Educause Security Discussion mailing list archives

Re: Marketscore and Higher Ed

From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Thu, 23 Dec 2004 11:25:44 -0800

Jeff wrote:

#OK, now we're tracking marketscore traffic with snort and have found the
#apparent list of infected/infested systems.  I recall there were several
#different workarounds suggested for removing the thing.  I am curious
#what the current "state of the art" suggestions are for verifying it's
#presence and removing the software (i.e., what advice do you give to the
#user)?

Rather than focussing on that particular example issue, at Oregon we've
been working to promote use of Spybot S&D as a general case solution --
it handles the specific case concern folks have been concerned about
right along with all the rest.

If you can push an anti-spyware product to your users, it will give you
a tremendous amount of bang for your buck (and before anyone raises
the point, I'm perfectly willing to agree that no one product will
catch everything, but pretty much ANY of the commonly mentioned
products WILL do at least a couple of useful things for your users/
institution:

-- knock the noise down a couple of orders of magnitude

-- drive home the point to users that spyware is both ubiquitous and
   diverse ("I've got HOW many pieces of spyware on MY system?"),

-- handle the "but-I've-got-an-antivirus-product-already-installed-
   how-could-this-happen-to-me" issue, while also

-- laying the foundation for discussions of alternative operating
   systems, use of alternative browsers, use of ubiquitous encryption of
   password-containing flows (or movement toward two factor solutions),
   etc., etc., etc.).

Oh yes: deploying anti-spyware products is also one of those things
that seem to make the users believe you're a real hero (you'll run into
some people who've despaired of ever regaining semi-control of their
systems again)... My one other recommendation would always be to
make sure folks have a solid backup before proceeding, and to make
sure that folks understand that removing some "spyware" or "adware"
may result in some tied/ad-supported products also breaking.

Regards,

Joe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Marketscore and Higher Ed Steve Brukbacher (Dec 22)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 22)
- Re: Marketscore and Higher Ed Mike Iglesias (Dec 22)
- Re: Marketscore and Higher Ed James H Moore (Dec 22)
- Re: Marketscore and Higher Ed Jere Retzer (Dec 22)
- Re: Marketscore and Higher Ed Jeff Kell (Dec 23)
- Re: Marketscore and Higher Ed Gary Dobbins (Dec 23)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Dec 23)
- Re: Marketscore and Higher Ed Joe St Sauver (Dec 23)
- Re: Marketscore and Higher Ed Mark Poepping (Dec 23)
- Re: Marketscore and Higher Ed David L. Wasley (Dec 23)