[Dshield] Windoze Questions...

Kenton Smith ksmith at chartwelltechnology.com
Thu Feb 12 17:17:06 GMT 2004


I'll take a shot at some of these:

Jon R. Kibler wrote:

>Greetings,
>
>As I have said several times before, I am not a windows expert and we use few windows machines in our shop. Thus, I have a few questions about Windows security from a Unix perspective.
>
>Questions:
>  1) Are there programs equivalent to COPS and TripWire that run on Windows?
>  
>
Yes, although the only one I've tried is product called Veracity, don't 
even know if they're still around. There is, of course, the commercial 
version of Tripwire if you have the dough.

>  2) Anyone running SNORT under Windows? Any comparison to how it runs under *nix?
>  
>
Yes, as a collector node it works great, I have had very bad luck with 
any of the GUI's.

>  3) Does the most common AV software (Symantec, NAI, etc.) catch keystroke loggers and other spyware (not Adware!) that may be present and running or a Windows system?
>  
>
That depends... Retail versions of both McAfee and Symantec are starting 
to catch more of these, but I wouldn't rely on them.

>  4) About the Windows encrypted file system... if someone gets Admin privilege on a system using the encrypted file system, can they disclose or compromise data that would normally be protected?
>  
>
Can't answer that one.

>  5) When I search for products that detect adware installed on a Windows box, I get dozens of hits... is any given product better than another, or do you really need a combination of products to detect and stop all the various adware downloads in use?
>  
>
I have never found one that catches everything. I always use Adaware and 
Spybot in combination.

>  6) Finally, windows firewalls... Is Zone Alarm still considered the best for Windows? What are the strengths and weaknesses of the firewall built into Win/XP?
>  
>
I prefer Sygate because I like it's logging better and I find it easier 
to customize. However I would not install it one my mother's computer; 
I'd use Zone Alarm for that.

>TIA for all answers!
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>  
>




More information about the list mailing list