This topic provides some tips for protecting against computer viruses and suspicious programs.
Recent trends in computer usage have increased the likelihood that your system has programs from untrusted sources or programs that perform unknown functions. Following are examples:
These trends have led to a problem in computer security that is called a computer virus. A virus is a program that can change other programs to include a copy of itself. The other programs are then said to be infected by the virus. Additionally, the virus can perform other operations that can take up system resources or destroy data.
The architecture of the server provides some protection from the infectious characteristics of a computer virus. “Protect against computer viruses” describes this. A server security administrator needs to be more concerned about programs that perform unauthorized functions. The remaining topics in this chapter describe ways that someone with ill intentions might set up harmful programs to run on your system. The topics provide tips for preventing programs from performing unauthorized functions.
A computer that has a virus infection has a program that can change other programs. The object-based architecture of this system makes it more difficult for a mischief-maker to produce and spread this type of virus than it is with other computer architectures. On this system, you use specific commands and instructions to work on each type of object. You cannot use a file instruction to change an operable program object (which is what most virus-creators do). Nor can you easily create a program that changes another program object. To do this requires considerable time, effort, and expertise, and it requires access to tools and documentation that are not generally available.
However, as new server functions become available to participate in the open-systems environment, some of the object-based protection functions of servers no longer apply. For example, with the integrated file system (IFS), users can directly manipulate some objects in directories, such as stream files.
Also, although server architecture makes it difficult for a virus to spread among server programs, its architecture does not prevent the system from being a virus-carrier. As a file server, the server can store programs that many PC users share. Any one of these programs might contain a virus that the server does not detect. To prevent this type of virus from infecting the PCs that are attached to your server, use PC virus-scan software. Several functions exist on the server to prevent someone from using a low-level language with pointer capability to alter an operable object program:
The program validation value is not foolproof, and it is not a replacement for vigilance in evaluating programs that are restored to your system.
Several tools are also available to help you detect the introduction of an altered program into your system: