Spyware/Adware Prevention In Large Deployments?
foQ writes "I work in the IS department for a ~2000 networked computer environment across 10 locations. As with most people, we have experienced serious problems with spyware/adware. We have SpyBot and Ad-Aware installed on most computers, but this doesn't prevent the computers from getting these programs and only sometimes properly removes all of them. Is there a tool that we could push out to all the PCs to basically do what anti-virus programs do and block these programs from running and clean them from the computer?"
I recommend just sticking a firewall up at the root of your network and blocking all traffic on port 80. It cuts down on web surfing and it puts to death all those stupid ad/spybots that already infest your network.
If someone needs to access a site, have a system where they can request a site to be opened for access. Of course they will need to have a valid reason and you (as network admin) have final say as to letting them have that access or not.
The www is something that can be surfed at home on personal time. Work is for work.
Two words: Death penalty.
Get spyware, get shot in the head. After two or three pluggings in front of coworkers, NO ONE will get on the net period, or even check e-mail.
Harsh? Yes. Effective? HELL YES!
Every time a user finds spyware on their PC, replace the monitor with a smaller one.
When a user has to make a decision between h4rdc0r3 p0rn and a 6" monitor, they might be a little more proactive in preventing spyware!
But it's true. Apache eventually won out over IIS, and what happened? 10 apache worms a week, every week for the past 2 years. And don't even get me started on the local exploits. Apache, the worst httpd ever!
Oh wait. Never mind.