All the "application control" based host-based security products are a waste in a corporate, Windows environment. Most of them depend on static mappings of applications that are allowed to run. Great idea, but anytime there is a change on the system, you have to rehash the entire allow-list. Its why things like ZoneAlarm and similar such "application controls" are awful for large corporate networks. The users are constantly nagged to allow this or allow that. As if the user would have any idea what applications are legitimate or not. BlackICE/RS Desktop has this feature, but I never advise customers to turn it on - unless they use one of my kludgy hacks that turns the feature into a crude "tripwire-like" file monitor. It will be interesting to see what NAI does with the Entercept engine. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ -----Original Message----- From: Crispin Cowan [mailto:crispin@private] Sent: Tuesday, October 21, 2003 1:35 PM To: crime@private Subject: CRIME NAI to Ramp Up Intrusion Protection Products Jimmy, is this the emerging NAI intrusion prevention product you alluded to earlier? http://www.eweek.com/article2/0,,1356764,00.asp It looks like a nice product. But then again, I'm an advocate of host intrusion prevention. However, this approach (containment-based intrusion prevention on the desktop) has been tried before: Aladdin eSafe was a product back in 1998 that did containment of applications on the desktop. Aladdin seems to have quietly faded that product away, and then effectively made it hard to search for by naming a completely different product "eSafe" :) Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
This archive was generated by hypermail 2b30 : Tue Oct 21 2003 - 21:02:56 PDT