I've seen IDS that does both #1 and #2. And nearly every hacker uses script kiddie tools. They are free and easy. They aren't the breach, but they are the precursors, while the attacker is probing for the easiest way in. And all security is obscurity, just with different definitions of obscurity. I secure all my computers with obscurity. A password that I hope no one else knows. That's obscurity. And nearly all security is based on that, biometrics being the only possible exception to that.
Biometrics are not different then a password viewed this way, it simply makes it harder to enter the right "code".
I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"