Keeping spyware off users' computers

[MikeT]

I support almost a hundred pc's, and I've seen spyware problems so bad that formatting and reinstalling was the best solution. We have to use IE, so switching browsers isn't an option.

Recently, I started blocking all ActiveX at the firewall, and I install SpywareBlaster,IE SpyAds, and Spybot (with the Immunize feature) on every new pc that comes through my office.

This is pain, and in my opinion shouldn't be necessary. What preventative measures do guys take when it comes to spyware?

 

[JimWells]

Mich (IS/IT--Manageme)
1 Mar 05 14:02
A problem I've run into using MS's spyware tool is that it blocks a lot admin functions. For example, I use SMS and vbscript to administer my PCs. When I try to run a script or package on a client there is a pop up that asks the end user if they want to run the script/package/executable/whatever. Typically they say no and I don't blame them.

There may be a feature with the application that allows me to turn this off, but I haven't found it yet. Other than that I love the app. If they develop some sort of corporate version I think it will definitely be the way to go.

-If it ain't broke, break it and make it better.

Mich,

You can turn off the script blocking (but has to be local to each workstation, as there's not a config file):Go to Real-Time Protection, Application Agents, Script Blocking (probably other agents to block there in an enterprise environment, too).

 

[MikeT]

And I'm curious about how well a 'hosts' file that blocks ad and spyware sites would work. I've seen several of these and they would be very easy to install on users' machines with a logon script.

would that not require admin or maybe power user rights?

 

[philote]

All users are power users or admins on their computers so that wouldn't be an issue.

 

[ucjb2005]

I work for a school system and I have created a spyware removal progam that runs when the users log on to our network, it works like a dream. Not only will it get rid of spyware but any other application that you don't want to run. I used Visual Basic and SQL Server database.

 

[br0ck]

ucjb2005

care to share,,,,,

 

[ucjb2005]

Br0ck, do you want the code or do you want more details?

 

[MikeT]

details, please

 

[br0ck]

Code Pls..

 

[ucjb2005]

I am using WMI, I have a database with the registry run keys, with the associated EXE and the folder if any. Using WMI I kill the process(s) then delete the EXE and the folder. Then with registry file and GPOs I lock the PC down so the user can not download anything from the web. I built a web page that will display any unknown registry key then I Google it, if it comes back as Spyware I move the key to the Bad Key table the place the path to the EXE and the folder into a tables one for files (EXE) the other for folder, else I move it to the Good Key table. Br0ck, I have converted the SQL Server database to an Access database but it is still 12 MBs not sure how to get that to you. To view a demo of the web page I built go to

http://www.k12k.com/spy/unknown.asp

this is just a demo page.

 

[nokker]

Installing SpyBots S&D with a GPO or in the login script should not be a problem -->

http://www.safer-networking.net/en/faq/30.html.

JimWells > You should be able to create a GPO that allow running a script. Create a new GPO and look in "Administrative templates > Windows Installer"

Regards Tommy