Wai_Wai
08-27-05, 04:47 PM
Next Generation Security Product: IPS. Care to install it?
By the way, in case if you are interested, have you ever thought of getting an IPS, as another big additional security protection of your computer?
IPS is Intrusion Prevention System which is a proactive approach to protect your system from attacking from different techniques or from unknown/new malware. It may be a high time to act before it becomes another standard/basic security product (which is the case to Firewall & Anti-spyware[AS] in the past).
Note:
- All the statements below are merely my personal opinion. Also I am by no means a security expert. I could be wrong.
- It could also happen that some statements may fall you into easy misinterpretation. Thus it will be grateful if you read carefully.
- since I can't explain anything in a short article, it is always good if you can ask me for clarification/questions if you are in doubt. Thanks for your appreciation.
Philosophy of IPS
The philosophy of IPS is if you rely on signature-based Anti-virus(AV)/Anti-spyware(AS) to protect us from malware. It is already too late.
New malware
New malware are merging every day. We can never catch them up. So there are some time gaps which a new malware can slaughter you freely.
Underground/Private malware
What's more, there are always underground/private/unknown malware which have not been discovered by security researchers. That implies you may have been attacked even if you are equipped with the best security suite (AV+Firewall+AS). Some malware are designed that they do not wish to let you know they had intruded your system. Typical examples are trojans and keyloggers. Even if you think you haven't been infected in the past, it may be just a false sense of security unfortunately.
Technique to workaround your security suite
In addition, there are always advanced technique to break or bypass the security products.
Example regarding AV/AS:
An anti-virus writer can simply rewrite the code of a known/signature virus by using the technique (code permutation) to bypass the Av again. It can always use some techniques to intrude the AV/AS, nullifying their work but at the same time faking the GUI, so you feel they are still working.
Example regarding Firewall:
In one test, half or more leak attacks can bypass the firewall (easily) even if you use the best well-known firewalls like ZoneAlarm. See http://www.firewallleaktester.com/tests.htm for details.
Situation becomes worse when:
- Some basic technique can still work to workaround your security suites (it is not rare). Eg: Simple Registry editing may work to disable your security software.
- Some hackers are crazy that they provide the advanced hacking tools (with easy to use interfaces) available on the Internet. Thus even beginner hackers can hack your computer using their advanced tools.
So why should I use IPS?
It can help you to solve the above problems and more. Eg: if you install a good IPS, you can help to block 90-100% of leak attacks.
Although if a hacker wishes to hack our computers, there are always ways to do even if we add IPS, this is not the main point. The main point is you gives your computer a strong security boost and discomfort the hacker to attack your computers.
As hackers follow the rules to attack the easy preys first, you will appear to be less attractive than people who only install the basic security suite (AV+Firewall+AS).
Do you care to spend little time to install IPS?
Installing IPS is as easy as installing a Firewall or any other simple software. As it works as proactive approach, it is similar to Firewall that it will alert you and make decisions. Now IPS has reached into the customer/end-user markets, so they are set as easy as possible to use (eg the implementation of learning mode for the IPS to learn your system), so even some novice users can get some benefits from IPS.
What IPS should I choose?
If you are a beginner, you may wish to try:
- ProcessGuard
This product is relatively easy to use. But there're prices for the ease of use - less powerful and so less secure.
If you wish to have a more powerful IPS, you may wish to try:
- System Safety Monitor
- Viguard
Currently, I am still researching on different IPS. So if you have good info about IPS reviews / comparisons and anything related, please tell me. I am eager to know.
Thanks for your time to read my post.
Any comment is welcome.
Note:
- All the statements below are merely my personal opinion. Also I am by no means a security expert. I could be wrong.
- It could also happen that some statements may fall you into easy misinterpretation. Thus it will be grateful if you read carefully.
- since I can't explain anything in a short article, it is always good if you can ask me for clarification/questions if you are in doubt. Thanks for your appreciation.
By the way, in case if you are interested, have you ever thought of getting an IPS, as another big additional security protection of your computer?
IPS is Intrusion Prevention System which is a proactive approach to protect your system from attacking from different techniques or from unknown/new malware. It may be a high time to act before it becomes another standard/basic security product (which is the case to Firewall & Anti-spyware[AS] in the past).
Note:
- All the statements below are merely my personal opinion. Also I am by no means a security expert. I could be wrong.
- It could also happen that some statements may fall you into easy misinterpretation. Thus it will be grateful if you read carefully.
- since I can't explain anything in a short article, it is always good if you can ask me for clarification/questions if you are in doubt. Thanks for your appreciation.
Philosophy of IPS
The philosophy of IPS is if you rely on signature-based Anti-virus(AV)/Anti-spyware(AS) to protect us from malware. It is already too late.
New malware
New malware are merging every day. We can never catch them up. So there are some time gaps which a new malware can slaughter you freely.
Underground/Private malware
What's more, there are always underground/private/unknown malware which have not been discovered by security researchers. That implies you may have been attacked even if you are equipped with the best security suite (AV+Firewall+AS). Some malware are designed that they do not wish to let you know they had intruded your system. Typical examples are trojans and keyloggers. Even if you think you haven't been infected in the past, it may be just a false sense of security unfortunately.
Technique to workaround your security suite
In addition, there are always advanced technique to break or bypass the security products.
Example regarding AV/AS:
An anti-virus writer can simply rewrite the code of a known/signature virus by using the technique (code permutation) to bypass the Av again. It can always use some techniques to intrude the AV/AS, nullifying their work but at the same time faking the GUI, so you feel they are still working.
Example regarding Firewall:
In one test, half or more leak attacks can bypass the firewall (easily) even if you use the best well-known firewalls like ZoneAlarm. See http://www.firewallleaktester.com/tests.htm for details.
Situation becomes worse when:
- Some basic technique can still work to workaround your security suites (it is not rare). Eg: Simple Registry editing may work to disable your security software.
- Some hackers are crazy that they provide the advanced hacking tools (with easy to use interfaces) available on the Internet. Thus even beginner hackers can hack your computer using their advanced tools.
So why should I use IPS?
It can help you to solve the above problems and more. Eg: if you install a good IPS, you can help to block 90-100% of leak attacks.
Although if a hacker wishes to hack our computers, there are always ways to do even if we add IPS, this is not the main point. The main point is you gives your computer a strong security boost and discomfort the hacker to attack your computers.
As hackers follow the rules to attack the easy preys first, you will appear to be less attractive than people who only install the basic security suite (AV+Firewall+AS).
Do you care to spend little time to install IPS?
Installing IPS is as easy as installing a Firewall or any other simple software. As it works as proactive approach, it is similar to Firewall that it will alert you and make decisions. Now IPS has reached into the customer/end-user markets, so they are set as easy as possible to use (eg the implementation of learning mode for the IPS to learn your system), so even some novice users can get some benefits from IPS.
What IPS should I choose?
If you are a beginner, you may wish to try:
- ProcessGuard
This product is relatively easy to use. But there're prices for the ease of use - less powerful and so less secure.
If you wish to have a more powerful IPS, you may wish to try:
- System Safety Monitor
- Viguard
Currently, I am still researching on different IPS. So if you have good info about IPS reviews / comparisons and anything related, please tell me. I am eager to know.
Thanks for your time to read my post.
Any comment is welcome.
Note:
- All the statements below are merely my personal opinion. Also I am by no means a security expert. I could be wrong.
- It could also happen that some statements may fall you into easy misinterpretation. Thus it will be grateful if you read carefully.
- since I can't explain anything in a short article, it is always good if you can ask me for clarification/questions if you are in doubt. Thanks for your appreciation.