RE: SPYWARE detection

["Bill Geschwind" <geschwin () email unc edu>]

SpyBot and Ad-aware are a decent way to protect against spyware, and if
you have lots of workstations under your umbrella, this does not have to
be prohibitive. I have been working on a way to install and run SpyBot
automatically and as unobtrusively as possible over our network. It does
require a little bit of tweaking. If you are interested, I have written
up how I did this and what my testing has found in a Word document which
you can find here:

http://www.unc.edu/~geschwin/autosbnw.doc

Cheers,
Bill

*********************************************************************
Bill Geschwind, CNE, MCSE
Technical Assistance Manager
Department of Technology and Systems Support 
Division of Student Affairs, University of N. Carolina at Chapel Hill
03 Teague Hall, CB# 5510                               (919) 962-5629
Chapel Hill, NC 27599                          geschwin () email unc edu
********************************************************************* 



-----Original Message-----
From: Mike [mailto:mike () superiorholidayadventures ca] 
Sent: Wednesday, March 17, 2004 10:32 AM
To: Virginia Benedict
Cc: SECURITY-BASICS () securityfocus com
Subject: RE: SPYWARE detection


Microsoft's ISA server is a good example of an application layer proxy:
http://www.microsoft.com/isaserver/

There are many ways to "block" spyware:

* You can blacklist domains that are known for these spyware programs
when they phone home.  These, I'm sure, would change.. making a
management nightmare.
* You could use a Group Policy and deny running a list of .exe's known
to belong to spyware.  Again, things change, management nightmare.
* There's always SpyBot and Ad-Aware.  A decent way to protect against
spyware.. but if you've got a lot of workstations under your umbrella,
this method could prove to be prohibitive.
* You could use a "Watchdog" type of card
(http://www.cyic.com/watchdog.htm).

There are many methods to deal with the plague that is spyware/adware.
Those are just some of my ideas.

Mike Fetherston


<snip>


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------