RE: IE Malware / Spyware Control Methods

From: sunzi (sunzi_at_mod-x.com)
Date: 01/07/05

  • Next message: Paul Laudanski: "Re: IE Malware / Spyware Control Methods" 
    To: incidents@securityfocus.com
Date: 07 Jan 2005 17:07:55 -0500

    I've stated doing the same thing (where I can't simply replace it with
    Firefox), but in my earlier experiences, the TeaTimer componant provides
    way too many questions to the end user with simple yes/no buttons, and I
    found that most just hit yes ... bad.

    The Immunization feature in silent mode is a must, but must also be
    "reimmunized" everytime an updated signature file is retreived :(

    Also, below the standard Immunization feature, there's also a Bad Page
    blocker which provides a 2nd layer of protection as Immunization work
    against ClassID's only.

    hth,
    sunzi

    On Fri, 2005-01-07 at 12:58, Paris E. Stone wrote:
    > Use Mozilla.
    >
    > If IE is a must, get the yahoo toolbar with anti-spy.
    > &
    > Spybot, have it immunize the system and block all bad pages & use the
    > TeaTimer component.
    >
    > ~~~~~
    > Paris E. Stone, "Linux Zealot"
    > CISSP, CCNP, CNE, MCSE
    > ~~~~~
    > The only thing necessary for the triumph of evil,
    > is for good men to do nothing.
    > - Edmund Burke
    >
    >
    > -----Original Message-----
    > From: Illuminatus Master [mailto:illuminatus.master@gmail.com]
    > Sent: Friday, January 07, 2005 12:37 PM
    > To: incidents@securityfocus.com
    > Subject: IE Malware / Spyware Control Methods
    >
    > Hello List,
    > I'm sure you all realize the growing threat of malware and spyware to
    > Internet Explorer. It has been my experience that the initial
    > infection and/or removel of an infection by anti-spyware products can
    > permanently damage a windows workstation. This damage occurs in many
    > forms and often leads too the workstation being reformatted and
    > rebuilt before going back into service.
    >
    > A recent example is earlier this week, in spite of content filtering,
    > a workstation was infected with "wintools", "mysearchtoolbar" etc. The
    > tough part of this is that such malware has multiple instances/threads
    > and renames system files like msconfig to resist removal. Often
    > IE/Windows is so damaged it's more time effiecient to just replace the
    > box and rebuild the infected one.
    >
    > My question is this, I'm batting around the idea of using Group Policy
    > in our Active Directory to try and choke IE down to the point where
    > such Malware has trouble installing itself. Has anyone here ever tried
    > such as this with any degree of success?
    >
    > Other than Group Policy I'm also considering deploying an alternate
    > web browser that isnt subject to malware infection but doing so
    > complicates my patching/reporting routine for our security audits.
    >
    > I look forward to your comments and idea's.
    >
    > Thanks,
    > massa
    >
    >

  • Next message: Paul Laudanski: "Re: IE Malware / Spyware Control Methods"