I have implemented a tool which might be useful to protect against both
known and unknown malware. The tool works by restricting the user-specified
applications to, what in Unix-land would be, a jail. The applications, for
example IE or Outlook, have only read/write or read only rights to certain
directories/files. In future I plan to extend the app to protect the
registry as well. I've tested it on W2k/XPpro/W2k3.
I would love to know what the list think of the idea.
Thanks,
Brian
PS
If enough people ask I will release it.
-----Original Message-----
From: Bill Stout [mailto:bill.stout@greenborder.com]
Sent: Thursday, August 04, 2005 6:20 AM
To: focus-ids@securityfocus.com
Subject: Looking for HIDS-only products for XP/2000Pro
I'm assuming most companies do both HIDS and blocking. Are there any
companies which specialize in HIDS for XP/2000Pro? Specifically passive
(worm/virus/Trojan) attacks, maybe with an online database for reference.
In other words, if we have a product which protects against certain vectors
(IE & Outlook), and we want to prove that it did protect them although it
doesn't detect, what could I use to detect and identify specific attacks?
Bill Stout
Director of IT
GreenBorder, Inc
www.greenborder.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
