IDS mailing list archives
Re: IDS and Spywares
From: Dhruv Soi <dhruv_ymca () yahoo com>
Date: Fri, 7 Oct 2005 22:50:09 -0700 (PDT)
Yeah you are right. Spyware detection through any anti-spyware program would be stronger mechanism than detecting it through IDS. But installation or information upload attempt of spyware can be blocked by IDS. Blocking may be in terms of detecting the vulnerability exploit attempt using which spyware installation occurs. Like IE vulnerabilities (IE chm, Drag Drop etc etc), or it could be detecting unique CLSIDs of known Spyware programs. And there are many products (Tipping Point, iPolicy etc. etc.) which claim that they block Spyware in their IDS. But I don't believe that Network based Spyware detection is full proof protection for Spyware but still it helps to certain extend. Ciao Dhruv --- neelabhsharma1 () gmail com wrote:
Could anyone in the group name a few IDS which detect spywares. In my view spywares are to be detected by an antivirus system and not by a network device.
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
__________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IDS and Spywares neelabhsharma1 (Oct 07)
- Re: IDS and Spywares Gadi Evron (Oct 07)
- Re: IDS and Spywares Dhruv Soi (Oct 11)
- Re: IDS and Spywares Jay Archibald (Oct 12)
- Re: IDS and Spywares Tim Holman (Oct 14)
- <Possible follow-ups>
- RE: IDS and Spywares Andrew Plato (Oct 07)
- Re: IDS and Spywares Eric Grejda (Oct 11)
- RE: IDS and Spywares Desai, Deepen (Oct 11)
- Re: IDS and Spywares barcajax (Oct 11)
- Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jonathan Gauntt (Oct 12)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Tim Holman (Oct 14)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor byte_jump (Oct 18)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Frank Knobbe (Oct 18)
- Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jonathan Gauntt (Oct 12)