Ashish Kamra wrote: > My two cents on this issue as a Phd student working on an AD system for > a DBMS (who just wants get his Phd at the moment and not get into a > debate :-)).
If you want to get your PhD, then debating is quite important :D > I was at the Recent Advances in Intrusion Detection Conference (RAID > 2008) recently where one of the topics for a panel discussion was "Life > after antivirus". The main take-away from the discussion was that even > top anti-virus companies are looking at whitelisting approaches to > augment the existing blacklists in order to win the battle against ever > increasing malware variants. Whitelisting is a good approach to execution authorization and for fighting malware, this is quite well recognized I'd say. Intrusion detection is a completely different beast though (and it seems quite peculiar that at RAID this wasn't noted). SZ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
