[Dshield] Windoze Questions...
clewis at iquest.net
Thu Feb 12 17:42:23 GMT 2004
Comments in line:
>1) Are there programs equivalent to COPS and TripWire that run on Windows?>
>2) Anyone running SNORT under Windows? Any comparison to how it runs under
I ran it for a while, but changed PC's and spaced it...
>3) Does the most common AV software (Symantec, NAI, etc.) catch keystroke
>loggers and other spyware (not Adware!) that may be present and running or
>a Windows system?
We use Sophos and they do catch many of them but there is some debate in the
trade about one persons malware being another persons "I don't mind"...
>4) About the Windows encrypted file system... if someone gets Admin
>privilege on a system using the encrypted file system, can they disclose or
>compromise data that would normally be protected?
>5) When I search for products that detect adware installed on a Windows
box, >I get dozens of hits... is any given product better than another, or
do you >really need a combination of products to detect and stop all the
various >adware downloads in use?
Here are the ones you want:
Spybot S&D and Ad-aware 6 remove parasites after they have installed
themselves. SpywareBlaster immunizes your system so that parasites cannot
install themselves in the first place, and is recommended by the Spybot S&D
Use all 3 and you are well protected against parasites, and all 3 are
Spybot S&D: http://www.safer-networking.org/index.php?lang=en&page=download
>6) Finally, windows firewalls... Is Zone Alarm still considered the best
>for Windows? What are the strengths and weaknesses of the firewall built
Zone Alarm is very good. You should of course have a firewall on your
As for the XP firewall ? It causes MAJOR problems with VPN connections -
ridiculous in my book (i.e. a VPN connection will NOT work and MS even says
to disable the firewall for VPN connections...)
More information about the list