Fighting Spyware Requires Multi-Pronged Approach
Results 1 to 5 of 5

Thread: Fighting Spyware Requires Multi-Pronged Approach

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Fighting Spyware Requires Multi-Pronged Approach

    Not really any new information but includes some potential topics of discussion.

    http://informationweek.securitypipel...GCKHSCJUMEKJVN

    edit// Sorry,the link's a little wonky. http://informationweek.securitypipeline.com and it is listed on the left under Security News. I'll try and sort the link out.

    "From a staffing perspective, the cleanup usually exceeds the time it takes to handle an antivirus infection."
    Trying to find out exactly what they have is a pain and half the time the uninstallers don't work.

    The FTC sees two issues. First, people frequently aren't notified when spyware is placed on their computers. And second, the software they do seek comes bundled with adware they don't want because end-user licensing agreements often aren't clear. "These agreements give a patina of legitimacy by having some form of disclosure," says Tom Pahl, the FTC's assistant director for advertising practices. "But consumers often don't understand the choices they're making."
    They first line of the licensing agreement could say "I'M GOING TO PUT LOTS OF CRAP ON YOUR COMPUTER WHEN YOU CLICK YES" and at least half the people would still agree because they want the product because "everyone else uses it".

    End-user license agreements are a big issue. When users download a software program, they should be given a clear choice about accepting or declining other software with it. Spyware doesn't give them that choice, or does so surreptitiously.
    Most of the time it's free stuff, what do they expect. It's the spyware that come just by going to a site that is a real kick in the nads.

    Security vendor Symantec Corp. recently conducted a study to see how much spyware and adware finds its way onto PCs during Web surfing. Symantec monitored what types of spyware and adware glommed on to PCs while users surfed to different types of Web sites. The company spent one hour per category visiting sports, kids, gaming, news, reseller, shopping, and travel sites. It found that 468 adware applications and 10 instances of spyware were left behind on Symantec's test machine. The system also was infected with seven so-called hijackers, tiny apps that redirect users' Web browsers to unintended sites.
    So please buy our new Anti-Spyware. Don't get me wrong I like Symantec.

    Anti-spyware tools aren't perfect, but they help. The Denver Health & Hospital Authority expects to save more than $170,000 annually in help-desk costs by using a policy-control appliance from Blue Coat Systems Inc. to keep spyware and adware off of 4,000 PCs. "Before, we had about 200 spyware intrusions per month on each machine," chief technology officer Jeffrey Pellot says. Now the problem has been mostly eliminated, he says.
    4000 x 200 = 800,000/infections per month. I'm sure all during work related activities.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Here is one of my favorite spyware articles.

    http://www.enterpriseitplanet.com/se...le.php/3450061

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    We went with the more comprehensive, multi-part approach at Intranet Journal.

    http://www.intranetjournal.com/spyware/

    Definitions seem to be a must in all spyware pieces (muddled as they may be); testing; prevention, recovery... I think you need to hit them all if you're trying to educate users.

  4. #4
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Multipronged is something of an understatement in this case I think.... <LOL>

    These are the measures I take to try to minimize/kill the spyware issue:-

    1. Custom security policy administered through GP that blocks ActiveX in all cases and prompts for any scripts.

    2. Surfcontrol blocks as much non-work related activity as I can. Where SurfControl doesn't catagorize, (or mis-categorizes), a site that provides a lot of crap I block it manually by policy.

    3. All workstations run a logoff script that clears the users Temporary Internet Files - administered through GP.

    4. All public access workstations have a startup script administered through GP that runs a spyware remover whenever the computers are restarted - usually daily, certainly weekly.

    5. Snort sensors run the Bleeding Snort Malware rules. If a workstation shows signs of malware it is placed in a "Malware" OU that runs a spyware remover when the computer is restarted - administered through GP.

    6. The Malware DNS Blacklist I brought up in a previous thread is implemented on all my nameservers redirecting the resolution to 127.0.0.1 for known spyware sites thus effectively neutering the little "bastiges".

    7. User's internet activity is regularly audited. Those users with a high usage _and_ a high propensity for non work-related activity are reported to their supervisor and additional restrictions are discussed with the supervisor and implemented as agreed.

    8. Some Snort rules indicate "devious" activity such as downloading executable where the requested resource was an image and some other ones. These are looked at regularly to determine the activity that took place by referencing the log files and WGeting the targets to see what the downloaded content actually was.

    I have to "blow my own trumpet" on this.... It appears to work very well... It took some time to get all this in place but when you can spend 2+ hours cleaning a single workstation, ('cos you just hate to be beaten and re-image the damn thing..... )... It pays off....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •