Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?

From: Martin Roesch <roesch () sourcefire com>
Date: Sat, 19 Mar 2011 22:05:17 -0400
On Sat, Mar 19, 2011 at 9:32 PM, evilghost () packetmail net
<evilghost () packetmail net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/19/11 19:40, Martin Roesch wrote:

The people who designed it did so as a response to how
ineffectual classic AV models have become.  It is a "clean sheet"
approach to solving the problem and we did the acquisition after we
saw just how powerful the approach is.


I think we're all in agreement with this one since the AV model is a false hope
(I know, painful words since you own Clam).


Clam is great at what it does and is still driven by its original open
source team, I think the ability to write your own sigs is very useful
in general.  Immunet 3.0 integrates the ClamAV technology so that you
can get the best of both worlds, custom sigs + the ClamAV team's
coverage (when you want a more traditional AV) in addition to the
collective detection model that Immunet brings to bear.


I'm jaded and biased after years of
the AV vendors milking a subscription model based on
signature-driven/hash-driven detection which does little to combat the threat.
I'll give this one a whirl, though I'm also weary of "in the cloud" since the
marketing droids like to sling this buzzword to the same magnitude I like to
ingurgitate alcohol.


Cloud is the word people use to describe it so that's what we're stuck
with.  I think being able to offer more comprehensive client-side
attack detection/prevention is a worthwhile goal and that's what this
technology is designed to do.  Hopefully it'll be something you like!

Marty


-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: