RE: IE Malware / Spyware Control Methods
From: sunzi (sunzi_at_mod-x.com)
To: email@example.com Date: 07 Jan 2005 17:07:55 -0500
I've stated doing the same thing (where I can't simply replace it with
Firefox), but in my earlier experiences, the TeaTimer componant provides
way too many questions to the end user with simple yes/no buttons, and I
found that most just hit yes ... bad.
The Immunization feature in silent mode is a must, but must also be
"reimmunized" everytime an updated signature file is retreived :(
Also, below the standard Immunization feature, there's also a Bad Page
blocker which provides a 2nd layer of protection as Immunization work
against ClassID's only.
On Fri, 2005-01-07 at 12:58, Paris E. Stone wrote:
> Use Mozilla.
> If IE is a must, get the yahoo toolbar with anti-spy.
> Spybot, have it immunize the system and block all bad pages & use the
> TeaTimer component.
> Paris E. Stone, "Linux Zealot"
> CISSP, CCNP, CNE, MCSE
> The only thing necessary for the triumph of evil,
> is for good men to do nothing.
> - Edmund Burke
> -----Original Message-----
> From: Illuminatus Master [mailto:firstname.lastname@example.org]
> Sent: Friday, January 07, 2005 12:37 PM
> To: email@example.com
> Subject: IE Malware / Spyware Control Methods
> Hello List,
> I'm sure you all realize the growing threat of malware and spyware to
> Internet Explorer. It has been my experience that the initial
> infection and/or removel of an infection by anti-spyware products can
> permanently damage a windows workstation. This damage occurs in many
> forms and often leads too the workstation being reformatted and
> rebuilt before going back into service.
> A recent example is earlier this week, in spite of content filtering,
> a workstation was infected with "wintools", "mysearchtoolbar" etc. The
> tough part of this is that such malware has multiple instances/threads
> and renames system files like msconfig to resist removal. Often
> IE/Windows is so damaged it's more time effiecient to just replace the
> box and rebuild the infected one.
> My question is this, I'm batting around the idea of using Group Policy
> in our Active Directory to try and choke IE down to the point where
> such Malware has trouble installing itself. Has anyone here ever tried
> such as this with any degree of success?
> Other than Group Policy I'm also considering deploying an alternate
> web browser that isnt subject to malware infection but doing so
> complicates my patching/reporting routine for our security audits.
> I look forward to your comments and idea's.