Educause Security Discussion mailing list archives
Re: Marketscore and Higher Ed
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Thu, 23 Dec 2004 11:25:44 -0800
Jeff wrote: #OK, now we're tracking marketscore traffic with snort and have found the #apparent list of infected/infested systems. I recall there were several #different workarounds suggested for removing the thing. I am curious #what the current "state of the art" suggestions are for verifying it's #presence and removing the software (i.e., what advice do you give to the #user)? Rather than focussing on that particular example issue, at Oregon we've been working to promote use of Spybot S&D as a general case solution -- it handles the specific case concern folks have been concerned about right along with all the rest. If you can push an anti-spyware product to your users, it will give you a tremendous amount of bang for your buck (and before anyone raises the point, I'm perfectly willing to agree that no one product will catch everything, but pretty much ANY of the commonly mentioned products WILL do at least a couple of useful things for your users/ institution: -- knock the noise down a couple of orders of magnitude -- drive home the point to users that spyware is both ubiquitous and diverse ("I've got HOW many pieces of spyware on MY system?"), -- handle the "but-I've-got-an-antivirus-product-already-installed- how-could-this-happen-to-me" issue, while also -- laying the foundation for discussions of alternative operating systems, use of alternative browsers, use of ubiquitous encryption of password-containing flows (or movement toward two factor solutions), etc., etc., etc.). Oh yes: deploying anti-spyware products is also one of those things that seem to make the users believe you're a real hero (you'll run into some people who've despaired of ever regaining semi-control of their systems again)... My one other recommendation would always be to make sure folks have a solid backup before proceeding, and to make sure that folks understand that removing some "spyware" or "adware" may result in some tied/ad-supported products also breaking. Regards, Joe ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Marketscore and Higher Ed Steve Brukbacher (Dec 22)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 22)
- Re: Marketscore and Higher Ed Mike Iglesias (Dec 22)
- Re: Marketscore and Higher Ed James H Moore (Dec 22)
- Re: Marketscore and Higher Ed Jere Retzer (Dec 22)
- Re: Marketscore and Higher Ed Jeff Kell (Dec 23)
- Re: Marketscore and Higher Ed Gary Dobbins (Dec 23)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 23)
- Re: Marketscore and Higher Ed Joe St Sauver (Dec 23)
- Re: Marketscore and Higher Ed Mark Poepping (Dec 23)
- Re: Marketscore and Higher Ed David L. Wasley (Dec 23)