Test for intrusion detection with Patriot NG

Patriot NG is a real time monitoring tool keeping an eye on changes in your Windows operating system and network, the program warns you of registry changes, new files in the Startup directory, new users being added, new services, changes in Windows host file, new scheduled jobs, Internet Explorer alteration(toolbars,configuration changes), changes in the ARP table (used for man in the middle attacks), opening of ports by new processes and anomalous network traffic.

This is a good tool to catch zero day threats, Patriot NG relies on software behaviour to predict if malware is changing files instead of using signature files like antivirus software without heuristics does.

Patriot NG IDS system

Patriot NG IDS system

If you suspect your computer has been infected by a trojan the first thing to do should be detaching your router to stop all Internet access, if someone has managed to infect your computer they can disable intrusion detection tools and send you updated malware via the Internet. After you have disconnected your router an antivirus, anti-spyware and anti-rootkit software should be run in the computer until something is found.

An Intrusion Detection System (IDS) tool is best used by people with good computer knowledge, newbies might not realise that they are giving access to a trojan horse since malware is normally disguised and named as something else, the user will need to know some basic operating system files (locations&names) to understand what is going on.

Visit Patriot NG homepage

Leave a Reply