Educause Security Discussion mailing list archives
Re: preventing spyware
From: "Steele, John E." <moonowl () BF UMICH EDU>
Date: Wed, 17 Nov 2004 12:03:35 -0500
Steve, I've been working on prevention (as well as removal) of spyware at the desk top level here and MAIS (Michigan Administrative and Information Services, University of Michigan). Recapturing the lost time cycles, both on the part of the end user as well as on our technical team is an efficiency increase worth the investment. Three factors result in over 99% of all spyware infections: 1. Administrative Rights on local machines 2. Not blocking popups 3. Lack of user education Our approach has been three fold so far: 1. By reviewing the need for administrative rights on user computers, we've reduced the number of end users with those rights with a dramatic reduction in spyware infections. Those folks who need to install software from time to time are issued a second account which admin rights. Their main account is a user rights account. 2. By installing XPSP2 and blocking popups we've further reduced spontaneous installations of spyware. (For systems without XP, I'd suggest the Google Toolbar, which also prevents popups (http://toolbar.google.com )) 3. By presenting information about the most common spyware programs as well as by informing our users about the risks of installing non-business related software, those users that do retain their administrative rights (users limited to those running programs that need to start/stop services), we've further reduced the number of infections. These three policies are low cost, require minimal support to maintain, and result in very few spyware infections (less then 1 per month/500 machines). Please let us know what your group ends up doing and how well it works. Thank you, John E. Steele Network Support Michigan Administrative and Information Services 734-647-8979 (phone) 734-368-4835 (Nextel) moonowl () umich edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher Sent: Wednesday, November 17, 2004 11:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] preventing spyware Good Morning, We are working on how to better protect our campus community from spyware. Is this a major concern on other campuses as well? I see from reviewing higher education web pages regarding spyware that most suggest some sort of Spyware removal tool. (Our tool of choice is Spybot). Is anyone looking at how to prevent Spyware from being installed in the first place? Is this being discussed on your campuses? Are their concerns about spyware-type tactics being used in more damaging types of intrusions or attacks? -- -- Steve Brukbacher University of Wisconsin Milwaukee Information Security Coordinator UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 Fax: 414.229.4087 Bolton 214, 3210 N.Maryland Av Milwaukee, WI 53211 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- preventing spyware Steve Brukbacher (Nov 17)
- <Possible follow-ups>
- Re: preventing spyware Steele, John E. (Nov 17)
- Re: preventing spyware Brian K. Wheeler (Nov 18)
- Re: preventing spyware Steve Brukbacher (Nov 18)