Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spyware, trojans and keyboard loggers?

From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 26 Jul 2004 14:16:38 -0400
James Moore wrote:


We are creating a "desktop security standard" and want to include
protection against spyware and keystroke loggers.  I am trying to get
good coverage.  I had anticipated that the big A/V vendors would have
swallowed up anti - spyware/backdoors/keyloggers by now.  But it seems
that they haven't.  In fact some are producing their own anti-spyware --
e.g. NAI/McAfee.  Some vendors, like SpyCop claim that most "keystroke
logger" protection doesn't cover 1) the commercial/shareware keyloggers
and 2) nearly as many as they do.

I am looking to get to the bottom line, which is coverage, in
conjunction with clarity (i.e. it doesn't come with a 368 page manual
that users are expected to read.  It also doesn't come with simple 2
step instructions, the first of which is "get a MS in computer science).

Any advice? Sample desktop security standards?


To fight things the old way:
http://www.jmu.edu/computing/security/startsafe.shtml

The real problem is the inability to identify trustworthy
software. Adding on anti-virus software, anti-trojan software,
anti-spyware software, anti-keyboardlogger software, ...
is an exercise in futility. It is all malware. It is like
having a network with a default permit rule. Every new thing
is going to get in until you block a new port or add new
anti-badthing to stop it.

Like network security, a default deny rule is the secure
thing to do. Define what is permitted and refuse everything
else. Towards that end, on a professional desktop it would
seem to be better to identify permitted software and use
the OS features (ACLS, Software Restrictions, etc.) to
limit only trusted executables to run. Of course, that
implies some significant support headaches not to mention
issues of "freedom" of one type or another.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: