set QFRCCVNRST to level 8 (don't let anything on that can't be retranslated). Anything that gets retranslated is guaranteed not to be malware. If the application doesn't work after retranslating it's most likely because patches added by the vendor, programmer, interloper were removed. If it won't retranslate it's because: 1) the program was compiled prior to V5R1 and had observability removed; the creation templates (that are used to do the retranslation) were hacked in such a way that they were not understandable by the translator. Three system values in V5R2 now work as a set of filters that allow you very tight controll over what comes on your system. QVFYOBJSGN, QFRCCVNRST, QALWOBJRST. If you set all of these on your production system to their most restrictive values and lock down system values, you have a system that is easy to manage and difficult for anyone to distribute unwanted patched programs to your system. When installing software from trusted sources you have your choice of relaxing the system values during installation or, if they have not informed you of any *non-standard* implementations or of programs that adopt authority or use setuid(), you can install everything at the strictest level. If the install fails or the product fails it's a pretty good idea that the provider did something that could impact security or integrity on your system that they didn't tell you about. They either didn't tell you because they don't understand security or because they understand it very well and don't want you to know. P.S. Retranslation is not related to observabilty in V5R1 and greater. You can remove observability in V5R1 and still retranslate a program. Prior to V5R1, removing observability removed the source code and the *translation templates*. In V5R1 and greater removing observability only removes the source code. Patrick Botz _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.