Re: Question Regarding Windows Security
From: dln (dnadon_nospm_at_hotmail.com)
Date: 04/12/04
- Next message: Greg: "Re: All patches, but still exploited"
- Previous message: Drew Cooper [MSFT]: "Re: EFS Recovery Agent"
- In reply to: Keith W. McCammon: "Re: Question Regarding Windows Security"
- Next in thread: cseeger: "Re: Question Regarding Windows Security"
- Reply: cseeger: "Re: Question Regarding Windows Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 15:36:58 -0500
Great! Thanks for the response.
"Keith W. McCammon" <km@km.com> wrote in message
news:e1tX3jLIEHA.2928@TK2MSFTNGP10.phx.gbl...
> This is a long and complicated question, but hopefully this short answer
> will suffice...
>
> There are a number of reasons why this happens. You might call it the
> "perfect storm" of improper application implementation (IE), poor
> integration design (IE and underlying OS), etc. Stopping spyware if
you're
> using IE is tough, unless you can be *very* restrictive in your policies
> (which sometimes isn't an option in a corporate environment).
>
> Anyway, Microsoft is well aware of this, and is releasing Service Pack 2
for
> Windows XP to address these specific issues (as well as a number of other
> long-overdue corrections to the security implementation). Among other
> things, it fixes pop-ups, misleading windows (I.e., web windows that look
> like OS prompts--a common spyware entry point), as well as the ability of
> web-based code to execute on the system at all, without confirmation.
>
> This SP will be released later this year. In the meantime, you can get
the
> SP2 preview at http://www.microsoft.com/SP2Preview. It's a release
> candidate, so I wouldn't push it out. But install it ona test box and
give
> it a run. It's already very stable, and very effective at reducing the
> overall attack surface in XP.
>
> "dln" <dnadon_nospm@hotmail.com> wrote in message
> news:Obizw9IIEHA.2252@TK2MSFTNGP10.phx.gbl...
> > Good day all. I've got a few questions regarding Windows security that
> > perhaps someone can help me out with. We are running a Windows 2003
> Domain
> > with everybody's local workstations running Windows XP. Both client and
> > server machines are always kept up to date with the latest OS patches
and
> > Symantec AV patches. One thing that we're beginning to see quite a bit
of
> > lately is spyware/addware/scumware being installed via MSN Messenger.
> >
> > There are two typical scenarios that we're seeing. The first is someone
> in
> > the organization gets an IM from another person they "trust" and the
> message
> > contains a URL which the individual clicks on. This in turn launches an
> > installer that not only installs the addware onto the person's local
> system,
> > but then also sends out the same message to everybody in the
individual's
> > MSN contact list and the process repeats itself.
> >
> > The second scenario, is a person is conversing with another individual
and
> > all of a sudden software starts getting installed on the person's system
> > without any prompting from the user (there was no URL to click on, like
in
> > scenario 1). Normally, I wouldn't have believed the user's claim that
> they
> > didn't do anything out of the ordinary, but I was looking over their
> > shoulder while all this transpired. I'm also at a loss to explain how
> this
> > happened other than the user's system was already infected.
> >
> > Although I'm surprised at this behavior, I'm still trying to determine
the
> > best course of action to prevent our systems from being infected. The
> first
> > thing that crosses my mind is to remove administrative access for
> everybody
> > on their local boxes - something that I've suggested in the past, but
was
> > shot down due to the inconvenience of not being able to install software
> as
> > a non-admin user (which is exactly why I wanted to remove admin access).
> >
> > So now, onto the questions. First, will removing local administrative
> > rights from everybody's machine prevent the installation of
> addware/spyware?
> > It seems to me that it might, I am reluctant to test this assumption.
> >
> > Secondly, I can publish managed software via an AD software policy and
> this
> > should solve most of everybody's software concerns since software
> published
> > via AD is installed under elevated privileges. However, the problem I
run
> > into there is that some of the software used at our site does not come
in
> > the form of an MSI package. Can anybody recommend a good software
package
> > that will convert an install.exe to an MSI package?
> >
> > Lastly, what impact will removing admin access have on our software
> > developers? Most of the developers on-site do Java/Web development and
a
> > few use MS Developer Studio .Net. It seems to me that basic software
> > development shouldn't be affected, but is there something that I haven't
> > considered?
> >
> > Any assistance or input you could provide would be greatly appreciated.
> >
> > Regards.
> >
> >
>
>
- Next message: Greg: "Re: All patches, but still exploited"
- Previous message: Drew Cooper [MSFT]: "Re: EFS Recovery Agent"
- In reply to: Keith W. McCammon: "Re: Question Regarding Windows Security"
- Next in thread: cseeger: "Re: Question Regarding Windows Security"
- Reply: cseeger: "Re: Question Regarding Windows Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
