|
|
|
Because of the potential damage that viruses can cause to an operating system, you should emphasize prevention to control the spread of contaminated software. Recovering from the damage of a virus is considerably more difficult than preventing a virus by identifying and disabling it before it executes. You can use CA Auditor to help you identify suspicious modules or detect unauthorized program changes before they infect a z/OS data center. Remember that anything you do to reduce your exposure to viruses potentially increases your administrative overhead, but identifying and containing viruses can give you the time and flexibility that you need to react.
Some general controls that you can follow are:
If you should encounter a virus while reviewing your system, remember that viruses must be executed to infect a computer system. In addition, most viruses quietly replicate for an extended period before their internal time bombs detonate. If your terminal’s PF keys cannot be reprogrammed through an escape key sequence embedded in the data stream, browsing a module that contains a virus is perfectly safe. There have been incidents in the PC world of the virus reprogramming the PF keys to delete files once the keys were pressed. However, this scenario is unlikely on a mainframe if you do not have a programmable terminal. Above all, do not delete the infected program. Quarantine the infected program by preserving a copy of the virus so that you can eradicate it and prosecute its designer. Your technical support staff should disassemble the infected code to learn how it functions and what it was designed to do.
The following sections explain specific ways that you can detect and control the different types of infected software.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |