Re: Microsoft Anti Spyware

Andy
Date: 01/30/05 

Date: Sun, 30 Jan 2005 17:35:17 -0000

"JW" <JustPostYourReply@ToThisNewsGroup.pls> wrote in message
news:g1XKd.114897$w62.70189@bgtnsc05-news.ops.worldnet.att.net...
> Andy wrote:
> > "JW" <JustPostYourReply@ToThisNewsGroup.pls> wrote in message
> > news:ukQKd.39491$8u5.23534@bgtnsc04-news.ops.worldnet.att.net...
> >
> >>Andy wrote:
> >>
> >>>Hi,
> >>>
> >>>I have a small 650 station Windows XP network supported by 8 server
2003
> >>>servers. Our clients are a mix of SP1 & SP2. We run SMS 2003 and
> >
> > Symantec
> >
> >>>Anti Virus 8.1 Corporate. We run Exchange Server 2003 & ISA server
2000
> >>>(soon to be upgraded to 2004) and GFI Download & Mail security.
> >>>
> >>>We plan to update all workstations to SP2 and are currently using SMS
to
> >>>bring all our clients uptodate.
> >>>
> >>>Our Business is Education (school) and our customers (students) like to
> >>>challenge our desktops (& servers!). We have suffered with lots of
> >
> > spyware
> >
> >>>in certain areas of the school (ie those areas with the more relaxed
> >>>teaching staff). We can't afford Lavasoft but the MS beta product looks
> >>>good.
> >>>
> >>>Has anyone any experience in deploying this across a corporate network
> >
> > and
> >
> >>>are there any down sides or tips you could share. I believe there is
> >
> > mention
> >
> >>>of possible adverse affects with certain MS software but details are
> >
> > sketchy
> >
> >>>and I'm not sure whether this has been fixed as of yet.
> >>>
> >>>I appreciate that MS may decide to start charging subscriptions for
this
> >>>product once it finishes BETA and I don't have a issue with this as we
> >>>always get MS software very cheaply and I don't think I would have a
> >
> > problem
> >
> >>>selling a MS anti spyware solution to my line manager.
> >>>
> >>>
> >>>Any comments would be appreciated
> >>>
> >>>Andy.
> >>>
> >>>
> >>
> >>you can block nearly all of it with the following solutions:
> >>http://www.mvps.org/winhelp2002/hosts.htm
> >>and IE-Spyad, Spyware Blaster, Spybot Search & Destroy, and the
> >>Purchased version of AdAware or SpySweeper. from my experience,
> >>these are the best solutions i have found. I use these, I never get any
> >>spyware, and i don't even have a hardware firewall.
> >>
> >>the Free version of AdAware does Not stop the installation of spyware.
> >>the Free version of AdAware only cleans up the crap, after the damage is
> >>already done. only the Purchased version of AdAware has a memory
> >>resident component that proactively scans for spyware.
> >>some settings will also help, e.g. Block All Third Party Cookies (in the
> >>Privacy tab of IE).
> >>
> >>it is important to realize that these solutions are not a 100% guarantee
> >>against spyware. there are plenty of other ways spyware can be
> >>installed besides an internet browser. any PC with a USB port or floppy
> >>drive can be infected. P2P and IM software are also very efficient
> >>avenues of infection.
> >
> >
> >
> > Hey thanks for the posts guys. Really useful.
> >
> > We have been running ISA server for 3 years now so I have had time to
> > configure a fairly tight system but still some stuff gets through and
that's
> > what I am interested in cleaning up be in after the event or as it trys
to
> > install. We actively block all P2P, IM and external email services and
> > provide staff / pupils with our own Exchange email account which we know
is
> > virus scanned. Floppy disks we have virtually eliminated as we haven't
> > bought any new clients with floppy drives for the last two years.
> >
> > USB pens / drives have really taken off with around 1/8 of students now
> > using them. I do worry about what they are bringing in; I know GFI has a
USB
> > security tool but it will work out very expensive for us so we may not
be
> > able to look at that until 2006. USB MP3 players are also very popular.
> >
> > We have found student accounts on our servers that contain virus
creation
> > tools and other malware so we know they are trying!
> >
> > Anyhow thanks for the URL, looks like we will have a new destination set
> > come Monday.
> >
> > Cheers Guys
> >
> > Andy.
> >
> >
> regarding what programs students can execute, there is a Group Policy in
> XP Pro that allows an administrator to itemize what programs are allowed
> to execute. so, if the program is not in the Group Policy list, then it
> cannot be executed. i presume this would prevent any programs from
> executing that students bring in on a USB device. of course, they could
> still copy their files from USB to their account, but their executables
> would not run.
>
> if i understand this right, then the payload of the malware would be
> difficult to deliver, unless you allowed write access to the \Program
> Files folder or \Windows folder. since i have not tried this GPO, maybe
> somebody smarter than me can confirm this. and it's over my head to
> imagine how this GPO would affect the option to "allow a DLL to run as
> an application".
>
> of course, all of this discussion stands or falls on the integrity of
> the operating system. but since operating system vulnerabilities are
> announced nearly on a monthly basis now, all the suggestions in the
> world will still leave you behind in the fight against virus/worm
> developers. so, security is ultimately a matter of degree. the more
> layers you have, the greater the degree of security. but there never
> will be 100% security as long as sleep-deprived humans write the software.

Software restriction policy?

Something that has been mentioned a few times in passing and not something I
have ever explored. Perhaps the time is ripe!

Andy.

Relevant Pages

  • Re: Remove GP from machine that has been removed from AD
    ... Location of the log file - %windir%\security\logs ... Execute a gpupdate /force, verify you get the 1202 event, and post the log ... CCNA, MCSE 2000/2003 + Security ... My machine took the normal> Group Policy. ...
    (microsoft.public.windows.group_policy)
  • Re: Its COBOL, Jim, but not as we know it...
    ... ActiveX control has no more permissions on your system than a Java ... It is _you_ that has improved the security, ... MicroSoft system of signed authentication which is used by ActiveX controls. ... Microsoft email can automatically execute an attachment. ...
    (comp.lang.cobol)
  • [NEWS] DB2 on iSeries Stored Procedures Vulnerability
    ... Beyond Security would like to welcome Tiscali World Online ... This vulnerability lets an otherwise limited user execute iSeries ... This vulnerability lets a user execute REXX scripts. ... CL programs sources are kept in Source files. ...
    (Securiteam)
  • [Full-Disclosure] Flaws security feature of SP2
    ... Author: Jürgen Schmidt, heise Security ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • RE: [Full-Disclosure] Flaws security feature of SP2
    ... Flaws security feature of SP2 ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)