HIPS

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
What are the general consensus on HIPS?
How important is it to have Desktop IPS application in addition to a
traditional AntiVirus?
In a large corp environment, with hundreds of apps, is it too difficult
to manage?
It is worthwhile the efforts?


Re: HIPS


| What are the general consensus on HIPS?
| How important is it to have Desktop IPS application in addition to a
| traditional AntiVirus?
| In a large corp environment, with hundreds of apps, is it too difficult
| to manage?
| It is worthwhile the efforts?

Even the experts can't agree on HIPS.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: HIPS


Quoted text here. Click to load it

I'll gladly give my 2 cents.

I believe that HIPS in consumer products suffers from the same
problems that a personal firewall does.

[1]It can be terminated by malware
[2]The fact that inexperienced users will be asked to make decisions
on alerts made by HIPS worries me.

--
Regards, Ian Kenefick
http://www.ik-cs.com

Re: HIPS

Ian Kenefick wrote:
Quoted text here. Click to load it

this is a problem with all anti-malware techniques that let the malware
run and hope to catch it in the act of doing something forbidden... all
behaviour based systems suffer the same problem if they are implemented
outside of a virtualized/emulated environment (and even within such
environments there are risks)...

however that just means that some malware will be able to bypass it,
something that certainly hasn't stopped known virus scanning from being
successful and useful...

Quoted text here. Click to load it

at some level security will always require the user to make intelligent
decisions - and the degree of security the user ends up with will
necessarily be a function of how intelligent those decisions are... we
can't take the user out of the equation so what we should really be
concerned with is not the fact that the user must make decisions, but
whether the questions the user faces are unnecessarily hard or
unnecessarily frequent...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: HIPS

wrote:

<snip>
Quoted text here. Click to load it

I agree with you 100%. I'm finding it hard to see HIPS as a viable
solution for consumers  because of the point you make. I believe it's
going to be very very difficult for vendors to make HIPS a viable
solution for the average Joe's desktop.

--
Regards, Ian Kenefick
http://www.ik-cs.com

Re: HIPS

butik wrote:
Quoted text here. Click to load it

having multiple layers is a worthwhile effort in general... if HIPS
works for you then use it - it *does* complement conventional anti-virus
scanning to some extent (though it won't catch everything your
anti-virus lets through)...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: HIPS

Thanks everybody for the input.
My question was not about consumers using HIPS.
Instead, deploying and managing HIPS in a large company.
So all user messages are suppressed and all rules are managed by an
administrator.
How practical is it and is it worthwhile?


butik wrote:
Quoted text here. Click to load it


Re: HIPS

butik wrote:
Quoted text here. Click to load it

well, that's a little too far outside my area of knowledge (since i
don't manage network security for a company)...

but in all honesty, i think this is one of those things where you have
to try it and see if it's practical *for you* in *your situation*... i
don't think anyone else can tell you whether it helps you solve your
problem, i think only you can judge that...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Site Timeline