How to Stop Spyware

[mot98]

Hi All,

I am a Network Admin for a company with approx 150 users on a NT Domain, with all users connecting to the internet.

I (Like probably everyone else) am continually fighting the never ending beast we call SpyWare/AdWare.

I am just curious on how the rest of you are fighting this battle in the enterprise, and what tools you are using to prevent your end users from getting infected.

I use SpyBot and have used AdAware in the past, but it seems like a downhill battle. There must be a better way to attack this beast.

Any input?

Thanks,


mot98

"Is it friday yet?"

 

[aquias]

Well,

Not really!! I haven't come across a strong enterprise solution for spyware. My advice to you...

Utilize MS Antispyware beta, you can set this to automatically update and save you some time on maintaining each system. Use Spybot to assist in removing any systems that become infected. I no longer recommend Adaware due to some of their policies and responses they've had with the communitty.

In addition I would pay the (10 dollar I believe) fee to Spyware Blaster's automatic update feature and install this across your enterprise as well.

In my opinion, this is the cheapest and most secure way to defend your entire network against intrusion. It also saves you the trouble of touching each desktop to update definition files.

 

[aquias]

Hrm, I need to learn to proof read better.

It is ten dollars to enable the auto update feature for Spyware Blaster (for your entire enterprise).

This package is aimed specifically at stopping Active X downloads that contain spyware.

 

[carrr]

both McAfee and Norton offer antimalware in their newer offerings. We use McAfee on our networks and the results are ok, but not stellar. To date, you'll not find one particular product that truly does the job, I'm afraid.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[Xaqte]

I've found an enterprise solution (I think). I have no experience with this, however I'm trying to get my hands on one. Tell me what you think of this.

X

 

[devastator]

Look at PestPatrol Enterprise Edtion which has been bought by Computer Associates or Webroot Enterprise Edition.

I use PP here and it works great. Easy to schedule scans and push updates to PC's. Though people were complaining that PP and Adaware dropped detection for some spyware, I am in the process of using MS free Antispyware program along side PP. Luckily my users are educated about spyware and they know (since i told them) that if i find spyware, i know exactly where it came from and i will be talking to you. Not totally true but it worked.......






I don’t know half of you half as well as I should like, and I like less than half of you half as well as you deserve. ~ Baggins

 

[devastator]

Actually speaking of MS FREE Antispyware, is there an easier way to get this loaded and verified on 50+ machines without having to type in EACH Windows XP license key?


Thanks.

I don’t know half of you half as well as I should like, and I like less than half of you half as well as you deserve. ~ Baggins

 

[eyec]

MS will auto-validate your software & you do not need to enter your key.

 

[Sreelu]

You need not to validate also you can skip that part of the check in the site and download and get it installed.

But would still recomand a gateway level solution or Enterprise Edtion kind of solution for a network as it give a flexibility for centralized management.

Thanks

 

[zoeythecat]

This is how I have been doing it in my environment:

http://forums.majorgeeks.com/showthread.php?t=35407

 

[dstcroix]

We run Symantec here and it doesn't do well at all with spyware/malware.

We use a combination of approaches:

1) Tightening IE security
2) Windows patching
3) Websense (blocks known spyware sites)
4) Symantec Client Firewall (not yet implemented)

To date, none of the above have been good at getting rid of and/or stopping the spyware/malware programs. The programs I use when I hear of a hijacked Interent Explorer or a super slow computer are:

Ad-Aware
MS Anti-Spyware
HiJackThis!
AVG anti-virus
AdAway
Spybot

I like the look and the results I've seen from Pest patrol, and now that it has been bought out it may be a viable option. IMO, all firms should have two layers of protection - one for viruses and one for spyware.

 

[rrsub]

Stop the use of IE. Seriously.

 

[dstcroix]

I know, but firm standards are firm standards.... *sigh*

 

[aquias]

Part of stopping spyware, even with different browsers, is user education.

After some reading, I'll add to my suggestion, get an Enterprise level solution, I know Symantec and Mcafee have started adding spyware to virus scans for their firewall services (I haven't tested them so I can't say how they work).

In addition have localized protection as well (MS Antispyware and Spyware Blaster for instance). Yes, it's redundant but there isn't a truly reliable product to catch all spyware that exists yet.

Lastly, restrict user web access. I've done that here and it has nearly stopped all spyware (that and the addition of MS). If they cannot get to sites that are not related to their job duties it is much more unlikely that they'll come down with a case of "hotbar" or anything else.

 

[torturedmind]

unfortunately, even if users are not connected to the web, pc's get infected too as long as they have communication from the outside with the use of email (even with the use of a "vintage" mail client). i recently found this out here in our company with approx. 80 pc's that spywares can still be prolific (only 4 can connect to the web and their users are well educated about and protected from spywares).

one question came to my mind: are the things that spyware makers do REALLY legal? i guess whatever we do, this is a downhill battle...

kilroy
philippines

"Once a king, always a king. But being a knight is more than enough."

 

[aquias]

one question came to my mind: are the things that spyware makers do REALLY legal

Welcome to the grey area...

In my opinion, yes, what several large spy/adware vendors do is illegal. They are intentionally bypassing system security settings to install software without your knowledge.

However, there is no real law about how spyware and other malware installs (non-malicious at least) so, by the books, no it isn't illegal. In addition, several of the larger spyware/adware firms have now taken to hiding out in their EULA's or those of other software vendors. Meaning, even if you do sue, you've signed a legally binding agreement stating you knew they were there.

What I mean by this, is that when installing one software package on line 4238 there is information stating other programs will be installed as well, OR (Hotbar comes to mind on this one) they state one intent on line 10 of the EULA and then buried at line 4500 the true intent of the software is stated. But by some double speaking lawyer loophole, their EULA is still legit.

We are at a very early time in this "fight". Until a malware company, consumer, or spyware removal tool hits the courts this will continue to be a grey area. And I don't know when that'll happen as the smaller removal companies (Lavasoft comes to mind) are starting to get pushed around a bit by the threat of lawsuits.

With larger companies (Symantec, MS, and Mcafee) starting to wade into this it'll be interesting to see who steps up to the plate first. My bet, is on an angry mom that has some kind of naughty website popup on her 10 year old surfing the web.

 

[enbw]

We run a network of around 70 users.

We use surfcontrol to block access to advertising sites and some more dubious sites and generally steer them to business related sites. It can also block spyware based on the website. So it isn't actually detecting spyware or changes to registry etc. but it does seem to do the trick. We also use their email filter to block spam.

At the client level we use spybot. We use sophos anti-virus.

Also we have a very strong user policy. The web-filter does go over the top but it does make user a bit more aware. Plus, and we are fortunate we can do this, the users do not have access to their local drives.