diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Nov302010

NIS Signature: Why Some Signatures Are Disabled By Default?

Microsoft explained the reason behind disabling 4 signatures in the NIS Signature set released last month (8.32):

There’re three different NIS signature types:

  1. Vulnerability-based signatures will detect most variants of exploits against a given vulnerability.
  2. Exploit-based signatures will detect a specific exploit of a given vulnerability.
  3. Policy-based signatures are generally used for auditing purposes and are developed when neither vulnerability nor an exploit-based signature can be written.

“Whenever possible, we write vulnerability based or exploit based signatures. These’re accurate signatures which’ve a very low rate of false positives or false negatives.

However, in some cases we aren’t able to write a vulnerability/exploit signature so we write a policy based signature. These’re less accurate and can cause some false alarms so it’s up to the admin to make a conscious decision to enable them despite the risk of false positives.

This’s why we make policy based signatures available in a “disabled by default” mode,” explains Microsoft.

[Source]

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...