Anti-Malware Tools: Intrusion Detection SystemsMartin Overton, from IBM in the UK, is back with another interesting malware paper. He's got an outline of how to use Snort to detect malware in transit on the wire.
When most people think of tools to combat malware, very few will give a passing thought to Intrusion Detection Systems, why?Anti-Malware Tools: Intrusion Detection Systems, Martin Overton, IBM, UK. Presented at the 2005 EICAR conference.
Common reasons include:
This paper will investigate the use of IDS systems, specifically to counter/block/detect malware. What’s more, this paper will focus on SNORT (which is a free IDS system available for both UNIX and Windows).
- They don’t realise that IDS systems can be used against malware (viruses, Trojans, worms, etc.)
- They are too difficult to setup, maintain and use.
- That they are too prone to false alarms.
This paper will include instructions and guidance on the setup of such a system, numerous examples of suitable rules to detect and block malware and useful tools that can make the sifting of logs easier and more palatable as well as configuration and other tools and utilities that may be useful in managing and maintaining SNORT.
The use of an IDS system can be extremely useful in cases of fast burning or very complex malware outbreaks as a stop-gap until the anti-virus vendors manage to get reliable updates out to their customers.
An IDS is also useful in identifying infected systems in your organization that need remedial action before the ‘trickle’ of infections become a ‘torrent’ and you are left fighting to keep your head above the rising waters.
This paper is based on the recent two-part article written for Virus Bulletin [October and November 2004] and parts of that article have been used with their permission.
You can get real-time intrusion detection, logging and access blocking for WIFI networks with our free WIFI Internet Access Blocker. Supports WEP/WPA and runs on Win2K and XP machines. Can be upgraded to Hotspot services (coming Q3/2005) Download from http://www.myWIFIzone.com
Posted by: Jim Williams | Jun 2, 2005 6:03:11 PM
thanks to share me information about worm ; virus..
Posted by: nguyen ngoc | Mar 22, 2008 11:20:21 AM
The comments to this entry are closed.