Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware/Adware Prevention In Large Deployments?

Posted by timothy on from the you-mean-besides-free-software-desktops dept.

foQ writes "I work in the IS department for a ~2000 networked computer environment across 10 locations. As with most people, we have experienced serious problems with spyware/adware. We have SpyBot and Ad-Aware installed on most computers, but this doesn't prevent the computers from getting these programs and only sometimes properly removes all of them. Is there a tool that we could push out to all the PCs to basically do what anti-virus programs do and block these programs from running and clean them from the computer?"

15 of 782 comments (clear)

  1. Easy and cheap by Dancin_Santa · · Score: 5, Funny

    I recommend just sticking a firewall up at the root of your network and blocking all traffic on port 80. It cuts down on web surfing and it puts to death all those stupid ad/spybots that already infest your network.

    If someone needs to access a site, have a system where they can request a site to be opened for access. Of course they will need to have a valid reason and you (as network admin) have final say as to letting them have that access or not.

    The www is something that can be surfed at home on personal time. Work is for work.

    1. Re:Easy and cheap by jayhawk88 · · Score: 2, Funny

      You are absolutely correct. And then, board your magical Unicorn for the Leprechan base on the Dark Side of the Moon, where you will eat naught but Space Wine and Space Cheese!

    2. Re:Easy and cheap by Frennzy · · Score: 2, Funny

      Dammit...I had forgotten about the evil bit. Fire me now. Wait...if I promise to adhere to to the 'do not copy' bit, will I be allowed to attend re-education camp? ;)

  2. Easy by Anonymous Coward · · Score: 5, Funny

    Two words: Death penalty.

    Get spyware, get shot in the head. After two or three pluggings in front of coworkers, NO ONE will get on the net period, or even check e-mail.

    Harsh? Yes. Effective? HELL YES!

  3. I have it by ryanmfw · · Score: 2, Funny
    Ripoff Technologies-

    We have all of the software you need! Just tell us what you want the software to do, give us the name of open source software that already does the task, and in three weeks we will have a brand new software package *just* for you, for the low low price of $50! Unfortunately, our website is down because of high traffic and hackers. Still, you can view videos of the as-of-yet-non-existant software here.

    --
    Hurricane Ivan: A 17th century prison collapsed. All of the inmates escaped.
  4. 14" monitors by Anonymous Coward · · Score: 5, Funny

    Every time a user finds spyware on their PC, replace the monitor with a smaller one.
    When a user has to make a decision between h4rdc0r3 p0rn and a 6" monitor, they might be a little more proactive in preventing spyware!

  5. Re:Windows XP and Serice Pack 2 by Anonymous Coward · · Score: 3, Funny
    even after installing the worst offending sites - porn sites.

    Thank you for taking the risk of testing that so that others won't have to.

  6. Re:Easy solution by drumist · · Score: 2, Funny

    You found spyware in Firefox? Maybe you shouldn't have installed that Firefox fr3E v|4GRa extension...

  7. Only one tool to do the job right. by Mustang+Matt · · Score: 1, Funny

    "Is there a tool that we could push out to all the PCs to basically do what anti-virus programs do and block these programs from running and clean them from the computer?"

    Last I heard it's called linux.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  8. Re:Easy solution by NoMoreNicksLeft · · Score: 4, Funny

    But it's true. Apache eventually won out over IIS, and what happened? 10 apache worms a week, every week for the past 2 years. And don't even get me started on the local exploits. Apache, the worst httpd ever!

    Oh wait. Never mind.

  9. Why Mozilla/Firefox is a good partial solution by leereyno · · Score: 3, Funny

    The reason why ignorant (I'm being kind) users are installing crapware in the first place is because they clicked on a pop-up window that led them to the crapware in the first place.

    Because pop-ups can be disabled in Mozilla/Firefox, said users never see them and therefore are far less likely to install the crap.

    Lets not forget the tradition of there being a new remote exploit discovered for IE every couple of weeks.

    I do IT support in an academic environment and I've found that just hiding IE's presence on a system and replacing it with firefox means that I'm far less likely to have to deal with some security issue on that system again in the future.

    My steps to securing an XP Box:

    0) Optional: Install SP2 if possible/safe

    1) Turn on the firewall
    2) Set the system to auto-update
    3) Install good AV software and set it to auto-update and scan the system each day
    4) Get rid of IE
    5) Get rid of MSN messenger
    6) Cross your fingers
    7) Pray

    Optional:

    8) Sacrifice Chicken

    Lee

    --
    Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
  10. easiest solution by senatorpjt · · Score: 3, Funny

    When someone's computer gets fucked up, just set a firewall on their IP so they can only access a list of websites, and block their email so they can't receive any executable attachments. That'll teach them.

    There's no reason for most people to need access to the whole internet at work, other than work would really suck if I actually had to work instead of sitting around and reading Slashdot.

  11. Re:Sacrifice Chicken by Nf1nk · · Score: 2, Funny

    I have found for most industrial/office application the chicken can be substituted with gas station fried chicken giblets. It is crucial they come from a gas station and not some repudable source for food. The source where you can find the best are along interstate highways in the rural south.
    The optimum cerimony changes involve using the grease form the paper bag in leu of the standard chicken blood and doing all requisit latin chanting with a strong nasal drawl

    --
    I used to have a cool sig, back when I cared
  12. Re:Yea you are really safe keep telling yourself t by obeythefist · · Score: 2, Funny

    Keep it civil! There's nothing to be gained by accusing people of being an MCSE.

    Although you make a salient point - use of IE at all is a risk in any IT organisation.

    To an extent locking down a workstation is effective when using IE - most (not all) spyware is derived from popups and click-here's that launch as a result of the very flawed design of MSIE. Locking down the WINNT or Windows folder will prevent these spyware articles from installing correctly. This does offer a good degree of protection from Bonzi Buddy.

    Of course, web browsing admins are quite often the cause of many disasters in I/T. I remember a helldesk employee of ours once went to a russian website and had our whole corporate link running a DOS attack on someone we didn't even know within hours.

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
  13. Re:Webroot Spy Sweeper Enterprise and Lavasoft too by Nutria · · Score: 1, Funny

    everytime I need to install some software to do my job I have to call you up and waste a couple of days for it to get aproved by the all-mighty-admin?

    Are you so short-sighted that you can't plan ahead?

    "Hey, boss. For this new project, I'm going to need the FudPucker Deluxe database analysis program. Here's a short justification, that I'm getting in early, since we both know how slow those boobs up is LAN Administration are."
    "Thanks, Bobby. That's good foresight on your part. I'll feed it into the Maw Of The Beast today."

    --
    "I don't know, therefore Aliens" Wafflebox1