Yeah you are right. Spyware detection through any anti-spyware program would be stronger mechanism than detecting it through IDS. But installation or information upload attempt of spyware can be blocked by IDS. Blocking may be in terms of detecting the vulnerability exploit attempt using which spyware installation occurs. Like IE vulnerabilities (IE chm, Drag Drop etc etc), or it could be detecting unique CLSIDs of known Spyware programs. And there are many products (Tipping Point, iPolicy etc. etc.) which claim that they block Spyware in their IDS. But I don't believe that Network based Spyware detection is full proof protection for Spyware but still it helps to certain extend.
Ciao Dhruv --- [EMAIL PROTECTED] wrote: > Could anyone in the group name a few IDS which > detect spywares. In my view spywares are to be > detected by an antivirus system and not by a network > device. > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > ------------------------------------------------------------------------ > > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
