Mainframes can have viruses just like any other O/S. Try writing a REXX or a CLIST that will set itself up as a start-up script when somebody logs on and delete all the user datasets. Or even leave its own copy in another user's startup script. Or if I was devious enough, I will set up a file transfer job that will leave this script on another MVS system and delete all datasets with the local TSO prefix (ISPF is the default HLQ, isn't it?)
Depending on the RACF access you have got, you can do irreparable damage to the system.
The key to any "virus" to do damage in ANY environment is the ability to attain EXECUTION capability in the environment. If you can't execute you really can't do damage.
Given that control the "virus" must acquire the "authority" to access/change data and pgms.
These 2 attributes are difficult (but not impossible) to attain in a mainframe environment. In PC environments it's relatively easy. Remember, when you open an e-Mail and see those cute little thingys dancing around, they're really pgm code executing on your CPU.
Mainframe Sysprogs are the logical people to have this kind of access and authority. If I were prone to do those kinds of things, I'd find the bar (tavern) where these guys hung out and see what I could hear. Maybe even get an invite to their shop and snoop around.
Joined: 31 Mar 2005 Posts: 436 Location: chennai, India
I would like to share one of the good articles which i read abt virus in mainframe.It speaks:
Are mainframe computers susceptible to computer viruses?
Yes. Numerous experiments have shown that computer viruses spread very
quickly and effectively on mainframe systems. To our knowledge,
however, no non-research computer virus has been seen on mainframe
Many people think that computer viruses are impossible on mainframe
computers, because their operating systems provide means of protection
(e.g., memory protection, access control, etc.) that cannot by bypassed
by a program, unlike the operating systems of most personal computers.
Unfortunately, this belief is false. As demonstrated by Fred Cohen in
1984, access controls are unable to prevent computer viruses--they can
only slow down the speed with which viruses spread. If there is a
transitive path of information flow from one account to another on a
mainframe computer, then a virus can spread from one account to the
other, without having to bypass any protections.
Consider the following example. The attacker (A) has an account on a
machine and wants to attack it with a virus. In order to do this, A
writes a virus and releases it. Due to the protection provided by the
operating system, the virus can only infect the files writable by A. On
a typical system, those would be only the files owned by A.
However, A is not alone on the system. A works with B on some joint
projects. At some time, B might want to check how far A has progressed
in her/his part of the project. This might involve running one of the
programs that A has written--programs that are now all infected with A's
On a sytem with protection based on discretionary access controls (e.g.,
Unix, VMS, and most other popular OSes), the program that is being
executed usually runs with the privileges of the user who is executing
it--not with those of the program's owner. (In the few instances where
this is not the case, it presents a different kind of security threat,
unrelated to viruses.) That is, when B runs A's infected program, the
virus in it will run with B's privileges and will be able to infect all
programs writable by B.
At some later time, A and B's boss, C, might want to check whether they
have completed that joint project. Even if the boss has reasons to
suspect A (e.g., as a disgruntled employee), s/he is likely to trust B
and execute one of her/his programs. This results in the virus running
with C's privileges (which are likely to be significantly greater than
those of A and B) and infecting all programs writable by C. Quite
possibly, these programs will include many owned by other employees,
thus creating many more distribution chains that nobody suspects.
The virus may interfere somehow with C's normal work, which causes C
(who is probably not very knowledgeable about such things as computer
security and viruses) to ask the system administrator, D, for help. If
D executes one of C's infected programs (and s/he is much more likely to
trust a respectable person like C--who is quite probably D's boss as
well--than any of C's employees), this will cause the virus that A wrote
a long time ago to run with system administrator privileges and do
whatever it wants with the system--infect other users' files, attack
other systems, etc.
A trivial improvement of the above scenario (in terms of speeding up the
virus' spread) would be for the attacker to place the virus in some kind
of Trojan Horse--for example, in an attractive game or utility--placed
in a publicly accessible area.
Why, then, are there so many fewer viruses for mainframe computers than
for personal ones? The answer to this question is complex.
