Re: host-based ids evaluation

From: Talisker (
Date: 08/15/02

From: "Talisker" <>
To: "Kurt Seifried" <>, "roy lo" <>
Date: Thu, 15 Aug 2002 22:36:32 +0100


There will rarely be a perfect analogy or definition. But by categorising
products it helps to avoid ambiguities when selecting products. I feel
SecureEXE falls into the category of File Integrity Checker. I'm biased I
try to maintain a website listing all IDS of every persuasion, if I didn't
categorise them the "one" page would be huge (just kidding) As discussed
earlier they are different beasts and should be separated as such.

I personally don't see the discussion as silly, if it helps people realise
there are succinct differences in the products they are looking to purchase.

I agree that some of the approaches taken on these days are indeed
innovative, the vendors (some) should be commended on their forward
thinking. (did I just say that ?)


> Ok... So solutions such as SecureWave SecureEXE which are host based, and
> block execution of non approved code in real time (generate a database of
> md5/sha1 sigs for known good apps, install client, done) is reactive?
> People, definitions like this pro/reactive are SILLY. Really really silly.
> There are so many products out now taking all sorts of interesting
> approaches and implementaitons it's really stupid to be making such broad
> overgeneralizations.
> Let the argument and bad analogies begin!

> Kurt Seifried,
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574