|
|
|
A virus can infect only those programs that the security system lets it infect. However, even in a system with strong internal controls, many security mechanisms do not prevent an infected program under the control of an authorized user ID from making unauthorized program changes to other programs. Many security systems grant the identical access privileges that your user ID has to the programs that you execute. This assumes that you always know and approve of what a program is doing on your behalf. Viruses can take advantage of this design decision to secretly update program libraries that the security system permits your user ID to update. The virus inserts itself into programs on behalf of your user ID and begins to infect other programs and libraries that you can access. You can protect your program libraries by using existing z/OS access control software facilities. You can use these facilities to establish both an environment and an authorized path for library updates that your user ID can perform. See the Detecting and Controlling Software Threats section in this chapter to implement these controls with each of the major access control software packages. Remember, however, that any decision to improve your resistance to viruses has performance and flexibility costs.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |