Re: IDS and Spywares

From: Jay Archibald (jay.archibald_at_comcast.net)
Date: 10/12/05

  • Next message: vipul kumra: "RE: IDS and Spywares" 
    To: <neelabhsharma1@gmail.com>, <focus-ids@securityfocus.com>
Date: Tue, 11 Oct 2005 19:52:58 -0600

    > Could anyone in the group name a few IDS which detect spywares. In my
    view spywares are to
    > be detected by an antivirus system and not by a network device.

    Your view is correct in the regard that antivirus software should DETECT and
    REMOVE spyware, but if you want to protect every device in a network from
    the effects of spyware a good defense is still through an IDP or firewall.
    Can you garantee every network host in your network has an anti-virus client
    running with the latest definition updates? Even if you can,
    spyware/malware creators still have tricky ways of evading
    anti-virus/anti-spyware scanners. In my opinion, perimeter security is
    still an effective way to secure a network.

    Juniper/Netscreen's IDP systems detect and block spyware. The nice thing
    about their product is they catagorize the spyware into several different
    catagories: CRITICAL, HIGH, MEDIUM, LOW and INFO. This makes it easier to
    build IDS policies for blocking the critical alerts while only alerting on
    the low. They currently have over 300 spyware signatures.

    They have a good IDP product, but I will say that it is excpensive when it
    comes to the support contract costs. One other thing I think they could
    improve is providing details or references on spyware signatures like they
    do with other catagories like HTTP or SMTP.

    Jay Archibald
    Student - Norwich University
    Master of Science in Information Assurance

    ----- Original Message -----
    From: <neelabhsharma1@gmail.com>
    To: <focus-ids@securityfocus.com>
    Sent: Friday, October 07, 2005 12:12 AM
    Subject: IDS and Spywares

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: vipul kumra: "RE: IDS and Spywares"

    Relevant Pages

    • RE: IDS and Spywares
      ... > I strongly disagree that IDS is not effective with spyware. ... a network based security control has better visibility than a host based ... security control for threats for which most of their characteristics are ... If you know of an IDS that is capable of analyzing "any" stream of bits, ...
      (Focus-IDS)
    • RE: IDS and Spywares
      ... I strongly disagree that IDS is not effective with spyware. ... Network based detection and BLOCKING is the most effective way I've seen ... This is layer 2, detection. ...
      (Focus-IDS)
    • Re: IDS and Spywares
      ... It's not very efficient to use an application signature to scan network ... and most fundamental way to block spyware with a network ... Subject: IDS and Spywares ...
      (Focus-IDS)
    • RE: IDS and Spywares
      ... > I strongly disagree that IDS is not effective with spyware. ... Network based detection is able to deal ... > and intended solely for the intended recipient. ...
      (Focus-IDS)
    • RE: IDS and Spywares
      ... no 100% fool proof method for detecting anything. ... Subject: IDS and Spywares ... Spyware detection through any ... > detected by an antivirus system and not by a network ...
      (Focus-IDS)