Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 3406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tamper Protection

dw-ecl

Just wondering if there is any chance in future releases of the tamper protection feature being extended to include the application control settings (well, I say settings but I really meam stopping them from disabling it?)

Thanks,

D

:9029


This thread was automatically locked due to age.
Parents
  • 0

    Not to beat a dead horse or anything but,

    What about "User Land" rootkit behavior associated with some of the latest attacks like Zeus? These run in Ring 3 and can compromise based on the user priveledges.  The reason why it is able to slip by conventional antivirus programs is because it imports a large number of application programming interfaces (API's).

    Are you saying that to Sophos, this is a moot point? And that I shouldn't allow my users to have Local Admin access? To me this really isn't about trusting my users. I'm more worried about Zero-day threats that could inject or modify the Sophos services. More specifically, the ability to defend itself against malware that targets itself.

    I'm not knocking on the Sophos product, I think it's great. But having the OPTION to protect these services at the Kernel level would be a good feature. I'm suprised that you don't agree.

    Enterprise level applications like the ones produced by Cisco (CSA) and CoreTrace (Bouncer) do include this feature for a good reason.

    :10107
Reply
  • 0

    Not to beat a dead horse or anything but,

    What about "User Land" rootkit behavior associated with some of the latest attacks like Zeus? These run in Ring 3 and can compromise based on the user priveledges.  The reason why it is able to slip by conventional antivirus programs is because it imports a large number of application programming interfaces (API's).

    Are you saying that to Sophos, this is a moot point? And that I shouldn't allow my users to have Local Admin access? To me this really isn't about trusting my users. I'm more worried about Zero-day threats that could inject or modify the Sophos services. More specifically, the ability to defend itself against malware that targets itself.

    I'm not knocking on the Sophos product, I think it's great. But having the OPTION to protect these services at the Kernel level would be a good feature. I'm suprised that you don't agree.

    Enterprise level applications like the ones produced by Cisco (CSA) and CoreTrace (Bouncer) do include this feature for a good reason.

    :10107
Children
No Data
Unfiltered HTML