From: Andrew R. Reiter (arrwatson.org)
Date: Fri Apr 14 2006 - 14:40:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

On Fri, 14 Apr 2006, Paul Melson wrote:

:________________________________
:Subject: Fwd: [Dailydave] RE: We have the enemy, and the enemy is... you
:
:
:> Don't buy them! Don't spend the time and the energy to get them to work
:> for your enterprise. There are several reasons for me to say this but i
:would
:> like to first start offering you the alternative.
:
:I think you're throwing the baby out with the bathwater here. You wouldn't
:rely on Tripwire or COPS as your primary host security tools, either, but
:they were better than nothing 10 years ago. Many of these products were
:designed with NT/2000 security in mind. And most of them improve security
:for the same.
:

I think you hit on a key point that is missed by many security folks. A
product like this doesn't need to be all encompassing and perfect in every
way to serve a purpose. Sure; it can be "owned", but by utilizing a
heterogenous set of detection products, you are going to do much better
than just sitting around and saying "well, all these damn products suck,
use none."

:New versions of HIPS products amount to the same old thing from 5 years ago
:ported to and tested on XPSP2/2003. The HIPS market will move again and the
:products that don't perform (or fail to pay off Gartner) will be culled.
:Overall, I don't see HIPS going anywhere. Well, OK, there will probably be
:a new name and acronym for whatever comes next.
:
:
:> wmic OS Get DataExecution_Available
:
:I know it's just a typo on your part, but for anybody that tries to recreate
:it, that should be DataExecutionPrevention_Available and probably also
:DataExecutionPrevention_32BitApplications.
:
:PaulM
:
:
:

--
arrwatson.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]