Skip to main content

Why Your IBM i Environment Absolutely Needs Antivirus Protection

While highly securable, IBM i environments remain vulnerable to ransomware due to outdated practices, unsecured file shares and weak password policies. Antivirus protection and modern security protocols are essential to mitigate risks.

As an IBM Business Partner, we’re often engaged to provide advice to customers based on what we see coming down the pike.

The question I’ve been asked the most in the last year is easily: “Do my IBM i environments require antivirus protection?” Yes. Always.

Corporate rule-bending during the COVID-19 pandemic is partially to blame for heightened risk. Back then, people had to work from home. Quickly. Do you think everyone did it right with proper security, VPNs etc.? No way. Many intentional holes were punched in firewalls for people to continue working remotely. Some of those holes have been closed off. Many haven’t. Interfaces left open are being bombarded with attacks regularly. I still deal with the fallout of roughly 10-12 ransomware attacks every year.

 IBM i is one of the most securable OSes in the world. It’s also seldom secured properly because of the old rumor that the AS/400 can’t be affected by a virus. Or that it’s largely impenetrable. Back in the day when everything was connected with twin axial cable, yeah that holds water.  Since the advent of TCP/IP, systems running IBM i are just another target. Interfaces are seldom protected by exit point programs. Security audit logs are seldom turned on, and even when they are, they’re often not collecting the right information. And to this day we still find systems with a minimum password length of one. Seriously. Private authority on objects is seldomly implemented correctly. Way too many people have *ALLOBJ special authority.

Ransomware affects IBM i through file shares by way of NetServer. Your risk increases when you have a guest user ID in NetServer. A guest ID provides complimentary access to whatever you have shared in NetServer. Even if you don’t use a guest ID, anyone with an active drive mapping to their IBM i file server is subject to be a launching point for ransomware.

What directories you share also can increase your risk. If you share the root directory, the entire IBM i OS is at risk for destruction. If you’re only sharing one or two critical directories, you must ensure they’re being properly protected by way of authorization lists at IBM i 7.5, and proper private authority at the object level regardless of release.

Don’t fall for the myths, protect your IBM i environments.


Key Enterprises LLC is committed to ensuring digital accessibility for techchannel.com for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards.