Hi,
Actually, getting rid of an anti-virus solution at the desktop is a
pretty good idea. If you consider the standard avenue of attacks now
are through software vulnerabilities and social engineering, the
standard fair of virus as it used to be from floppy to hard drive and
back transmission is passé for the most part (but it's still worth
keeping an AV disinfection boot CD around). Good security protection
through a thorough reduction of all unneeded services, unneeded active
scripting languages in the OS and applications, and bad user practices
makes the disinfection process something you can launch from a central
network location. Therefore, not each individual desktop needs one just
for infection clean-up.
Most HIPS solutions that work with signatures are going to be just as
flawed. An ideal solution would be one that provides both ingress and
egress filtering and change control with strong logging/reporting. Even
better if it can also restore to a previous, hopefully untainted state.
Considering the costs of AV for an enterprise, getting rid of it can be
quite a substantial savings which can be funding for better overall
security support. Although I don't recommend doing it until the
internal architecture has been redesigned with appropriate operational
security and loss controls.
Sincerely,
-pete.
http://www.osstmm.org
Jason Thompson wrote:
I don't think it's a good idea to knock out AV. A blended tool of AV
and HIPS / firewall would be great. Even most HIPS vendors will say
that they don't recommend getting rid of your current AV solution.
On 12/6/05, carlopmart <[EMAIL PROTECTED]> wrote:
Hi all,
I am going to setup a testing lab with several windows XP virtual
machines. My pourpose is to do some tests with HIDS/IPS software for
windows and not to use antivirus software. Can you recommends me some
HIDS software for windows ( free software if it is possible)?.
And another question, will windows survive to several attacks
(virus, trojans, etc) without using antivirus software ??? Have anyone
tryied this??
Thank you very much and sorry for my bad english.
--
CL Martinez
carlopmart {at} gmail {d0t} com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
