Solutions Architect: Can a virus infect your IBM environment?

Antoni Uni, TTNL BV, solutions architect, IBMi 7.2, IBMi 7.3, POWER8Recent attacks with the WannaCry ransomware virus have changed the look of the increasing cyber attacks.

Ransomware and viruses on IBM i

Where a computer virus was previously destroyed by the fact of “even the virus scanner over and it’s alright” now entire computers – and even companies hosted by ransomware viruses.

But what about the IBM i. Can this operating system, which everybody always said that it was not intuitive for viruses, is affected by a virus?

Ransomware on IBM i

Often, IBM is said to be immune to viruses, but unfortunately, IBM i can be affected by viruses and malware like the WannaCry virus. Any other allegation is incorrect. There are several examples of IBM Power Systems that have become victims of traditional viruses and even ransomware. HelpSystems security experts have recently helped a customer with nearly 250,000 viruses within their IFS!

The good news, and ironically the reason for the misunderstanding, arises from the fact that the IBM i operating system, along with native IBM i objects like RPG and physical files (PF), are immune to the infection. But immunity does not imply that these objects can still be affected or deleted by a name change. There are file systems on the IBM i whose objects can be infected as carrier, removed or hosted.

How do we minimize the risk?

Protect Your Server!

First of all, I always advise Powertech Network Security to restrict (or viral!) Access to the IFS. This in combination with strict management of the Integrated File System shares, including never opening the Root share. Powertech Network Security also offers the ability to secure network services such as FTP-SQL and ODBC.
Next, it is important to restrict the QPWFSERVER authorization list to only those users who can access that QSYS.lib directory structure through the file server. Important to know is that this action has no impact on the operation of traditional workload. Incidentally, this setting does not affect users with * ALLOBJ special authority.
We also need to ensure that viruses are detected before they can cause damage. Many do not know that since V5R3 anti-virus enablement is in the IBM i operating system. Partly because these system values ​​QSCANFS and QSCANFSCTL are only used in native scan engines such as Stand Guard Anti-Virus.

We can not make statements or TTNL customers have become victims of the WannaCry ransomware attacks but for a lot of customers it’s a wake up call to get in touch with adequate anti-virus solutions also for IBM’s always safe-running IBM environment.

TTNL works in the field of software development around IBM in close collaboration with HelpSystems. Helpsystems is known as the world’s largest independent IBM i Software vendor in the world and, like Tectrade, has years of experience in AS400 / IBM i solutions. You can access the HelpSystems website now download Free Stand Guard Anti-Virus for a 30 day trial for your IBM i, AIX and / or Linux server.

For questions about IBM i environments, please contact me directly via my email address, or call for an appointment at 0345-547045.