Re: IDS and Spywares

From: Dhruv Soi (dhruv_ymca_at_yahoo.com)
Date: 10/08/05

  • Next message: Anatoly A. Pedemonte Ku: "SourceFire (snort) buyed by CheckPoint" 
    Date: Fri, 7 Oct 2005 22:50:09 -0700 (PDT)
To: neelabhsharma1@gmail.com, focus-ids@securityfocus.com

    Yeah you are right. Spyware detection through any
    anti-spyware program would be stronger mechanism than
    detecting it through IDS. But installation or
    information upload attempt of spyware can be blocked
    by IDS. Blocking may be in terms of detecting the
    vulnerability exploit attempt using which spyware
    installation occurs. Like IE vulnerabilities (IE chm,
    Drag Drop etc etc), or it could be detecting unique
    CLSIDs of known Spyware programs. And there are many
    products (Tipping Point, iPolicy etc. etc.) which
    claim that they block Spyware in their IDS. But I
    don't believe that Network based Spyware detection is
    full proof protection for Spyware but still it helps
    to certain extend.

    Ciao
    Dhruv

    --- neelabhsharma1@gmail.com wrote:

    > Could anyone in the group name a few IDS which
    > detect spywares. In my view spywares are to be
    > detected by an antivirus system and not by a network
    > device.
    >
    >
    ------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it
    > with real-world attacks from CORE IMPACT.
    > Go to
    >
    http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    >
    > to learn more.
    >
    ------------------------------------------------------------------------
    >
    >

            
                    
    __________________________________
    Yahoo! Mail - PC Magazine Editors' Choice 2005
    http://mail.yahoo.com

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Anatoly A. Pedemonte Ku: "SourceFire (snort) buyed by CheckPoint"

    Relevant Pages

    • RE: IDS and Spywares
      ... > I strongly disagree that IDS is not effective with spyware. ... a network based security control has better visibility than a host based ... security control for threats for which most of their characteristics are ... If you know of an IDS that is capable of analyzing "any" stream of bits, ...
      (Focus-IDS)
    • RE: IDS and Spywares
      ... I strongly disagree that IDS is not effective with spyware. ... Network based detection and BLOCKING is the most effective way I've seen ... This is layer 2, detection. ...
      (Focus-IDS)
    • RE: IDS and Spywares
      ... no 100% fool proof method for detecting anything. ... Subject: IDS and Spywares ... Spyware detection through any ... > detected by an antivirus system and not by a network ...
      (Focus-IDS)
    • Re: IDS and Spywares
      ... > Could anyone in the group name a few IDS which detect spywares. ... > be detected by an antivirus system and not by a network device. ... but if you want to protect every device in a network from ... the effects of spyware a good defense is still through an IDP or firewall. ...
      (Focus-IDS)
    • snort-inline capabilities ( WAS: Re: Fortinet IDS )
      ... ClamAV allows for custom ... virus detection so even if there is no detection for the spyware you ... > updates for the IDS system several times a week. ...
      (Focus-IDS)