Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Firewalls to Block Spyware?

Posted by Cliff on from the active-network-counterintelligence dept.

MartinMotor asks: "I'm a Network Administrator for a company with approximately 200 users, and we just installed a shiny new PIX. Being the resourceful network geek type, I immediately started adding deny statements to kill off access to places where people can download evil cursed programs like HOTBAR. Is there anywhere out there where people like me are maintaining a list of IPs for spammers, spyware progs, and pop-uppers to add to our firewalls? I can't be the first person to have this idea."

4 of 72 comments (clear)

  1. pix spam blocking by Digita1Prophet · · Score: 3, Interesting

    Try the CAUCE, Osiris Relay, ORBS, and other spam clearing house websites. I was able to pull down spam domains and ip addresses to route to a non-existent port on my firewall.

    And don't forget those weather news download sites and gotomypc.com!!!!

    If you need some starter lists drop me a note.

    --
    Success is the ability to go from failure to failure without losing your enthusiasm.........
  2. Firewalls + a good policy by rogueMonkey · · Score: 3, Interesting

    Our site denies software installations of any type through Windows policies for anyone but power users (ie.: programmers and not even all of them). Sure there were complaints and groaning... But they weren't for crashing computers anymore. You'd be surprised of the kind of sh*t some cute screen savers (TM) install. DLL messups, preferences mangling! So while firewalling might prevent some of the symptoms of spyware (ie.: call homes) good policies both technically enforced and "socially" enforced go a long way.

  3. Some spyware modifies firewalls to get through! by StandardCell · · Score: 2, Interesting

    I can't remember which spyware apps did this, but they will actually go into the ZoneAlarm config and get through that way. It's scary, but it happens. IIRC I even read about it on /. (imagine that...).

    The other way firewalls get bypassed is if the spyware uses something already given permission to tunnel out on a system, like a web browser spyware plug-in would. In that case, what chance do you have of stopping it but to remove it?

  4. Off topic: Using sort(1) portably by Xenophon+Fenderson, · · Score: 2, Interesting

    The "-u" flag to sort(1) only works on systems that implement the XPG4 standard. If you want to write portable shell scripts, you'll need to call uniq(1). Unfortunately for us script writers, not all the world uses GNU textutils.

    HTH. HAND.

    --
    I'm proud of my Northern Tibetian Heritage