Security Basics mailing list archives
Re: Power Users, AntiSpyware & CriticalUpdates
From: David Glosser <david_glosser () yahoo com>
Date: Tue, 06 Sep 2005 19:21:18 -0400
If you have an app which doesn't work as a regular user, you can run utilities (I believe "regmon" and "filemon") to see what directories and registry entries need to be opened up.Power users are not really an improvement, as they still have far too many privileges to achieve actual security. Make your users normal users if possible. Otherwise don't bother. Making them power users isn't worth the time you'll spend on it.
You could leave automatic updates pointing directly to Microsoft's update servers. A (W)SUS would enable you to test updates on a set of test boxes before approving them for automatic enrollment to your network, though, so having a (W)SUS usually is a good idea.
If you can wait a day or two before deploying updates, then a (W)SUS box is a good idea. Wait until day after patch tuesday. See if there any complaints about a patch. If not, then approve. Of course, you are waiting an extra day or two before you install an critical security patch.
We will have Spybot installed. I also want to install Microsoft AntiSpyware, but it has so many poorly-worded, cryptic "warnings", that we may not. Is >there any decent articles on controlling AntiSpyware alerts, or should we move on to something like CounterSpy?
I believe you need a license to use Spybot in a corporation.
You can also run snort with the "bleeding malware rules" to catch machines already infected. Also you can run "Black-Hole DNS" on your internal server to loopback domains associated with malware to 127.0.0.1. This will prevent new infections and help neuter existing ones. www.bleedingsnort.comHow about "move to not getting spyware installed in the first place"? Like don't make your users admins or power users and have them use a web browser that is not IE.
Current thread:
- Re: Power Users, AntiSpyware & CriticalUpdates Ansgar -59cobalt- Wiechers (Sep 01)
- Re: Power Users, AntiSpyware & CriticalUpdates David Glosser (Sep 07)
- Re: Power Users, AntiSpyware & CriticalUpdates Ansgar -59cobalt- Wiechers (Sep 07)
- Re: Power Users, AntiSpyware & CriticalUpdates David Glosser (Sep 07)