A new extension has been published today. NinjaSecurity[1] is a system plugin, that monitors all incoming data. Once enabled it searches the so called GPC data for previously defined exploit patterns that can be modified at the plugin's admin interface. On a detected attack NinjaSecurity[1] bans the attackers IP address for a previously defined period of time.
Over the past week there was published the plugin JAntiHacker on the Joomla!™ Extension Directory, and as a Linux and security freak I directly downloaded and inspected this tool. What I found was horrible! And by the way: The JED team immediately took it off the directory. 
Once the plugin was activated, the complete system was unusable. I had to disable the plugin directly at the MySQL database. Who of the non-professional users were able to put Joomla!™ in a stable state again?
I think I do not need to answer this question.
Next point was, if this plugin wouldn't have made Joomla!™ unusable, it would not really be protecting the system. Hey, there are also other ways I can go in order to inject my exploit code! This situation forced me to do a fork, because I hate leaving people in a security that is NOT given.
NinjaSecurity[1] is not a MagicBullet, but it can search all channels an attacker could frequent for his bad job, except injecting web server environment variables or performing remote file inclusions. Since a web application does its work on the HTTP layer there are also types such as NULL string attacks a web script can never protect from, but in any case the vulnerability for injection attacks is tremendously reduced.
Have A Lot Of Fun.
Best Regards
Uwe Walter
[1] Download NinjaSecurity Plugin 1.0.0
XML Feeds