Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spyware drama!

From: Jeremy Anderson <jsa.sf () 2monkeys org>
Date: Mon, 5 Jan 2004 12:19:37 -0800 (PST)


On Mon, 5 Jan 2004, [iso-8859-1] Francisco M?rio Ferreira Cust?dio wrote:



Hey everybody!

I am having lot's of traffic in my network, due to those boring spywares
that my "dear" users install everyday. I use "ad-aware pro" to clean the
workstations, but I have 500+ workstations on my network...

So I want to know if you guys ever eard about a tool to scan/clean "spyware"
by IP address. Like...providing an admin password, the software would sweep
a class C network...scanning/cleanning every machine on it.


To scan/clean spyware, you need access to the desktop machine.  What you
can do is to have AdAware (or whatever) run as a scheduled task at 2 a.m.,
or whenever else your users are not around.

Frankly, I'd advise a more proactive approach to the issue of spyware.

If you are not running a desktop OS which allows you to set user privledge
levels (i.e. Win2K/WinXP/Linux/MacOS X), go to your management and tell
them it's time for an OS upgrade.

Once you've done that, lock the workstations down.  Your users do not get
to install software by themselves.  If they want to put games/goofy
utilities/etc. on their machines at home, that's fine.  You don't have to
support those machines, and that's OK.  You DO have to support their
machines at work, and as such, you get to say what does and does not go on
those machines.

Certain users (i.e. software developers) need to be able to install on
machines at will.  Give them the ability to do so.  Tell them that they
are responsible for those machines, and the limit of your support is that
you will restore the machine to the condition it is delivered in (using
ghost, dd, or some similar disk cloning method) if the machine is beyond
the developer's ability to maintain it.

This makes your job easier, the machines will crash less, you will have
more time to read SecurityFocus, and, as a benefit, you won't need to run
spyware scanners nearly as often.

Jeremy



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: