[Dshield] Windoze Questions...

Mrcorp mrcorp at yahoo.com
Thu Feb 12 17:53:57 GMT 2004


My thoughts...

1) Tripwire runs on WIndows.  But I assume you mean free, I dont have any answers here.

2) Yes, Snort as a packet capture runs better on Windows then UNIX due to Interupts...
(http://www.infosecwriters.com/text_resources/pdf/passive_packet_capture.pdf)

3) Yes, but only popular or common models.  Anti-Virus is focused on Viruses, not Trojans,
keyloggers, backdoors and other Malware.  Many of the popular antivirus vendors do provide a
limited ability to identify the common malwares though.  So if a AV scan doesnt turn up anyhting,
and you still suspect something is installed, goto products like Tauscan.

4) dont know

5) I use several, in my testing of adaware, spybot, and a few others, not one caught everything. 
In other words, I would scan with one, clean up, install the second scanner, scan again, find new
ones not cuaght by the first... and so on.

6) Depends on your requirements.  ZOnealarm does port blocking and such.  I prefer Sygate, It has
built in HIDS, parent and child process catching, NIDS, etc...

Mrcorp

--- "Jon R. Kibler" <Jon.Kibler at aset.com> wrote:
> Greetings,
> 
> As I have said several times before, I am not a windows expert and we use few windows machines
> in our shop. Thus, I have a few questions about Windows security from a Unix perspective.
> 
> Questions:
>   1) Are there programs equivalent to COPS and TripWire that run on Windows?
>   2) Anyone running SNORT under Windows? Any comparison to how it runs under *nix?
>   3) Does the most common AV software (Symantec, NAI, etc.) catch keystroke loggers and other
> spyware (not Adware!) that may be present and running or a Windows system?
>   4) About the Windows encrypted file system... if someone gets Admin privilege on a system
> using the encrypted file system, can they disclose or compromise data that would normally be
> protected?
>   5) When I search for products that detect adware installed on a Windows box, I get dozens of
> hits... is any given product better than another, or do you really need a combination of
> products to detect and stop all the various adware downloads in use?
>   6) Finally, windows firewalls... Is Zone Alarm still considered the best for Windows? What are
> the strengths and weaknesses of the firewall built into Win/XP?
> 
> TIA for all answers!
> 
> -- 
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> 
> 
> 
> 
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
> 
> > _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 


__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html




More information about the list mailing list