[Dshield] Windoze Questions...

john beck jbeck80 at hotmail.com
Thu Feb 12 17:12:20 GMT 2004

>   1) Are there programs equivalent to COPS and TripWire that run on 
GFI has one,
GFI LANguard System Integrity Monitor (S.I.M.)
GFI LANguard S.I.M. is a utility that provides intrusion detection by 
checking whether files have been changed, added or deleted on a Windows 
2000/XP system. If this happens, it alerts the administrator by email. 
Because hackers need to change certain system files to gain access, this 
freeware utility provides a great means to identify any servers open to 

>   2) Anyone running SNORT under Windows? Any comparison to how it runs 
>under *nix?
>   3) Does the most common AV software (Symantec, NAI, etc.) catch 
>keystroke loggers and other spyware (not Adware!) that may be present and 
>running or a Windows system?
I have noticed during testing at different locations that AV (sophos and 
symantec) do add signatures to "some". But in general no.  One solution I 
have implamented to local lawyers is
Pest Patrol, it is worth taking a look.

>   4) About the Windows encrypted file system... if someone gets Admin 
>privilege on a system using the encrypted file system, can they disclose or 
>compromise data that would normally be protected?
>   5) When I search for products that detect adware installed on a Windows 
>box, I get dozens of hits... is any given product better than another, or 
>do you really need a combination of products to detect and stop all the 
>various adware downloads in use?One solution I have implamented to local 
>lawyers is
Pest Patrol, it is worth taking a look.

>   6) Finally, windows firewalls... Is Zone Alarm still considered the best 
>for Windows? What are the strengths and weaknesses of the firewall built 
>into Win/XP?
Go hardware FW if possible, for home, anything decent, at work, sonicwall or 
symantec are my choice.


Optimize your Internet experience to the max with the new MSN Premium 
Internet Software. http://click.atdmt.com/AVE/go/onm00200359ave/direct/01/

More information about the list mailing list