Did I write the wares for our process filtering? No
But I have studied our commercial HIPS products in great detail. As noted, I need to maintain a bit higher standard than average user for my clients. My clients are lawyers, title companies, banks, etc.
In addition, what I have done, is tested against every attack vector I know of and can find...and I know of many more than what is published publically.
I must say that I'm a little disappointed. Most of the professionals I've given this quest to have at least tried to come up with a scenario/vector/POC/something that would vex me. If you want a list of wares to beat...OK but I'm certainly not going to lay out our enterprise security measures.
If you can, show me how you can infect a w2k sys with no AV or any other type of resident other than a simple end point packet filter and a single process filter installed. I just happen to be here at home working on one just like that. You can have my current IP, email addy, or any other info you'd like to have.
I'll even go to any page you want me too and record the entire transaction via sniffers and a multitude of various types of event snapshots to proove that I did indeed take any test you might devise and also show how well the nasties were stopped if that be the case.
I'll even do it with IE set to Low sec and my local proxies disabled. Actually, I'll need to leave Fiddler up as one of the monitors of the transaction. If you want to throw an infected email at me, I'll open it in OE with the very same criteria I just mentioned.
If you can devise such a test, I think it would help me greatly to convince all the folks that are stuck in a mold that I'm not just a mad man.
Let me know if you are up to it. Since it will take a few hours to set up all the monitors to capture/proove the event, I will need some time to get ready. 2-3 hrs should be enough but it's too late today...I'm headed for bed shortly.
===
Well at any rate, if there are any users around here who really want to learn how to protect themselves and don't want to spend a lot of money and don't want to have to be a genius to figure it out. I'll be more than happy to work with you.
So far I've taught lots of noobs how to protect their sys and I've taught many who have been subjected to all the salesmen pitching the status quo for many years now. They have all found it amazingly easy once they actually took the time to look at what I'm preaching.
If you can learn how to run a scanner properly, you can also learn how to make yourself almost impregnable. 'Almost' is because no ware can protect you from yourself...except possibly a sandbox and my thoughts on those can be found here;
http://www.voiceofthepublic.com/test_tools/twohips.htmlBottom line, the proof is in the pudding. For those who don't know what I mean by that; it simply means you should see for yourself.
BTW My quest above is open to any in the industry. Sho me a vector that I can't control. If there is such a thing, then my clients deserve better than what I offer.
Just so everyone knows, I'm not selling anything. There are now quite a few process firewalls around that are easy enough for the novice to use...some even free...and I'm quite familiar with many of them...especially the ones I mentioned on my firewall page. Some even include anti-malware definitions for those of you who need that added sense.
