Security Basics mailing list archives
Re: Spyware drama!
From: Jeremy Anderson <jsa.sf () 2monkeys org>
Date: Mon, 5 Jan 2004 12:19:37 -0800 (PST)
On Mon, 5 Jan 2004, [iso-8859-1] Francisco M?rio Ferreira Cust?dio wrote:
Hey everybody! I am having lot's of traffic in my network, due to those boring spywares that my "dear" users install everyday. I use "ad-aware pro" to clean the workstations, but I have 500+ workstations on my network... So I want to know if you guys ever eard about a tool to scan/clean "spyware" by IP address. Like...providing an admin password, the software would sweep a class C network...scanning/cleanning every machine on it.
To scan/clean spyware, you need access to the desktop machine. What you can do is to have AdAware (or whatever) run as a scheduled task at 2 a.m., or whenever else your users are not around. Frankly, I'd advise a more proactive approach to the issue of spyware. If you are not running a desktop OS which allows you to set user privledge levels (i.e. Win2K/WinXP/Linux/MacOS X), go to your management and tell them it's time for an OS upgrade. Once you've done that, lock the workstations down. Your users do not get to install software by themselves. If they want to put games/goofy utilities/etc. on their machines at home, that's fine. You don't have to support those machines, and that's OK. You DO have to support their machines at work, and as such, you get to say what does and does not go on those machines. Certain users (i.e. software developers) need to be able to install on machines at will. Give them the ability to do so. Tell them that they are responsible for those machines, and the limit of your support is that you will restore the machine to the condition it is delivered in (using ghost, dd, or some similar disk cloning method) if the machine is beyond the developer's ability to maintain it. This makes your job easier, the machines will crash less, you will have more time to read SecurityFocus, and, as a benefit, you won't need to run spyware scanners nearly as often. Jeremy --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Spyware drama! Francisco Mário Ferreira Custódio (Jan 05)
- Re: Spyware drama! Jeremy Anderson (Jan 05)
- RE: Spyware drama! Dave Killion (Jan 06)
- RE: Spyware drama! Mike (Jan 08)
- Re: Spyware drama! Reinaldo UOL (Jan 09)
- Re: Spyware drama! Stimpy (Jan 12)
- RE: Spyware drama! Aditya [ Aditya Lalit Deshmukh ] (Jan 13)
- Re: Spyware drama! Stimpy (Jan 12)