[Dshield] Windoze Questions...

john beck jbeck80 at hotmail.com
Thu Feb 12 17:12:20 GMT 2004




>
>Questions:
>   1) Are there programs equivalent to COPS and TripWire that run on 
>Windows?
GFI has one,
GFI LANguard System Integrity Monitor (S.I.M.)
GFI LANguard S.I.M. is a utility that provides intrusion detection by 
checking whether files have been changed, added or deleted on a Windows 
2000/XP system. If this happens, it alerts the administrator by email. 
Because hackers need to change certain system files to gain access, this 
freeware utility provides a great means to identify any servers open to 
attack.

>   2) Anyone running SNORT under Windows? Any comparison to how it runs 
>under *nix?
>   3) Does the most common AV software (Symantec, NAI, etc.) catch 
>keystroke loggers and other spyware (not Adware!) that may be present and 
>running or a Windows system?
I have noticed during testing at different locations that AV (sophos and 
symantec) do add signatures to "some". But in general no.  One solution I 
have implamented to local lawyers is
Pest Patrol, it is worth taking a look.

>   4) About the Windows encrypted file system... if someone gets Admin 
>privilege on a system using the encrypted file system, can they disclose or 
>compromise data that would normally be protected?
>   5) When I search for products that detect adware installed on a Windows 
>box, I get dozens of hits... is any given product better than another, or 
>do you really need a combination of products to detect and stop all the 
>various adware downloads in use?One solution I have implamented to local 
>lawyers is
Pest Patrol, it is worth taking a look.

>   6) Finally, windows firewalls... Is Zone Alarm still considered the best 
>for Windows? What are the strengths and weaknesses of the firewall built 
>into Win/XP?
Go hardware FW if possible, for home, anything decent, at work, sonicwall or 
symantec are my choice.


John

_________________________________________________________________
Optimize your Internet experience to the max with the new MSN Premium 
Internet Software. http://click.atdmt.com/AVE/go/onm00200359ave/direct/01/




More information about the list mailing list