As far as I remember it comes with a baseline config and if a process is not on it's whitelist it cannot write PE code to the disk. At the time I used it, it was a Windows only product, so I have no knowledge of the OSX or Linux products.
The article doesn't really explain very well how HDF works, it is not a detection based technology. It stops unauthorised PE code from writing to the system's disks thereby making it difficult for malware to establish persistence on the system.
It won't protect against malware that only live in memory. I have used this product (years ago, it has been about for a while) - it's a great addition as part of a systems's layered defences, but not necessarily suitable for all environments or cases.
Slashdot Mirror
As far as I remember it comes with a baseline config and if a process is not on it's whitelist it cannot write PE code to the disk. At the time I used it, it was a Windows only product, so I have no knowledge of the OSX or Linux products.
The article doesn't really explain very well how HDF works, it is not a detection based technology. It stops unauthorised PE code from writing to the system's disks thereby making it difficult for malware to establish persistence on the system. It won't protect against malware that only live in memory. I have used this product (years ago, it has been about for a while) - it's a great addition as part of a systems's layered defences, but not necessarily suitable for all environments or cases.
If you could scale down models it would be fantastic. Just imagine the heights of tackyness that could be reached in gardens all over the world!