Re: WindowsXP - how can I stop viruses from running their own SMTP engine?

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 03/29/04

• Next message: Lanwench [MVP - Exchange]: "Re: Worm in Outlook Express McAfee can't identify"
• Previous message: Andrew Z Carpenter [MVP:Windows:Security]: "Information on confirmed hoaxes - 29MAR04"
• In reply to: Glen Heaysman: "WindowsXP - how can I stop viruses from running their own SMTP engine?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 28 Mar 2004 23:01:06 -0500

In addition, make sure your firewall is configured not to allow any outbound
traffic other than for 80, 443, whatever, from any IP you don't wish
it....as in, no outbound 25 from anything but your servers. Block common
webmail like Hotmail, Yahoo, mail2web.com, etc. Don't allow outbound port
110. Etc etc etc etc.

Glen Heaysman wrote:
> Hi all,
>
> We're running Windows XP on about 350 desktops. We're very strict
> with our user permissions and group policies, etc. Users can't see
> C:\ drive, they can't install apps, they can't write the registry,
> they can't write to c:\windows, etc, etc.
>
> While we have a corporate firewall in place and desktop anti-virus
> scanners as a security measure - how can I stop Windows XP from
> allowing a virus to run its own SMTP engine?
>
> I don't want to license, install and manage personal firewalls on each
> desktop PC but how else can I stop viruses from bring along thier own
> SMTP engine? Is there something in Group Policy?
>
> My fear is having a desktop PC where the anti-virus software has
> stopped running (for whatever reason) and a user opens email from a
> web-based mail provider. What's to stop the SMTP engine from loading
> and doing damage? The email isn't coming in through the firewall in
> this instance - it's just Port 80 traffic.
>
> Any ideas would be greatly appreciated.
>
> Thanks,
> Glen

---

• Next message: Lanwench [MVP - Exchange]: "Re: Worm in Outlook Express McAfee can't identify"
• Previous message: Andrew Z Carpenter [MVP:Windows:Security]: "Information on confirmed hoaxes - 29MAR04"
• In reply to: Glen Heaysman: "WindowsXP - how can I stop viruses from running their own SMTP engine?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cant Ping Windows 2003 server after R2 Upgrade..HELP! ... UPDATE* -- i've enabled to the windows firewall just to see what can be ... i then adjust the ICMP setting to allow ALL icmp. ... Enable 3 Allow outbound destination unreachable ... ICMP configuration for Local Area Connection 7: ... (microsoft.public.win2000.active_directory) Re: black ice usage question ... It relies on it's application control for outbound protection. ... restrict the entire machine from accessing certain ports either. ... firewall will allow the user to restrict all access to only the ports ... (comp.security.firewalls) Re: Firewall of SP2 is good? ... >> PFW solutions and some people do consider App Control a limited means ... then it cannot send any outbound traffic. ... > connections to an application. ... The firewall does NOT stop any ... (comp.security.firewalls) Re: Network Firewall/Routing Solution ... > for a good solution to route inbound and outbound traffic. ... > firewall combo boxes that linksys sells, and I really don't want to run ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ... (comp.security.firewalls) Re: Which Firewall with Nod32? ... Some of us do not want to be data packet inspectors or firewall rules ... which apps get outbound rights" and which ones don't.How boring, ... > first it was the supposed myth of firewall security and now it's this... ... > "hungry people don't stay hungry for long ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)