In recent years, IBM has made operations management much easier by allowing the iSeries—now System i5—to run multiple operating systems, including Linux and AIX, in partitions alongside i5/OS on the same machine. This can make operating your business much easier, but it also opens doors through which malicious code can find its way onto your server and then flow throughout your network.

Already, i5/OS's IFS, with its UNIX-based privileges model, brings heightened risks. Adding Linux and AIX compounds this risk, as does connecting Windows-based PCs to the System i5 server. The temptation to casually dismiss these risks by citing the iSeries' reputation as an impenetrable platform can set you up for a rude awakening when viruses and malicious code slip through.

Fortunately, IBM implemented tools starting with V5R3 that make protecting the system from virus threats much easier. Third-party solutions can now be tied in through the built-in Virus Scanning Enablement. Working with McAfee and Bytware to bring virus protection to System i5, IBM's addition of enablement features ensured that the platform could maintain its reputation for security in the face of rapidly growing threats.

Several options are available for virus scanning on System i5. The first, which neither IBM nor I recommend, is to map a PC to the IFS and scan using standard PC software. Associated risks include unintentionally migrating viruses from the scanning PC to the IFS, opening a door with *ALLOBJ authority to the server (thus allowing a hacker to gain control through the scanning PC), having the scan hang by looping infinitely on recursive links (which Windows cannot understand), transferring sensitive data over the network, and dragging down overall network performance because of the large quantity and sizes of files that must be passed between the System i5 and the scanning PC. And even in the best scenarios, this method may fail to identify malicious code hiding in the IFS.

Another option is to use a native solution that offers integrated Linux and AIX support. For example, the iSeries version of Bytware's StandGuard Anti-Virus solution provides support for all three of these operating systems on a single box, with centralized control through i5/OS—thus eliminating the need to manage each operating system's scanning individually. McAfee's scanning engine detects more than 150,000 threats.

Regardless of how you choose to take action, the most important decision is to do so. Why is protecting System i5 so important? Hackers and viruses don't care whether or not users believe their systems are vulnerable. They simply know that they can get in—and they do.

I often hear people say that there are no iSeries viruses, that there are virtually no Linux or UNIX viruses, and that the risk is so minimal that it's not worth pursuing. But a virus does not need to target any of these specific operating systems in order to wreak havoc on your operations. As long as a Windows PC accesses files stored on servers running off of any of these operating systems, the virus and malicious code can, and will, spread. It can delete files off of the IFS, or Linux, or AIX, and it will. It can knock your server offline for hours or days. The risk is very real, but it is also very shadowy because i5/OS, Linux, and AIX can all serve as symptom-free carriers of viruses and malicious code. Without scanning, you may have no idea it's there until it's too late.

To protect your operations, you need to run anti-virus software on all of your systems, at both the client and the host level. In addition to anti-virus software on all of your Windows desktops, a System i5 running i5/OS also needs to have i5/OS anti-virus software installed on it. Likewise, a multi-OS System i5 running i5/OS V5R4, OS/400 V5R2, Linux, and AIX in four separate partitions needs to have anti-virus software for each operating system installed. Doing this is a security best practice and a key to compliance.

Multiple operating systems give you the flexibility to meet all of your organization's needs in the ways you see best, and consolidating these on a single box is very cost-effective. The final piece is protecting your most critical asset—your data—from the very real threat of viruses and malicious code.

Check out Bytware's other offerings in the MC Showcase Buyer's Guide.

Mike Grant is CEO and head of development for Bytware, Inc.