How to prevent users from installing spyware

[jfk8680]

Hi,

I am running a Windows 2000 Domain with five Widows 2000 Terminal Servers. The servers still run a number of legacy 16-bit applications which only work when users are 'Power Users'. A very huge negative side effect is that they now have enough permissions to install software. Yesterday Winad (malware) showed up on one of my Terminal Servers, lifting both CPU's to 100% utilization. I want to prevent users from installing software. I know most spyware and malware is installed through IE using ActiveX applet's and other types of scripts. What is the best way to block this? Should I deny the installation of unsigned software or should I raise the security settings of IE6?

Thanks,

Jeffrey Kusters

MCSA, MCSE, CCNA

 

[varuna]

You could consider using a different browser than IE. Maybe Mozilla Firefox 1.0PR or Mozilla 1.7.

These don't suffer from the same vunerabilities but obviously have their own issues. By and large I have found these to be v good at preventing a lot of junk from infecting your machine whilst browsing.

You could also use a local software firewall which includes a application monitor and filter. Such as BlackICE or Mcafee stuff.

Just some thoughts, let me know if you consider any of them.





No Pain No Gain

 

[Binkie]

jfk8680,

Would you be open to using a third party tool to help hault unauthorized software installations?

 

[jfk8680]

Varuna: I don't feel this is the result of security leaks in Internet Explorer. Internet Explorer asks the user if they trust the source and want to install application "XYZ". I have no real experience with other browsers but I can imagine they work in a similar way.

Binkie: My preference would be to solve this using solutions provided within Windows 2000. I don't know what kind of product you have in mind but I would really like to keep my Terminal Servers slim and fast without installing several applications. But I am sure enough interested to know which product you had in mind...



Jeffrey Kusters

MCSA, MCSE, CCNA

 

[chif123]

You may even want to use cleanup application like ad-adware and stuff and create a script that runs these at start up. As long as it is not a nuisance to management.

 

[Binkie]

SysTrack & SysLock from Lakeside Software (

http://www.lakesidesoftware.com)

could offer the following solutions...

Using SysTrack, you can monitor your user's activities; what applications they are running, which web sites they are visiting, etc. From a security standpoint, SysLock can then assist you in "locking down" the Terminal Servers. Specify which applications are allowed to run on the systems, halting the execution of any application that is not on the list of authorized apps. Or conversely, list the applications you do not executing in your environment, i.e. Winad.

The best part of this technology is it only uses 1-2% of the systems CPU for all of the data collection!

Please let me know if I can provide you with any additional information.

Good luck!