[Dshield] Windoze Questions...

Chuck Lewis clewis at iquest.net
Thu Feb 12 17:42:23 GMT 2004


Comments in line:

>1) Are there programs equivalent to COPS and TripWire that run on Windows?>

Not sure...

 >2) Anyone running SNORT under Windows? Any comparison to how it runs under

I ran it for a while, but changed PC's and spaced it...

>3) Does the most common AV software (Symantec, NAI, etc.) catch keystroke
>loggers and other spyware (not Adware!) that may be present and running or
>a Windows system?

We use Sophos and they do catch many of them but there is some debate in the
trade about one persons malware being another persons "I don't mind"...

>4) About the Windows encrypted file system... if someone gets Admin
>privilege on a system using the encrypted file system, can they disclose or
>compromise data that would normally be protected?

Not sure...

>5) When I search for products that detect adware installed on a Windows
box, >I get dozens of hits... is any given product better than another, or
do you >really need a combination of products to detect and stop all the
various >adware downloads in use?

Here are the ones you want:


Spybot S&D and Ad-aware 6 remove parasites after they have installed
themselves. SpywareBlaster immunizes your system so that parasites cannot
install themselves in the first place, and is recommended by the Spybot S&D

Use all 3 and you are well protected against parasites, and all 3 are

Ad-aware: http://www.lavasoft.de/support/download/#free

Spybot S&D: http://www.safer-networking.org/index.php?lang=en&page=download

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

>6) Finally, windows firewalls... Is Zone Alarm still considered the best
>for Windows? What are the strengths and weaknesses of the firewall built
>into Win/XP?

Zone Alarm is very good. You should of course have a firewall on your
network too...

As for the XP firewall ? It causes MAJOR problems with VPN connections -
ridiculous in my book (i.e. a VPN connection will NOT work and MS even says
to disable the firewall for VPN connections...)



More information about the list mailing list