Dailydave mailing list archives
RE: RE: We have the enemy, and the enemy is... you
From: "Andrew R. Reiter" <arr () watson org>
Date: Fri, 14 Apr 2006 15:40:44 -0400 (EDT)
Hi! On Fri, 14 Apr 2006, Paul Melson wrote: :________________________________ :Subject: Fwd: [Dailydave] RE: We have the enemy, and the enemy is... you : : :> Don't buy them! Don't spend the time and the energy to get them to work :> for your enterprise. There are several reasons for me to say this but i :would :> like to first start offering you the alternative. : :I think you're throwing the baby out with the bathwater here. You wouldn't :rely on Tripwire or COPS as your primary host security tools, either, but :they were better than nothing 10 years ago. Many of these products were :designed with NT/2000 security in mind. And most of them improve security :for the same. : I think you hit on a key point that is missed by many security folks. A product like this doesn't need to be all encompassing and perfect in every way to serve a purpose. Sure; it can be "owned", but by utilizing a heterogenous set of detection products, you are going to do much better than just sitting around and saying "well, all these damn products suck, use none." :New versions of HIPS products amount to the same old thing from 5 years ago :ported to and tested on XPSP2/2003. The HIPS market will move again and the :products that don't perform (or fail to pay off Gartner) will be culled. :Overall, I don't see HIPS going anywhere. Well, OK, there will probably be :a new name and acronym for whatever comes next. : : :> wmic OS Get DataExecution_Available : :I know it's just a typo on your part, but for anybody that tries to recreate :it, that should be DataExecutionPrevention_Available and probably also :DataExecutionPrevention_32BitApplications. : :PaulM : : : -- arr () watson org
Current thread:
- RE: We have the enemy, and the enemy is... you Sandy Wilbourn (Apr 13)
- <Possible follow-ups>
- Fwd: RE: We have the enemy, and the enemy is... you Olef Anderson (Apr 13)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Alexander Sotirov (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Matt (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you H D Moore (Apr 14)
- RE: Fwd: RE: We have the enemy, and the enemy is... you Dave Korn (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Chris Wysopal (Apr 14)
- RE: RE: We have the enemy, and the enemy is... you Paul Melson (Apr 14)
- RE: RE: We have the enemy, and the enemy is... you Andrew R. Reiter (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Alexander Sotirov (Apr 14)