IDS mailing list archives

Re: Replacing antivirus soft with a real IDS/IPS

From: FinAckSyn <finacksyn () yahoo co uk>
Date: Thu, 15 Dec 2005 12:35:18 +0000 (GMT)

Hi Carlo,

Whilst HIPS will protect you from worms/viruses and
the likes, it does not have the ability to detect,
repair or remove infected files, which is important in
any enterprise attempting to combat infection whilst
maintaining the integrity of their operations.
I would use a combination of anti-virus and HIPS on a
workstation.  The AV will cope with the known stuff
and the HIPS will provide zero-day defense against
viruses that vendors haven't bothered writing
signatures for yet.
Unfortunately, there's no way to avoid having an AV
system altogether.  Think what would happen if a user
had an important document that was infected.  HIPS
would prevent them opening it, but AV would clean it
for them (if it could). 

Rgds,

Matt



--- carlopmart <carlopmart () gmail com> wrote:

Hi all,

  I am going to setup a testing lab with several
windows XP virtual 
machines. My pourpose is to do some tests with
HIDS/IPS software for 
windows and not to use antivirus software. Can you
recommends me some 
HIDS software for windows ( free software if it is
possible)?.

  And another question, will windows survive to
several attacks 
(virus, trojans, etc) without using antivirus
software ??? Have anyone 
tryied this??

Thank you very much and sorry for my bad english.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to

http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.

------------------------------------------------------------------------




                
___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Current thread:

Replacing antivirus soft with a real IDS/IPS carlopmart (Dec 10)
- Re: Replacing antivirus soft with a real IDS/IPS Packet Man (Dec 12)
- Re: Replacing antivirus soft with a real IDS/IPS Albert Gonzalez (Dec 12)
  - Re: Replacing antivirus soft with a real IDS/IPS Jeffrey . Stebelton (Dec 15)
- Re: Replacing antivirus soft with a real IDS/IPS FinAckSyn (Dec 15)
- Re: Replacing antivirus soft with a real IDS/IPS Jason Thompson (Dec 16)
  - Re: Replacing antivirus soft with a real IDS/IPS InfoSecBOFH (Dec 18)
  - Re: Replacing antivirus soft with a real IDS/IPS Pete Herzog (Dec 21)
    - Re: Replacing antivirus soft with a real IDS/IPS carlopmart (Dec 21)