Re: Microsoft Anti Spyware

Andy
Date: 01/30/05 

Date: Sun, 30 Jan 2005 17:35:17 -0000

"JW" <JustPostYourReply@ToThisNewsGroup.pls> wrote in message
news:g1XKd.114897$w62.70189@bgtnsc05-news.ops.worldnet.att.net...
> Andy wrote:
> > "JW" <JustPostYourReply@ToThisNewsGroup.pls> wrote in message
> > news:ukQKd.39491$8u5.23534@bgtnsc04-news.ops.worldnet.att.net...
> >
> >>Andy wrote:
> >>
> >>>Hi,
> >>>
> >>>I have a small 650 station Windows XP network supported by 8 server
2003
> >>>servers. Our clients are a mix of SP1 & SP2. We run SMS 2003 and
> >
> > Symantec
> >
> >>>Anti Virus 8.1 Corporate. We run Exchange Server 2003 & ISA server
2000
> >>>(soon to be upgraded to 2004) and GFI Download & Mail security.
> >>>
> >>>We plan to update all workstations to SP2 and are currently using SMS
to
> >>>bring all our clients uptodate.
> >>>
> >>>Our Business is Education (school) and our customers (students) like to
> >>>challenge our desktops (& servers!). We have suffered with lots of
> >
> > spyware
> >
> >>>in certain areas of the school (ie those areas with the more relaxed
> >>>teaching staff). We can't afford Lavasoft but the MS beta product looks
> >>>good.
> >>>
> >>>Has anyone any experience in deploying this across a corporate network
> >
> > and
> >
> >>>are there any down sides or tips you could share. I believe there is
> >
> > mention
> >
> >>>of possible adverse affects with certain MS software but details are
> >
> > sketchy
> >
> >>>and I'm not sure whether this has been fixed as of yet.
> >>>
> >>>I appreciate that MS may decide to start charging subscriptions for
this
> >>>product once it finishes BETA and I don't have a issue with this as we
> >>>always get MS software very cheaply and I don't think I would have a
> >
> > problem
> >
> >>>selling a MS anti spyware solution to my line manager.
> >>>
> >>>
> >>>Any comments would be appreciated
> >>>
> >>>Andy.
> >>>
> >>>
> >>
> >>you can block nearly all of it with the following solutions:
> >>http://www.mvps.org/winhelp2002/hosts.htm
> >>and IE-Spyad, Spyware Blaster, Spybot Search & Destroy, and the
> >>Purchased version of AdAware or SpySweeper. from my experience,
> >>these are the best solutions i have found. I use these, I never get any
> >>spyware, and i don't even have a hardware firewall.
> >>
> >>the Free version of AdAware does Not stop the installation of spyware.
> >>the Free version of AdAware only cleans up the crap, after the damage is
> >>already done. only the Purchased version of AdAware has a memory
> >>resident component that proactively scans for spyware.
> >>some settings will also help, e.g. Block All Third Party Cookies (in the
> >>Privacy tab of IE).
> >>
> >>it is important to realize that these solutions are not a 100% guarantee
> >>against spyware. there are plenty of other ways spyware can be
> >>installed besides an internet browser. any PC with a USB port or floppy
> >>drive can be infected. P2P and IM software are also very efficient
> >>avenues of infection.
> >
> >
> >
> > Hey thanks for the posts guys. Really useful.
> >
> > We have been running ISA server for 3 years now so I have had time to
> > configure a fairly tight system but still some stuff gets through and
that's
> > what I am interested in cleaning up be in after the event or as it trys
to
> > install. We actively block all P2P, IM and external email services and
> > provide staff / pupils with our own Exchange email account which we know
is
> > virus scanned. Floppy disks we have virtually eliminated as we haven't
> > bought any new clients with floppy drives for the last two years.
> >
> > USB pens / drives have really taken off with around 1/8 of students now
> > using them. I do worry about what they are bringing in; I know GFI has a
USB
> > security tool but it will work out very expensive for us so we may not
be
> > able to look at that until 2006. USB MP3 players are also very popular.
> >
> > We have found student accounts on our servers that contain virus
creation
> > tools and other malware so we know they are trying!
> >
> > Anyhow thanks for the URL, looks like we will have a new destination set
> > come Monday.
> >
> > Cheers Guys
> >
> > Andy.
> >
> >
> regarding what programs students can execute, there is a Group Policy in
> XP Pro that allows an administrator to itemize what programs are allowed
> to execute. so, if the program is not in the Group Policy list, then it
> cannot be executed. i presume this would prevent any programs from
> executing that students bring in on a USB device. of course, they could
> still copy their files from USB to their account, but their executables
> would not run.
>
> if i understand this right, then the payload of the malware would be
> difficult to deliver, unless you allowed write access to the \Program
> Files folder or \Windows folder. since i have not tried this GPO, maybe
> somebody smarter than me can confirm this. and it's over my head to
> imagine how this GPO would affect the option to "allow a DLL to run as
> an application".
>
> of course, all of this discussion stands or falls on the integrity of
> the operating system. but since operating system vulnerabilities are
> announced nearly on a monthly basis now, all the suggestions in the
> world will still leave you behind in the fight against virus/worm
> developers. so, security is ultimately a matter of degree. the more
> layers you have, the greater the degree of security. but there never
> will be 100% security as long as sleep-deprived humans write the software.

Software restriction policy?

Something that has been mentioned a few times in passing and not something I
have ever explored. Perhaps the time is ripe!

Andy.

Relevant Pages

  • Re: Remove GP from machine that has been removed from AD
    ... Location of the log file - %windir%\security\logs ... Execute a gpupdate /force, verify you get the 1202 event, and post the log ... CCNA, MCSE 2000/2003 + Security ... My machine took the normal> Group Policy. ...
    (microsoft.public.windows.group_policy)
  • [NEWS] DB2 on iSeries Stored Procedures Vulnerability
    ... Beyond Security would like to welcome Tiscali World Online ... This vulnerability lets an otherwise limited user execute iSeries ... This vulnerability lets a user execute REXX scripts. ... CL programs sources are kept in Source files. ...
    (Securiteam)
  • [Full-Disclosure] Flaws security feature of SP2
    ... Author: Jürgen Schmidt, heise Security ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • RE: [Full-Disclosure] Flaws security feature of SP2
    ... Flaws security feature of SP2 ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • Re: System.Security.SecurityException was unhandled
    ... assembly actually has the permission in question. ... Try and find the sorce of the security permission error, ... setting was done on both versions 1.1 and 2.0 .NET framework. ... When I execute the application I received and error message. ...
    (microsoft.public.dotnet.security)