what do you guys do?

[MrLinus]

If you don't manage it, then who does? Are you actually infected with spyware? If not, then websense is doing it's job. If you are, then there probably is a misconfiguration. You might want to visit their website and learn a little more about their product.

That said, even a decent firewall setup to stop active-x and other scripts should help.

[Tiger Shark]

Good firewalls (not simplistic packet filtering) have content stripping options that should help with ad blocking/spyware blocking.

While I agree with Ms. M. I'll prewarn you that messing with the content filters will make your phone ring a lot. There's very little content you can filter that doesn't cause a lot of false positives and your users will get pissy. I find it better to use a site filtering system like WebBlocker that is built into the WatchGuard firewalls or SurfControl that filters the sites the users visit. It doesn't get everything but if you filter the category "Advertising" it kills a surprising amount and the users get used to the Ad's on pages saying "Access Denied" and many of the popups just say access denied too.....

[MrLinus]

Thanks a lot MsM, you just destroyed my attempt to look good, yeah, thanks a lot.

Sorry but when I see someone asking how to deal with lots of users, doing it by hand makes no sense. It's too time consuming and would become a job in-of-itself, with lots of overtime. Rather than being reactive, it would make sense to be proactive. That is:

• - firewall setup to limit/mitigate script activities
  - remove/lock down IE usage
  - remove/lock down Outlook usage
  - disable/remove Windows Messenger (not MSN)
  - employ a solution that identifies and targets spyware BEFORE it enters the network (Websense is the most well known -- at least to me -- but I'm sure there are others plus some firewall manufacturers have these included with it)

[Shetrubble33]

Hey Jason,

I'm stuck in a similar situation with user's running amuck on the internet and have found a *.reg file to be most helpful in clearing out unwanted registry entries. It can be easily edited as changes occur and is a great time saver in removing or changing the registry. It can be implemented individually or deployed on a larger scale, which I've done utilizing SMS.

I've posted a basic example for download on the web at:
http://home.cfl.rr.com/savvyshe/IEfix-lock.reg
http://home.cfl.rr.com/savvyshe/IE-unlock.reg (just in case)

Or below is the basic script example: (It's pretty easy to figure out and/or plenty of resources on the web) Here, I've reset some string values, deleted entries, and implemented a lockdown.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Bar"=http://www.google.com

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Use Search Asst]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserOptions"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Homepage"=dword:00000001

[Soda_Popinsky]

Couldn't you just edit your security settings to allow work related site scripts, and block the rest? As for adware being the source of your popups, I think adaware has a corporate solution, with remote scanning, but I haven't used it. I would like to know what others think about it, does anyone have experience with Ad aware professional?

[nihil]

Hi Jason,

Sorry to be a trifle vague, but I cannot lay my hands on the CDs at the moment I would suggest that you have a look at an outfit called Ashampoo (I think it is German). I am running their pop-up stopper at the moment, and it seems to work without blocking ones that I want.

It might be a part of their WinOptimizer suite? I got a couple of their products to help me produce animated, voice-overed user manuals/guides/tutorials and this must have been on it.

It has an "edit exceptions" feature which lets you decide where you will allow pop-ups from.

It does not seem to interfere with any software that uses pop-up screens, or with sites that produce a pop-up in response to a user originated request.

I must admit that I haven't tested it thoroughly, as I have never found pop-ups a personal problem either at home or in the workplace.

It might be worth a look?

/slightly off topic

Can anyone recommend a link to a relatively "safe" site that does have pop-ups, so I can check out some of these apps (I must have collected several over the years) /

Cheers

[Shetrubble33]

I've used the AdAware professional and was disappointed with its performance. We currently use both AdAware and Spybot to ensure the removal of all files. In comparison, if AdAware removes 6 entries, Spybot will find 10+ that were missed.

As for editing the security settings, that can't be done in some corporate environments. Our users have a myriad of tasks that must be completed and although we can restrict some to the intranet, that user group is limited to a handful.

[catch]

I saw someone else suggest a migration away from MSIE... this is a terrible idea.

It will give you less control over the environment as a whole not more, as MSIE can be (and should be) configured and locked down via the domain policy.

Most of the rest about killing messenger etc looked good (and can also be done at the domian level.)

Security settings can and should be established in all corporate environments offering the capability. If someone tells you that it can't be done for whatever reason, talk to someone smarter or less lazy.

catch

[Jason1977]

Originally posted here by MsMittens
If you don't manage it, then who does? Are you actually infected with spyware? If not, then websense is doing it's job. If you are, then there probably is a misconfiguration. You might want to visit their website and learn a little more about their product.

That said, even a decent firewall setup to stop active-x and other scripts should help.

According to my boss its his boss the VP of IT who manges us now, but at some point ill be taking it over.
What plagues our network seems to be pop-ups that come from programs that get installed over http. like virus warning pop-ups from the creator of some cheesy anti virus software.

[Jason1977]

I now have access to the websense consol but it seems as though the peice your talking about is under the desk top section and we didnt buy that portion.