RE: IDS and Spywares

[Frank Knobbe <frank () knobbe us>]

On Sat, 2005-10-15 at 01:12 -0700, Dhruv Soi wrote:
> Frank, don't you believe that a Techie can even harden
> a MS OS to protect it from Virus/Worm attack or from
> some vulnerability exploit attacks... 

No, I do, that was my point. 

> Same way IDS, HIDS, Antivirus all are protecting the
> networks,hosts at different layers...Leaving the
> Network administrators with least administrative
> work...

Well, it seems that they are all failing then, since spyware, worm, and
viruses are still making their rounds! Airlines still suffer outages
from Internet worms, as do car manufacturers (to name just a few recent
high profile cases). 

And it seem we don't trust those added layers either since we're still
nervous on every patch Tuesday with fears of worms to the announced
vulnerabilities.

As for leaving admins with admin work, that doesn't seem to be justified
if they are spending more and more time administrating all those gadgets
that are getting bolted on to protect the rotten cores, including
applying patches to the security products which themselves are
vulnerable to the same issues they are tying to prevent in the first
place.

Yeah, call me a purist and laugh at me for throwing up the caution flag
every chance I get, but someone has to :)  If no one raises concerns
about the industry getting out of control, then we might just believe
that all is well and continue blissfully towards our doom.

-Frank

Attachment: signature.asc
Description: This is a digitally signed message part