1.Writing a well-made mainframe virus--one that does not cause problems
and is likely to remain unnoticed--is not a trivial task. It requires a
lot of knowledge about the operating system. This knowledge is not
commonly available and the typical youngster who is likely to hack a
quick-and-dirty PC virus is unlikely to possess it or be in a position
to learn it. People who possess this knowledge are likely to use it in
more constructive, satisfying, and profitable ways.
2.The culture of software exchange in the mainframe world differs considerably from that of the PC world--we don't see many VMS users running around with a bootable tape of the latest game...
3.Very often it is easier to attack a mainframe computer by using some security hole or a Trojan
Horse, instead of by using a virus.
So, computer viruses for mainframe computers are definitely possible and
several already exist . Also, some IBM PC viruses can
infect any IBM PC compatible machine, even if it runs a "real" OS like
Forms of malware other than computer viruses--notably Trojan Horses--are
far quicker, more effective, and harder to detect than computer viruses.
Nevertheless, on personal computers many more viruses are written than
Trojan Horses. There are two reasons for this:
1. Since a virus is self-propogating, the number of users to
which it can spread (and cause damage) can be much greater
than in the case of a Trojan;
2. It's almost impossible to trace the source of a virus since
(generally) viruses are not attached to any particular
Nowithstanding radhakrishnan82's comments, including the article he quotes, z/OS is NOT vulnerable to computer viruses in the sense the popular press knows them (i.e., Microsoft Windows style viruses). z/OS security is the most robust of any commercially available OS on the planet. The cited article mentions UNIX and VMS; these are NOT z/OS, boys and girls. I doubt that the author ever worked on an IBM mainframe running z/OS. Doesn't sound like it, based on his comments.
Since IBM created the mainframe OS in the last 1960s, it has evolved through OS/360, MFT, MVT, SVS, MVS, VS1, VS2, MVS/XA, MVS/ESA, OS/390, and now z/OS. Each new release over all of those years added more and more security and reliability features. The design of z/OS makes virus propogation and destruction on a z/OS mainframe, for all practical purposes, impossible.
There is a very good reason you have never heard stories in the popular press about a computer virus infecting a mainframe system. It has never happened, and it is never going to happen!
Now, a disgruntled employee, before he leaves a company, can do quite a bit of internal damage to the files on a z/OS system. This is not a computer virus, but a different type of problem. z/OS is vulnerable to this type of damage, since the perpetrator is inside the security wall and is a 'trusted user', so to speak.
Joined: 31 Mar 2005 Posts: 436 Location: chennai, India
I agree that mainframes are relatively at a higher security level than other servers and pc's.
I deny that "It is never going to happen!(virus attack in mainframe)".
If it is so its well and good.There are few peoples in IBM who knows abt the complete security system in Mainframe.
Shall I come to few conclusions such as :
1.Even in virus(pc virus like worm,etc..) filled pc's,Mainframe can run without being attacked by it.
2.The pc virus doesnt know which memory it should affect in Mainframes.So PC virus cannot affect mainframe.
3.Even if you FTP a pc virus filled data to mainframe,its not being attacked by it.
Will the FTP'd virus in mainframe still be there while you ftp the same from mainframe to local pc.will that pc gets affected?
If it is so,Do mainframe responsible for transmitting virus from one pc to another during FTP process?.
(I think we have to do deadly testing on this one to prove it,true or false )
Joined: 10 Mar 2005 Posts: 432 Location: Milan, Italy
z/OS is vulnerable to this type of damage, since the perpetrator is inside the security wall and is a 'trusted user', so to speak.
I think that IronMike is right... in each case, to run a virus in a mf you must bypass its security, but it is also true, as said Radhakrishnan,(and I had a sample running xc (i can't write the original name) ) that a common ftp that can use a kind of remote command(as xc) and work from pc to Mf, usually store within, crypted or not, user & password to access directly to mf and so can (based on the profile of the user) do damage to an application or to the system.
But in this case the really virus is the man or woman that use a STC user for applications.... I think...
To return at my post I think that the only way to affect with a virus a mf is working with malicious intent or stupidity(that does not exist in mainframers)and using a CM product that usually work with high profile to manage the prod environment.