Security Basics mailing list archives
RE: Network spyware detection
From: Pablo Hauser <pablohauser () yahoo com ar>
Date: Thu, 5 Aug 2004 13:06:56 -0300 (ART)
I haven't found either a definitively solution to spy/adware, but SpyBot 1.3 + SpywareBlaster seems to be the best couple. The second one provides a shield much better than SpyBot's one. But unfortunately I haven't noticed yet about a good corporate solution... --- Luke Sullivan <LSullivan () constellagroup com> escribió:
I would agree with Gabrielle's remarks below, but would like to add this, if you boot the infected computer in Safe-mode, then run a manual scan, the SAV9 option to delete first then Log works much better. The other thing is I have not found a product yet that will delete or remove EVERY piece of certain spyware/malware - but the nice thing about SAV9 is the stuff they can't/won't delete is logged and a URL is provided to Symantec's site on how to remove that specific malware - even if it is manually. What I'd like to see added, is a way to save or print the log file! And yes, I totally agree that a realtime protection or immunization would be a great feature. -Luke -----Original Message----- From: Dowling, Gabrielle [mailto:dowlingg () sullcrom com] Sent: Saturday, July 31, 2004 1:31 AM To: Barber, Chris Mr. ATEC/Contractor; security-basics () securityfocus com Subject: RE: Network spyware detection Chris.... There are significant drawbacks to SAV9's adware "scanning" functionality. As you inferred, detection is limited to scheduled scans, there is no realtime protection component as yet. More important, it does not have any comprehensive cleaning functionality as yet, so using the option to delete or report detected files can be quite problematic. (To their credit, there are cautions in their documentation about this). Given these two factors, it doesn't strike me as a reasonable solution at the moment, as it essentially means you can use it for alerting purposes only, and then have someone visit the workstation and run a host of cleanup tools (and incur the cost for those tools, since my perception is that none of these are free to use in a corporate environment). Only to have to visit the same workstation again a week later because hey, the user chose to respond to the popup to optimize their browsing experience once again. I've done a limited pilot of SAV9, and found that while its done a very good job of detecting adware (etc.... and for etc I should point out that it is also supposed to add enhanced detection for other non viral threats such as porn dialers)), I suspect I will not roll out this feature and rather leave it as SOP that if users complain about system performance, PCS will check and remove adware with an application specifically designed for that purpose. Otherwise, given the proliferation of such these days, we'd have to double our pc support staff just to respond to these detections (and for little gain, unless their ability to perform work is measurably slowed down as a result of the adware). I do not see any good enterprise level apps for this purpose at this point in time(I know some are trying to enter this place), and it's a significant problem. AV seems ideally suited to take on the role, for a variety of reasons. McAfee is supposed to already provide cleaning, but I have no experience with current versions and so couldn't comment on their actual success with this. Regards Gaby -----Original Message----- From: Barber, Chris Mr. ATEC/Contractor [mailto:Chris.M.Barber () atec army mil] Sent: Thursday, July 29, 2004 9:20 AM To: 'security-basics () securityfocus com' Subject: RE: Network spyware detection Ben, Symantec Antivirus 9.0 has that option built in. With SAV Enterprise you can manage all your SAV clients and have them scan for AD/Spy ware. It is not an automatic scan, but it can be setup as a scheduled scan. The schedule and the policy are pushed from the Enterprise server to the clients. Chris. -----Original Message----- From: Ben Huntley [mailto:benh () steffian com] Sent: Tuesday, July 27, 2004 8:10 AM To: security-basics () securityfocus com Subject: Network spyware detection hi, do any of you have recommendations/preferences regarding spyware detection software appropriate for win2k networks? spybot s&d 1.3 is part of our base workstation image, however, we'd like to find something that can be controlled & maintained from an admin perpsective (e.g broadcast updates, tweaks, et al). thanks in advance! ben
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
**********************************************************************
This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately.
***********************************************************************
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
=====
Pablo D. Hauser
___________________________________________________________
100mb gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
http://correo.yahoo.com.ar
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- RE: Network spyware detection LINKCRAFT (Aug 02)
- <Possible follow-ups>
- RE: Network spyware detection Handy, Mark (IT) (Aug 02)
- RE: Network spyware detection Dowling, Gabrielle (Aug 02)
- RE: Network spyware detection Clarke, Tyronne (contractor) (Aug 02)
- RE: Network spyware detection Nick Duda (Aug 03)
- RE: Network spyware detection Mark Harris (Aug 03)
- RE: Network spyware detection Luke Sullivan (Aug 04)
- RE: Network spyware detection Pablo Hauser (Aug 05)