hype-free

A blog which tries to demystify computer security, point out the half-truths and misinformation which floats around about this subject and hopefully reduce the hype created by semi-informed people. It also has some useful tips from time to time.

Friday, December 01, 2006

What is HIPS and what isn't?

I support Microsoft's attempt to introduce kernel patch protection whole heartedly and I don't have a too high opinion about HIPSs either, but this interview can only be characterized as:

Microsoft trying to say: look, HIPS products can work with KPP
Sophos saying: we have HIPS too

To make it even clearer: running an executable in an emulator and watching its actions (observing the genes) isn't new, Sophos isn't the first (or even the best) at it and it certainly isn't HIPS.

Repeat after me: heuristic detection != HIPS.

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.

Using the embedded comment form requires JavaScript to be turned on for the blogger.com domain. However, you can still comment using the traditional method.