Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

Security Patrol: What I Hope You've Learned

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Patrol: What I Hope You've Learned

    ** This thread discusses the article: Security Patrol: What I Hope You've Learned **
    This is a discussion about Security Patrol: What I Hope You've Learned.

    Click here for the article.


  • #2
    Security Patrol: What I Hope You've Learned

    ** This thread discusses the article: Security Patrol: What I Hope You've Learned **
    The article states "CHKOBJITG is essentially a virus scanner" - this is not a correct statement. What CHKOBJITG can do is tell you if a digitally signed object has changed. It has nothing to do with viruses, other than the fact that if a virus changed an IBM object then that object would fail an integrity check. But it does not mean the object was infected with a virus, and most IBM objects can be changed without a virus (for example you can use many of the CHGXXX commands). But more importantly, it does nothing with real viruses that have infected a non-signed file - which is most (if not all) of the user files on the system. In order to have virus protection you need regularly updated dat files, CHKOBJITG has no dat files and is not updated as new viruses come out. It will not detect *any* of the 100,000+ viruses in circulation today. Place a virus in the IFS, run CHKOBJITG and you will see that *no* error messages are produced.

    Comment


    • #3
      Security Patrol: What I Hope You've Learned

      ** This thread discusses the article: Security Patrol: What I Hope You've Learned **
      Unfortunately the person making this posting obviously took my comments on CHKOBJITG out of context. In all of my writings I have never stated nor meant to imply that CHKOBJITG was a virus scanner for the IFS nor stated that it could detect an object in the IFS that had been infected with a virus. In fact, the paragraph previous to the one describing CHKOBJITG clearly states that virus scanning the IFS is a step not to be ignored. In other words, CHKOBJITG is NOT a substitute for virus scanning the IFS. CHKOBJITG checks OS/400 - the operating system - itself and is looking for areas that it could have been infected. Infected by one of the 100,000+ virus in the wild? No! It is looking for issues that are specific to OS/400 itself. It does far more than just check the digital signatures of the operating system objects. In fact, this command existed before the operating system was digitally signed. The types of changes that it detects have to do with the integrity of the object - not the simple attributes that can be changed with the CHGxxx commands. And the changes it detects could have been caused by a virus - that is, a virus written specifically for OS/400. This powerful command checks things that only SLIC developers know to check for. Does CHKOBJITG meet the "textbook" definition of a virus scanner? Probably not. But when has OS/400 ever followed textbook definitions? The responder is correct in that CHKOBJITG does not have a regularly updated .dat (or signature file). But just as a virus would have to be written very differently to run wild through OS/400, its virus scanner must be different as well. While updates to CHKOBJITG may not be forthcoming through regular updates as updates to traditional AV products do, it has received updates most releases of the operating system since its existence and may see updates via PTFs. So I stand by my claim that CHKOBJITG is essentially a virus scanner for the operating system - OS/400 - and that it should be run on a regular basis just as you need to run a virus scanner on a regular basis against the IFS. For more information on how OS/400 protects itself from viruses, please see the white paper that Patrick Botz, iSeries Security Architect and I co-wrote entitled, "Virus Got you Down?" available at http://www.skyviewpartners.com/java-...p/security.jsp

      Comment

      Working...
      X