Re: Replacing antivirus soft with a real IDS/IPS



Thank you very much to all for your responses. I will test FORCE from coresecurity ( without forgetting AV).



Pete Herzog wrote:
Hi,

Actually, getting rid of an anti-virus solution at the desktop is a pretty good idea. If you consider the standard avenue of attacks now are through software vulnerabilities and social engineering, the standard fair of virus as it used to be from floppy to hard drive and back transmission is passé for the most part (but it's still worth keeping an AV disinfection boot CD around). Good security protection through a thorough reduction of all unneeded services, unneeded active scripting languages in the OS and applications, and bad user practices makes the disinfection process something you can launch from a central network location. Therefore, not each individual desktop needs one just for infection clean-up.

Most HIPS solutions that work with signatures are going to be just as flawed. An ideal solution would be one that provides both ingress and egress filtering and change control with strong logging/reporting. Even better if it can also restore to a previous, hopefully untainted state.

Considering the costs of AV for an enterprise, getting rid of it can be quite a substantial savings which can be funding for better overall security support. Although I don't recommend doing it until the internal architecture has been redesigned with appropriate operational security and loss controls.

Sincerely,
-pete.

http://www.osstmm.org



Jason Thompson wrote:

I don't think it's a good idea to knock out AV. A blended tool of AV
and HIPS / firewall would be great. Even most HIPS vendors will say
that they don't recommend getting rid of your current AV solution.




On 12/6/05, carlopmart <carlopmart@xxxxxxxxx> wrote:

Hi all,

  I am going to setup a testing lab with several windows XP virtual
machines. My pourpose is to do some tests with HIDS/IPS software for
windows and not to use antivirus software. Can you recommends me some
HIDS software for windows ( free software if it is possible)?.

  And another question, will windows survive to several attacks
(virus, trojans, etc) without using antivirus software ??? Have anyone
tryied this??

Thank you very much and sorry for my bad english.

--
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------ Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------






-- CL Martinez carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------




Relevant Pages

  • RE: syslogs for windows
    ... Subject: syslogs for windows ... I'm in need of a syslog server running on Windows, ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: about a free opensource tools to catch the system calls
    ... What you want is a strace for Windows. ... about a free opensource tools to catch the system calls ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: free hIDS, or system assessment tools
    ... Nessus does local checks on boxes with SSH :-) And for windows ... > Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: Hijacked Internet Connection!
    ... D/load HiJack This from here: ... Microsoft MVP - Windows Shell/User ... > offering help to get rid of a virus it had supossedly ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows Explorer Error
    ... > can't get rid of the files. ... Do a disk repair from Windows ... Reboot and try to delete them again. ... If you still can not delete them then boot as Administrator into safe mode ...
    (microsoft.public.windowsxp.help_and_support)