RE: IDS and Spywares

From: Andrew Plato (andrew.plato_at_anitian.com)
Date: 10/07/05

Next message: Desai, Deepen: "RE: IDS and Spywares"

Previous message: Ramon Kagan: "Re: Open source GUI for Snort"
Maybe in reply to: neelabhsharma1_at_gmail.com: "IDS and Spywares"
Next in thread: Eric Grejda: "Re: IDS and Spywares"
Reply: Eric Grejda: "Re: IDS and Spywares"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Oct 2005 12:40:28 -0700
To: <neelabhsharma1@gmail.com>, <focus-ids@securityfocus.com>

A lot of the commercial ones do. TippingPoint has quite a few spyware
signatures. ISS has some. Don't know about Symantec or Cisco.

Some AV will detect spyware, but not all. And even then, AV tends not to
be very good at blocking communication of already installed spyware.

___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security

-----Original Message-----
From: neelabhsharma1@gmail.com [mailto:neelabhsharma1@gmail.com]
Sent: Thursday, October 06, 2005 11:13 PM
To: focus-ids@securityfocus.com
Subject: IDS and Spywares

Could anyone in the group name a few IDS which detect spywares. In my
view spywares are to be detected by an antivirus system and not by a
network device.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: Desai, Deepen: "RE: IDS and Spywares"

Previous message: Ramon Kagan: "Re: Open source GUI for Snort"
Maybe in reply to: neelabhsharma1_at_gmail.com: "IDS and Spywares"
Next in thread: Eric Grejda: "Re: IDS and Spywares"
Reply: Eric Grejda: "Re: IDS and Spywares"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: IDS and Spywares
... > I strongly disagree that IDS is not effective with spyware. ... a network based security control has better visibility than a host based ... security control for threats for which most of their characteristics are ... If you know of an IDS that is capable of analyzing "any" stream of bits, ...
(Focus-IDS)
RE: IDS and Spywares
... I strongly disagree that IDS is not effective with spyware. ... Network based detection and BLOCKING is the most effective way I've seen ... This is layer 2, detection. ...
(Focus-IDS)
RE: Fortinet IDS
... Their list of spyware and adware is limited, ... I believe they used Snort for their IDS. ... Find out quickly and easily by testing it with real-world attacks from CORE ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: IDS and Spywares
... > Could anyone in the group name a few IDS which detect spywares. ... > be detected by an antivirus system and not by a network device. ... but if you want to protect every device in a network from ... the effects of spyware a good defense is still through an IDP or firewall. ...
(Focus-IDS)
Re: IDS and Spywares
... Spyware detection through any ... detecting it through IDS. ... Blocking may be in terms of detecting the ... installation occurs. ...
(Focus-IDS)