IDS mailing list archives
A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro
From: "Brian Azzopardi" <brian () unixpoet com>
Date: Tue, 9 Aug 2005 20:20:37 +0200
I have implemented a tool which might be useful to protect against both known and unknown malware. The tool works by restricting the user-specified applications to, what in Unix-land would be, a jail. The applications, for example IE or Outlook, have only read/write or read only rights to certain directories/files. In future I plan to extend the app to protect the registry as well. I've tested it on W2k/XPpro/W2k3. I would love to know what the list think of the idea. Thanks, Brian PS If enough people ask I will release it. -----Original Message----- From: Bill Stout [mailto:bill.stout () greenborder com] Sent: Thursday, August 04, 2005 6:20 AM To: focus-ids () securityfocus com Subject: Looking for HIDS-only products for XP/2000Pro I'm assuming most companies do both HIDS and blocking. Are there any companies which specialize in HIDS for XP/2000Pro? Specifically passive (worm/virus/Trojan) attacks, maybe with an online database for reference. In other words, if we have a product which protects against certain vectors (IE & Outlook), and we want to prove that it did protect them although it doesn't detect, what could I use to detect and identify specific attacks? Bill Stout Director of IT GreenBorder, Inc www.greenborder.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Looking for HIDS-only products for XP/2000Pro Bill Stout (Aug 04)
- Re: Looking for HIDS-only products for XP/2000Pro Jean-Pierre Denis (Aug 08)
- Re: Looking for HIDS-only products for XP/2000Pro AsTriXs (Aug 08)
- A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro Brian Azzopardi (Aug 09)
- Re: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro Nakul Aggarwal (Aug 15)
- <Possible follow-ups>
- Re: Looking for HIDS-only products for XP/2000Pro LeoDregier (Aug 08)
- RE: Looking for HIDS-only products for XP/2000Pro Bill Stout (Aug 12)
- Re: Looking for HIDS-only products for XP/2000Pro Sanjay Rawat (Aug 12)
- Re: Looking for HIDS-only products for XP/2000Pro jeremy . pickett (Aug 18)