IDS mailing list archives
Re: Replacing antivirus soft with a real IDS/IPS
From: Pete Herzog <lists () isecom org>
Date: Mon, 19 Dec 2005 00:12:01 +0100
Hi,Actually, getting rid of an anti-virus solution at the desktop is a pretty good idea. If you consider the standard avenue of attacks now are through software vulnerabilities and social engineering, the standard fair of virus as it used to be from floppy to hard drive and back transmission is passé for the most part (but it's still worth keeping an AV disinfection boot CD around). Good security protection through a thorough reduction of all unneeded services, unneeded active scripting languages in the OS and applications, and bad user practices makes the disinfection process something you can launch from a central network location. Therefore, not each individual desktop needs one just for infection clean-up.
Most HIPS solutions that work with signatures are going to be just as flawed. An ideal solution would be one that provides both ingress and egress filtering and change control with strong logging/reporting. Even better if it can also restore to a previous, hopefully untainted state.
Considering the costs of AV for an enterprise, getting rid of it can be quite a substantial savings which can be funding for better overall security support. Although I don't recommend doing it until the internal architecture has been redesigned with appropriate operational security and loss controls.
Sincerely, -pete. http://www.osstmm.org Jason Thompson wrote:
I don't think it's a good idea to knock out AV. A blended tool of AV and HIPS / firewall would be great. Even most HIPS vendors will say that they don't recommend getting rid of your current AV solution.
On 12/6/05, carlopmart <carlopmart () gmail com> wrote:Hi all, I am going to setup a testing lab with several windows XP virtual machines. My pourpose is to do some tests with HIDS/IPS software for windows and not to use antivirus software. Can you recommends me some HIDS software for windows ( free software if it is possible)?. And another question, will windows survive to several attacks (virus, trojans, etc) without using antivirus software ??? Have anyone tryied this?? Thank you very much and sorry for my bad english. -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Replacing antivirus soft with a real IDS/IPS carlopmart (Dec 10)
- Re: Replacing antivirus soft with a real IDS/IPS Packet Man (Dec 12)
- Re: Replacing antivirus soft with a real IDS/IPS Albert Gonzalez (Dec 12)
- Re: Replacing antivirus soft with a real IDS/IPS Jeffrey . Stebelton (Dec 15)
- Re: Replacing antivirus soft with a real IDS/IPS FinAckSyn (Dec 15)
- Re: Replacing antivirus soft with a real IDS/IPS Jason Thompson (Dec 16)
- Re: Replacing antivirus soft with a real IDS/IPS InfoSecBOFH (Dec 18)
- Re: Replacing antivirus soft with a real IDS/IPS Pete Herzog (Dec 21)
- Re: Replacing antivirus soft with a real IDS/IPS carlopmart (Dec 21)