IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

Is there VIRUS in Mainframe


IBM Mainframe Forums -> Mainframe Interview Questions
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
logaas

New User


Joined: 19 Feb 2005
Posts: 25
Location: chennai

PostPosted: Thu Sep 01, 2005 9:59 am
Reply with quote

Hi


Is there a virus concepts in Mainframe as in the case of Microsoft. Please can any one explain me



Regards

Logaas
Back to top
View user's profile Send private message
Rupesh.Kothari

Member of the Month


Joined: 27 Apr 2005
Posts: 463

PostPosted: Thu Sep 01, 2005 10:32 am
Reply with quote

Hi,

Yet I have not heard Virus in Mainframe.

It is one of the advantage of Mainframe that it is Virus Free.

Regards
Rupesh
Back to top
View user's profile Send private message
ravikumarreddy
Warnings : 1

New User


Joined: 29 Jul 2005
Posts: 23

PostPosted: Thu Sep 01, 2005 10:59 am
Reply with quote

yes u given exact information,....rupesh

if any virus is there lets help me if i am wrong.


ravi..
Back to top
View user's profile Send private message
radhakrishnan82

Active User


Joined: 31 Mar 2005
Posts: 435
Location: chennai, India

PostPosted: Thu Sep 01, 2005 2:17 pm
Reply with quote

I agree that mainframe is virus free.
Is it possible to inject virus into mainframe when we try to FTP from local pc to mainframe?? icon_confused.gif

I haven't tested it,till.Did anyone?Someone pls do the testing and let me know it icon_smile.gif .
Back to top
View user's profile Send private message
spanda

New User


Joined: 31 Aug 2005
Posts: 48
Location: U.K.

PostPosted: Fri Sep 02, 2005 4:58 pm
Reply with quote

Hello all,

Mainframes can have viruses just like any other O/S. Try writing a REXX or a CLIST that will set itself up as a start-up script when somebody logs on and delete all the user datasets. Or even leave its own copy in another user's startup script. Or if I was devious enough, I will set up a file transfer job that will leave this script on another MVS system and delete all datasets with the local TSO prefix (ISPF is the default HLQ, isn't it?)

Depending on the RACF access you have got, you can do irreparable damage to the system.

Did I just explore my evil side? icon_wink.gif

p.s. RACF is a four-lettered word!

Cheers,
Panda.
Back to top
View user's profile Send private message
mmwife

Super Moderator


Joined: 30 May 2003
Posts: 1592

PostPosted: Tue Sep 06, 2005 2:05 am
Reply with quote

The key to any "virus" to do damage in ANY environment is the ability to attain EXECUTION capability in the environment. If you can't execute you really can't do damage.

Given that control the "virus" must acquire the "authority" to access/change data and pgms.

These 2 attributes are difficult (but not impossible) to attain in a mainframe environment. In PC environments it's relatively easy. Remember, when you open an e-Mail and see those cute little thingys dancing around, they're really pgm code executing on your CPU.

Mainframe Sysprogs are the logical people to have this kind of access and authority. If I were prone to do those kinds of things, I'd find the bar (tavern) where these guys hung out and see what I could hear. Maybe even get an invite to their shop and snoop around.
Back to top
View user's profile Send private message
radhakrishnan82

Active User


Joined: 31 Mar 2005
Posts: 435
Location: chennai, India

PostPosted: Tue Sep 06, 2005 10:04 am
Reply with quote

I would like to share one of the good articles which i read abt virus in mainframe.It speaks:

Are mainframe computers susceptible to computer viruses?

Yes. Numerous experiments have shown that computer viruses spread very
quickly and effectively on mainframe systems. To our knowledge,
however, no non-research computer virus has been seen on mainframe
systems.
Many people think that computer viruses are impossible on mainframe
computers, because their operating systems provide means of protection
(e.g., memory protection, access control, etc.) that cannot by bypassed
by a program, unlike the operating systems of most personal computers.
Unfortunately, this belief is false. As demonstrated by Fred Cohen in
1984, access controls are unable to prevent computer viruses--they can
only slow down the speed with which viruses spread.
If there is a
transitive path of information flow from one account to another on a
mainframe computer, then a virus can spread from one account to the
other, without having to bypass any protections.

