I have implemented a tool which might be useful to protect against both known and unknown malware. The tool works by restricting the user-specified applications to, what in Unix-land would be, a jail. The applications, for example IE or Outlook, have only read/write or read only rights to certain directories/files. In future I plan to extend the app to protect the registry as well. I've tested it on W2k/XPpro/W2k3.
I would love to know what the list think of the idea. Thanks, Brian PS If enough people ask I will release it. -----Original Message----- From: Bill Stout [mailto:[EMAIL PROTECTED] Sent: Thursday, August 04, 2005 6:20 AM To: [email protected] Subject: Looking for HIDS-only products for XP/2000Pro I'm assuming most companies do both HIDS and blocking. Are there any companies which specialize in HIDS for XP/2000Pro? Specifically passive (worm/virus/Trojan) attacks, maybe with an online database for reference. In other words, if we have a product which protects against certain vectors (IE & Outlook), and we want to prove that it did protect them although it doesn't detect, what could I use to detect and identify specific attacks? Bill Stout Director of IT GreenBorder, Inc www.greenborder.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
