-
Hi
Your access mechanism (Citrix/Citrix clone) sound pretty secure to me.
I think that the rest is pretty much impossible :(
This is typical of a "thin client" implementation? you are allowing the users onto your system with the rights to run applications, so you are restricted to the security provided by those applications.
You browsers support java and activeX?
Microsoft office supports VBS?
Even if you identify all valid executables, I just rename my malware as a valid executable and run it? I can even write malware in Office modules :)
Your best bet is a good AV/Firewall/Intrusion Detection combination
Also have a look at these:
http://www.diamondcs.com.au "trojan Defence Suite" and others
http://www.analogx.com "Script Defender"
http://www.mobiusware.com "MoOutlooksecurity"
Good Luck
-
What firewall do you have?
The higher end firewalls will block content by type so you could tell it no exe, com, etc files are allowed through.