Consider the following example. The attacker (A) has an account on a
machine and wants to attack it with a virus. In order to do this, A
writes a virus and releases it. Due to the protection provided by the
operating system, the virus can only infect the files writable by A. On
a typical system, those would be only the files owned by A.

However, A is not alone on the system. A works with B on some joint
projects. At some time, B might want to check how far A has progressed
in her/his part of the project. This might involve running one of the
programs that A has written--programs that are now all infected with A's
virus.

On a sytem with protection based on discretionary access controls (e.g.,
Unix, VMS, and most other popular OSes), the program that is being
executed usually runs with the privileges of the user who is executing
it--not with those of the program's owner. (In the few instances where
this is not the case, it presents a different kind of security threat,
unrelated to viruses.) That is, when B runs A's infected program, the
virus in it will run with B's privileges and will be able to infect all
programs writable by B.

At some later time, A and B's boss, C, might want to check whether they
have completed that joint project. Even if the boss has reasons to
suspect A (e.g., as a disgruntled employee), s/he is likely to trust B
and execute one of her/his programs. This results in the virus running
with C's privileges (which are likely to be significantly greater than
those of A and B) and infecting all programs writable by C. Quite
possibly, these programs will include many owned by other employees,
thus creating many more distribution chains that nobody suspects.

The virus may interfere somehow with C's normal work, which causes C
(who is probably not very knowledgeable about such things as computer
security and viruses) to ask the system administrator, D, for help. If
D executes one of C's infected programs (and s/he is much more likely to
trust a respectable person like C--who is quite probably D's boss as
well--than any of C's employees), this will cause the virus that A wrote
a long time ago to run with system administrator privileges and do
whatever it wants with the system--infect other users' files, attack
other systems, etc.

A trivial improvement of the above scenario (in terms of speeding up the
virus' spread) would be for the attacker to place the virus in some kind
of Trojan Horse--for example, in an attractive game or utility--placed
in a publicly accessible area.

Why, then, are there so many fewer viruses for mainframe computers than
for personal ones? The answer to this question is complex.

1.Writing a well-made mainframe virus--one that does not cause problems
and is likely to remain unnoticed--is not a trivial task. It requires a
lot of knowledge about the operating system. This knowledge is not
commonly available and the typical youngster who is likely to hack a
quick-and-dirty PC virus is unlikely to possess it or be in a position
to learn it. People who possess this knowledge are likely to use it in
more constructive, satisfying, and profitable ways.
2.The culture of software exchange in the mainframe world differs considerably from that of the PC world--we don't see many VMS users running around with a bootable tape of the latest game...
3.Very often it is easier to attack a mainframe computer by using some security hole or a Trojan
Horse, instead of by using a virus.

So, computer viruses for mainframe computers are definitely possible and
several already exist . Also, some IBM PC viruses can
infect any IBM PC compatible machine, even if it runs a "real" OS like
Unix.
Forms of malware other than computer viruses--notably Trojan Horses--are
far quicker, more effective, and harder to detect than computer viruses.
Nevertheless, on personal computers many more viruses are written than
Trojan Horses. There are two reasons for this:

1. Since a virus is self-propogating, the number of users to
which it can spread (and cause damage) can be much greater
than in the case of a Trojan;

2. It's almost impossible to trace the source of a virus since
(generally) viruses are not attached to any particular
program.
Back to top
View user's profile Send private message
MGIndaco

Active User


Joined: 10 Mar 2005
Posts: 432
Location: Milan, Italy

PostPosted: Tue Sep 06, 2005 8:53 pm
Reply with quote

Referring to this forum there are other interesting reply.
http://ibmmainframes.com/viewtopic.php?t=2563&highlight=virus
In my personal opinion a virus or a spyware can really affect mainframe quickly and the easy way is using some(but I think all) CM product(referring to your post radhakrishnan).
Back to top
View user's profile Send private message
ironmike

New User


Joined: 07 Aug 2005
Posts: 33

PostPosted: Wed Sep 07, 2005 6:22 am
Reply with quote

Nowithstanding radhakrishnan82's comments, including the article he quotes, z/OS is NOT vulnerable to computer viruses in the sense the popular press knows them (i.e., Microsoft Windows style viruses). z/OS security is the most robust of any commercially available OS on the planet. The cited article mentions UNIX and VMS; these are NOT z/OS, boys and girls. I doubt that the author ever worked on an IBM mainframe running z/OS. Doesn't sound like it, based on his comments.

Since IBM created the mainframe OS in the last 1960s, it has evolved through OS/360, MFT, MVT, SVS, MVS, VS1, VS2, MVS/XA, MVS/ESA, OS/390, and now z/OS. Each new release over all of those years added more and more security and reliability features. The design of z/OS makes virus propogation and destruction on a z/OS mainframe, for all practical purposes, impossible.

There is a very good reason you have never heard stories in the popular press about a computer virus infecting a mainframe system. It has never happened, and it is never going to happen!

Now, a disgruntled employee, before he leaves a company, can do quite a bit of internal damage to the files on a z/OS system. This is not a computer virus, but a different type of problem. z/OS is vulnerable to this type of damage, since the perpetrator is inside the security wall and is a 'trusted user', so to speak.
Back to top
View user's profile Send private message
radhakrishnan82

Active User


Joined: 31 Mar 2005
Posts: 435
Location: chennai, India

PostPosted: Thu Sep 08, 2005 10:16 am
Reply with quote

I agree that mainframes are relatively at a higher security level than other servers and pc's.
I deny that "It is never going to happen!(virus attack in mainframe)".
If it is so its well and good.There are few peoples in IBM who knows abt the complete security system in Mainframe.

Shall I come to few conclusions such as :
1.Even in virus(pc virus like worm,etc..) filled pc's,Mainframe can run without being attacked by it.
2.The pc virus doesnt know which memory it should affect in Mainframes.So PC virus cannot affect mainframe.
3.Even if you FTP a pc virus filled data to mainframe,its not being attacked by it.
Will the FTP'd virus in mainframe still be there while you ftp the same from mainframe to local pc.will that pc gets affected? icon_confused.gif
If it is so,Do mainframe responsible for transmitting virus from one pc to another during FTP process?.
(I think we have to do deadly testing on this one to prove it,true or false )

Its an interesting topic to dicuss with.
Back to top
View user's profile Send private message
MGIndaco

Active User


Joined: 10 Mar 2005
Posts: 432
Location: Milan, Italy

PostPosted: Thu Sep 08, 2005 10:06 pm
Reply with quote

Quote:
z/OS is vulnerable to this type of damage, since the perpetrator is inside the security wall and is a 'trusted user', so to speak.


I think that IronMike is right... in each case, to run a virus in a mf you must bypass its security, but it is also true, as said Radhakrishnan,(and I had a sample running xc (i can't write the original name) ) that a common ftp that can use a kind of remote command(as xc) and work from pc to Mf, usually store within, crypted or not, user & password to access directly to mf and so can (based on the profile of the user) do damage to an application or to the system.

But in this case the really virus is the man or woman that use a STC user for applications.... I think...

To return at my post I think that the only way to affect with a virus a mf is working with malicious intent or stupidity(that does not exist in mainframers)and using a CM product that usually work with high profile to manage the prod environment.

All the comment are wellcome...
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> Mainframe Interview Questions

 


Similar Topics
Topic Forum Replies
No new posts Mainframe openings in Techmahnidra fo... Mainframe Jobs 0
No new posts Mainframe Programmer with CICS Skill... Mainframe Jobs 0
No new posts How to Reformat a file using File Man... All Other Mainframe Topics 14
No new posts NDM getting stuck - mainframe/JCL All Other Mainframe Topics 13
No new posts REXX to send an email in Mainframe wi... CLIST & REXX 3
Search our Forums:

Back to Top