RE: IE Malware / Spyware Control Methods

From: Paris E. Stone (pstone_at_alhurra.com)
Date: 01/07/05

  • Next message: Gary Baribault: "Re: IE Malware / Spyware Control Methods"
    Date: Fri, 7 Jan 2005 12:58:59 -0500
    To: "Illuminatus Master" <illuminatus.master@gmail.com>, <incidents@securityfocus.com>
    
    

    Use Mozilla.

    If IE is a must, get the yahoo toolbar with anti-spy.
    &
    Spybot, have it immunize the system and block all bad pages & use the
    TeaTimer component.

    ~~~~~
    Paris E. Stone, "Linux Zealot"
    CISSP, CCNP, CNE, MCSE
    ~~~~~
    The only thing necessary for the triumph of evil,
    is for good men to do nothing.
    - Edmund Burke
     

    -----Original Message-----
    From: Illuminatus Master [mailto:illuminatus.master@gmail.com]
    Sent: Friday, January 07, 2005 12:37 PM
    To: incidents@securityfocus.com
    Subject: IE Malware / Spyware Control Methods

    Hello List,
     I'm sure you all realize the growing threat of malware and spyware to
    Internet Explorer. It has been my experience that the initial
    infection and/or removel of an infection by anti-spyware products can
    permanently damage a windows workstation. This damage occurs in many
    forms and often leads too the workstation being reformatted and
    rebuilt before going back into service.

    A recent example is earlier this week, in spite of content filtering,
    a workstation was infected with "wintools", "mysearchtoolbar" etc. The
    tough part of this is that such malware has multiple instances/threads
    and renames system files like msconfig to resist removal. Often
    IE/Windows is so damaged it's more time effiecient to just replace the
    box and rebuild the infected one.

    My question is this, I'm batting around the idea of using Group Policy
    in our Active Directory to try and choke IE down to the point where
    such Malware has trouble installing itself. Has anyone here ever tried
    such as this with any degree of success?

    Other than Group Policy I'm also considering deploying an alternate
    web browser that isnt subject to malware infection but doing so
    complicates my patching/reporting routine for our security audits.

    I look forward to your comments and idea's.

    Thanks,
    massa


  • Next message: Gary Baribault: "Re: IE Malware / Spyware Control Methods"

    Relevant Pages

    • IE Malware / Spyware Control Methods
      ... I'm sure you all realize the growing threat of malware and spyware to ... infection and/or removel of an infection by anti-spyware products can ... permanently damage a windows workstation. ...
      (Incidents)
    • Five Steps to Ditching Malware
      ... but here are some practical ways to clean up ... Malware seems to be getting worse. ... Antivirus, WinDefender 2008, P Antispyware 09, WinPC Antivirus, ... removing an infection it has to see all the files and all the ...
      (alt.comp.anti-virus)
    • Re: Virus? - Disable .EXE, .COM, .LNK and group policy.
      ... i.e. where all malware infections are within the ... infection with bad user behavior and proceed with punitive cleanup. ... you need to air-gap these from the students, ... If you have F&PS bound to TCP/IP and admin shares exposing all HD ...
      (microsoft.public.security.virus)
    • Re: Infected with something - need some hekp please
      ... is/was/are my malware shields. ... Download and execute HiJack This! ... The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the ... not due to infection. ...
      (microsoft.public.security.virus)
    • Re: Infected with something - need some hekp please
      ... is/was/are my malware shields. ... Download and execute HiJack This! ... The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the ... not due to infection. ...
      (microsoft.public.security.virus)