Educause Security Discussion mailing list archives

Re: preventing spyware

From: "Steele, John E." <moonowl () BF UMICH EDU>
Date: Wed, 17 Nov 2004 12:03:35 -0500

Steve,

I've been working on prevention (as well as removal) of spyware at 
the desk top level here and MAIS (Michigan Administrative and 
Information Services, University of Michigan). 

Recapturing the lost time cycles, both on the part of the end user 
as well as on our technical team is an efficiency increase worth 
the investment.

Three factors result in over 99% of all spyware infections:

1. Administrative Rights on local machines
2. Not blocking popups
3. Lack of user education

Our approach has been three fold so far:

1. By reviewing the need for administrative rights on user 
   computers, we've reduced the number of end users with 
   those rights with a dramatic reduction in spyware infections.
   Those folks who need to install software from time to time are
   issued a second account which admin rights. Their main account
   is a user rights account.

2. By installing XPSP2 and blocking popups we've further reduced
   spontaneous installations of spyware. (For systems without XP, 
   I'd suggest the Google Toolbar, which also prevents popups 
   (http://toolbar.google.com ))

3. By presenting information about the most common spyware programs
   as well as by informing our users about the risks of installing 
   non-business related software, those users that do retain their 
   administrative rights (users limited to those running programs 
   that need to start/stop services), we've further reduced the 
   number of infections.

These three policies are low cost, require minimal support to maintain, 
and result in very few spyware infections (less then 1 per month/500
machines).

Please let us know what your group ends up doing and how well it works.

Thank you,
John E. Steele
Network Support
Michigan Administrative and Information Services
734-647-8979 (phone)
734-368-4835 (Nextel)
moonowl () umich edu 




-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher
Sent: Wednesday, November 17, 2004 11:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] preventing spyware

Good Morning,
We are working on how to better protect our campus community from
spyware.  Is this a major concern on other campuses as well?  I see from
reviewing  higher education web pages regarding spyware that most
suggest some sort of Spyware removal tool.  (Our tool of choice is
Spybot).

Is anyone looking at how to prevent Spyware from being installed in the
first place?   Is this being discussed on your campuses?  Are their
concerns about spyware-type tactics being used in more damaging types of
intrusions or attacks?

--
--
Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Coordinator
UWM Computer Security Web Site www.security.uwm.edu
Phone: 414.229.2224 Fax: 414.229.4087
Bolton 214, 3210 N.Maryland Av Milwaukee, WI 53211

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

preventing spyware Steve Brukbacher (Nov 17)
- <Possible follow-ups>
- Re: preventing spyware Steele, John E. (Nov 17)
- Re: preventing spyware Brian K. Wheeler (Nov 18)
- Re: preventing spyware Steve Brukbacher (Nov 18)