Andrew Plato wrote:
> >good. But I've looked at EVERY commercial IDS I could find and every IDS
> > technology approach there is and I tell you this-
> > THEY ALL SUCK. And ISS sucks just as badly (worse in some places)
> than any
> > other product.
> You're right to a certain extent here. But you could extend this to
> probably
> every technology ever made. Everything has strengths and weaknesses.
Well, no. And that is truly the source of this argument in the first
place. IMHO (and apparently others as well) IDS suck much, much more
than other technologies. IDS sucks in qualitatively worse ways:
* other technologies are deterministic: when they decice that
something is "good" or "bad" ("permitted" or "denied") they are
*certain*
* IDS are fundamentally heuristic systems, and they are just
guessing that something is *probably* "good" or "bad"
Do IDS have some security value? Sure they do. But it is qualitatively
different than other security products' value, and that's why they
require so much human monitoring to be useful.
> To use an innocuous example - why do I have 5 media players on my
> computer
> (WinAmp, QuickTime, Real, MusicMatch, Windows Media)? Because each one
> sucks in its own unique way.
And here I thought it was because various media distributors were
seeking to monopolize formats, and so your Real Player could not play
Quicktime videos, and vice versa :) Unless forced to do otherwise by
deliberate incompatibility, I use only one media player. Your example
fails to convince.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 09:27:55 PDT