Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Definition of Zero Day Protection

from [Frank Knobbe] Network Security [Permanent Link]
Subject: Re: Definition of Zero Day Protection
Date: Mon, 09 Aug 2004 16:20:45 -0500 
On Mon, 2004-08-09 at 12:29, Joel Snyder wrote:

In the world of virus scanners, the idea of zero day protection is 
promoted by folks who sell heuristic scanners (i.e., those which do not 
depend on specific matching of a signature).  The idea is that using a 
heuristic, you can determine whether a file has a virus or not, even if 
you've never seen the virus.  Thus, for certain classes of un-written 
viruses, this technology would offer "zero day protection."


Unfortunately we all know how well this concept is working. If
heuristics would actually work, we wouldn't have to battle virus after
virus (like the new strain today). I have the sneaky suspicion that
heuristic IPS (those with 0 day-protection... *chuckle*) will have the
same success rate as heuristic virus scanners.

It seems to me that most anomaly based IPS shut down after a certain
threshold is exceeded. That means that some communication has already
taken place. As Joel said, the host is already compromised, and I
wouldn't be surprised if that host infected a handful of other hosts
before the IPS shut it down.


Regards,
Frank

PS: I can't believe these email viruses are STILL spreading...

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Definition of Zero Day Protection, Teicher, Mark (Mark)
Next by Date:  RE: Definition of Zero Day Protection, Brian Smith
Previous by Thread:  Re: Definition of Zero Day Protection, Joel Snyder
Next by Thread:  Re: Definition of Zero Day Protection, Ali-Reza Anghaie
Indexes:  [Date] [Thread] [Top] [All Lists]