|
|
|
|
|
|
by drzaiusapelord
4314 days ago
|
|
|
Not to mention, this kind of app does us no good. Its another little snitch clone. Joe End User isn't making heads or tails of this. Why would he want to? What I want is a simple no-worry IDS/IPS I can install on easily on Win or OSX machines. Have it use the rules Snort uses. Make it dead simple to install. Now I don't have to spend hours digging through logs or graphs by apps like these. The IDS/IPS just stops hackers from entering. I'm a sysadmin and I run IDS and its a game-changer for us. Yet somehow in the home user space, its non-existant. No idea on how bad the licensing on those Snort rules is, but a 1-click WinSnort that auto-updated itself would be a game changer. I find it amusing that everyone lives in fear of Cryptolocker when a simple rule can detect Cryptolocker traffic and deny it access to the mothership to generate a key. No key, no encryption. I could see this evolving into a smart firewall type app on top of these static rules. It could say, "Hey why is guy downloading an unsigned exe from a computer on the botnet list? I'll block that." Or "why is this guy sending out suddenly smtp connections to thousands of servers. I'll just block that." |
|
|
Personally I've been looking for a little snitch equivalent for Windows for a while now and this one seems like a good starting point.
I think that the problem you might have with IDS/IPS for end user machines is similar to the problems that end users would have with this kind of software. Namely when it blocks/alerts it's very hard to translate the reason for the block (a SNORT rule) into something that's meaningful for a non-technical user.
the alternative is just to silently block, but that leaves the user with a problem whenever there is a false positive (which is a fairly large problem with network IDS/IPS in my experience)