Re: Replacing antivirus soft with a real IDS/IPS

carlopmart wrote:

> Hi all,
>
>  I am going to setup a testing lab with several windows XP virtual 
> machines. My pourpose is to do some tests with HIDS/IPS software for 
> windows and not to use antivirus software. Can you recommends me some 
> HIDS software for windows ( free software if it is possible)?.
>
>  And another question, will windows survive to several attacks (virus, 
> trojans, etc) without using antivirus software ??? Have anyone tryied 
> this??
>
> Thank you very much and sorry for my bad english.
Your english is fine.

Check out Osiris for central host monitoring:

  http://www.hostintegrity.com/osiris/

Also, I find central logging essential for analysis.
I recommend running a central logging console on
GNU/Linux, possibly the same system used as the
Osiris managment console.

Meanwhile, Snare satisfies me for getting Windows
to log remotely:

http://sourceforge.net/projects/snare/

But, I'm not really sure doing without anti-virus
software is a good idea.  My recommendations
are Kaspersky and Sophos, but there are Windows
versions of Clamav:
  http://www.clamav.net/binary.html

Good luck.

--
Excellence in InfoSec and Linux
http://www.altsec.info


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------