RE: RE: We have the enemy, and the enemy is... you

["Paul Melson" <pmelson () gmail com>]

________________________________
Subject: Fwd: [Dailydave] RE: We have the enemy, and the enemy is... you


> Don't buy them! Don't spend the time and the energy to get them to work 
> for your enterprise. There are several reasons for me to say this but i
would
> like to first start offering you the alternative.

I think you're throwing the baby out with the bathwater here.  You wouldn't
rely on Tripwire or COPS as your primary host security tools, either, but
they were better than nothing 10 years ago.  Many of these products were
designed with NT/2000 security in mind.  And most of them improve security
for the same.

New versions of HIPS products amount to the same old thing from 5 years ago
ported to and tested on XPSP2/2003.  The HIPS market will move again and the
products that don't perform (or fail to pay off Gartner) will be culled.
Overall, I don't see HIPS going anywhere.  Well, OK, there will probably be
a new name and acronym for whatever comes next.  


> wmic OS Get DataExecution_Available

I know it's just a typo on your part, but for anybody that tries to recreate
it, that should be DataExecutionPrevention_Available and probably also
DataExecutionPrevention_32BitApplications.

PaulM