Quoting Odhiambo Washington <wash@wananchi.com>:
>> Yes, you are right, too. But if I apply such a blacklist, I reduce the
>> chance for such "malware" to pass through (altough it will never be 100%
>> protection). Do you agree?
You are not alone in that thinking.
The IDS think tank at bleedingsnort.org has a project where they are
cataloging the various user agents found in different types of spyware.
The idea is to assemble a repository for filtering, etc:
to extend that function into the real world, they have corellated URL
signatures found in various types of spyware and have put together a
site to actively identify malware as it passes through the network.
http://www.bleedingsnort.com/staticpages/index.php?page=listeningpost
This is *not* a magic bullet that will make us all secure, but if it
cuts out 60% of the bad stuff, that's pretty good. It's certainly more
than most anti virus scanners catch these days.
jp
-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact: services@doctorunix.com
Received on Wed Nov 23 2005 - 09:11:12 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST