On Wed, 1 Sep 2004 11:23am, DePriest, Jason R. wrote:
On Tuesday, August 31, 2004 9:43 AM, Reg Quinton wrote
..... a system that catches a vulnerability the moment or as soon as it is manifested.
That's impossible. Consider any security patch. There is a vulnerability long before someone finds it, long before a patch is posted, long before a tool to detect the vulnerability is found....
That's why prudent folks harden off services they don't need ... as every service will have a vulnerability sooner or later.
Some companies beg to differ.
ISS, McAfee, and Cisco are all selling or are about to start selling products with "buffer overflow protection".
These tools are supposed to detect unknown exploits by looking for the type of activity that exploits must do like overwriting memory space, creating or copying files, opening ports, etc.
I haven't tested any of them out yet, but I'll have the McAfee and ISS programs "soon".
-Jason
PS - I apologize in advance for the legal disclaimer at the bottom of my
email message. This is tacked on by our SMTP gateway and I have no
control over it.
Those products do prevent exploitation of current and unknown vulnerabilities, but they don't detect them for you in advance. Products like entercept can stop tommorow's worm, but they don't tell you the hole that will be announced on bugtraq next week.
//Ron _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
