Back to Top

Friday, December 01, 2006

What is HIPS and what isn't?

I support Microsoft's attempt to introduce kernel patch protection whole heartedly and I don't have a too high opinion about HIPSs either, but this interview can only be characterized as:

  • Microsoft trying to say: look, HIPS products can work with KPP
  • Sophos saying: we have HIPS too

To make it even clearer: running an executable in an emulator and watching its actions (observing the genes) isn't new, Sophos isn't the first (or even the best) at it and it certainly isn't HIPS.

Repeat after me: heuristic detection != HIPS.

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.