RE: Sniffing is not the easy answer, Kate.

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Re: [Dailydave] Sniffing is not the easy answer, Kate.

> An admission that NIDS products == antivirus products. "We protect you
> - as long as five percent of your peers have alerted us to the fact that
they got owned > and have provided us with samples!"

No question.  I didn't mean to be defending NIDS products.  Even purveyors
of security wares put things like cost (be it $$ or cpu%) over security.
That applies both to the degree of security their products provide as well
as the security of their actual products*.  But at the end of the day,
signatures are easy to manage, require relatively little knowledge about the
type of attack involved, and don't require a ton of CPU or memory.  That's
why this model is used in AV as well as NIDS/HIDS products.

PaulM 

*I'm probably still under NDA so no specifics, but I'm aware of major design
flaws, like elementary level stuff, in two NIDS vendors' appliances (these
are names you know).  AFAIK, they still ship with these problems.  One
vendor's initial response to the bug was to release a signature that
detected and dropped the attack against their manager that we sent them.