Paul, >we prefer to recommend blocking for a signature >after it has been in the >field for a month or >two.
For a critical vulnerability, would you disagree that waiting a month or two to test a signature in the field before deploying it is unacceptable? >vulnerability. The behavioral signatures match on >consistent elements of >malware that we see >repeated regardless of the vulnerability >exploited. So the behavioural signatures detect malware and not vulnerabilities. Are there any behavioural signatures for vulnerabilities? V ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
