Re: Anyone using anti-spyware net filters?

[David Escalante <david.escalante () BC EDU>]

Gary Dobbins wrote:

> Is anyone using, or reviewing (or have opinions, concerns about) products
> similar to Intrusion, Inc's SpySnare(tm) as a border-based spyware
> reducer?

We have Tipping Point here, and they have started to add spyware filters
that sound similar to the SpySnare product link you provided.  I just
enabled them on a dorm segment in the past couple weeks, and after an
initial spike in CPU on the boxes, they seem to be detecting and
blocking about 1/2 dozen pieces of spyware quite nicely without too much
overhead.

Good:
- we're familiar with Tipping Point already
- it blocks things besides spyware
- it's not another box to buy/learn/maintain

Bad:
- their signature set for spyware isn't too rich yet -- my intention is
to get around to messaging the people who are blocked with the spyware
filters to run a local spyware removal product on the assumption that if
they've got some the Tipping Point found, they've got a lot it didn't
- I don't know what would happen if we were to turn on the spyware
filtering at the border -- anecdotal evidence suggests that this is a
BIG problem here, like most other places, and I'm a little worried it
could stress the hardware (which is why I'm testing off the border for now)

I think there's a great deal of utility, per the above, to using a
border-based product for detection so you can warn the right people to
clean up their computers.  The only alternative I'm aware of (and what
most people seem to be doing if they're doing anything beyond awareness)
is wide deployment of a desktop solution.
--
David Escalante
Boston College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.