The vendors configured the boxes. I guess I should say the vendors tuned! the boxes too. "Don't like how the boxes were configured for our review? Go ask the vendors why they set them up that way!"
Puh-leese, will someone explain how reviews work. Here's how they don't work:
omnipotent editorial staff make a list of all
relevant products in the three nearest known
universes.
During the initial selection process, claravoyant product marketing staff at all vendors who have now, formerly did, or ever will exist submit their products for review.
A list of products was made, vendors were contacted, vendors >with clue keep track of relevant publications to see what they are reviewing, and a list is constructed from all the various inputs. If you think product FOO from vendor BAR should have been reviewed, call THE VENDOR and point out to them it should have been reviewed. Don't play tail gunner, after the fact, complaining to the publication about something you don't know about.
Well, as the person who got to keep calling the vendors (with some it was more than once per day for multiple days) I can tell you we >did talk to the vendors. We had better support than the average user since we were writing a review. We effectively had an unlimited support contract, as reviews normally do. Nobody involved was "anti-IDS". The fact the fellow from ISS didn't know we were doing the review is a problem between him and Nokia. "Reviewers want the product not to work" is not true, at least not in this case.
The >>>vendors configured the boxes for us. ALl the (bogus) whining that we configure things wrong is way off target. The point about false alarms was that many products made it painful to impossible to alter severities to tune what alarms (false or otherwise) one wanted to see.
Slashdot Mirror
The vendors configured the boxes. I guess I should say the vendors tuned! the boxes too. "Don't like how the boxes were configured for our review? Go ask the vendors why they set them up that way!"
Puh-leese, will someone explain how reviews work. Here's how they don't work: omnipotent editorial staff make a list of all relevant products in the three nearest known universes. During the initial selection process, claravoyant product marketing staff at all vendors who have now, formerly did, or ever will exist submit their products for review. A list of products was made, vendors were contacted, vendors >with clue keep track of relevant publications to see what they are reviewing, and a list is constructed from all the various inputs. If you think product FOO from vendor BAR should have been reviewed, call THE VENDOR and point out to them it should have been reviewed. Don't play tail gunner, after the fact, complaining to the publication about something you don't know about.
Well, as the person who got to keep calling the vendors (with some it was more than once per day for multiple days) I can tell you we >did talk to the vendors. We had better support than the average user since we were writing a review. We effectively had an unlimited support contract, as reviews normally do. Nobody involved was "anti-IDS". The fact the fellow from ISS didn't know we were doing the review is a problem between him and Nokia. "Reviewers want the product not to work" is not true, at least not in this case.
The >>>vendors configured the boxes for us. ALl the (bogus) whining that we configure things wrong is way off target. The point about false alarms was that many products made it painful to impossible to alter severities to tune what alarms (false or otherwise) one wanted to see.
It was from a configuration error, which we explained.
I don't recall saying Snort is at a disadvantage from not having a GUI. In fact, we didn't >review Snort at all. We used it, in text mode.