Slashdot Mirror


Spyware/Adware Prevention In Large Deployments?

foQ writes "I work in the IS department for a ~2000 networked computer environment across 10 locations. As with most people, we have experienced serious problems with spyware/adware. We have SpyBot and Ad-Aware installed on most computers, but this doesn't prevent the computers from getting these programs and only sometimes properly removes all of them. Is there a tool that we could push out to all the PCs to basically do what anti-virus programs do and block these programs from running and clean them from the computer?"

9 of 782 comments (clear)

  1. Re:Easy and cheap by Anonymous Coward · · Score: 4, Insightful

    ...because some IS people just need to exercise every little bit of power they can.

    Others realize that computers are tools and that disabling web access makes them worse tools. They know that their job is not to find ways to make their own jobs easier, it is to make other people's jobs easier.

    Kudos to the story submitter for being one of the type that wants to do his job right.

    Dancin Santa, fuck you and all others like you.

  2. Re:Easy solution by mrmagos · · Score: 5, Insightful
    As the security administrator of a small liberal arts college, this switch has probably made the largest impact on desktop support issues. Unfortunately, you can't fully remove IE, but removing shortcuts seems to be good enough to prevent most end users from using it. The other consideration is that many sites use IE-specific extensions, which breaks how Firefox renders the page. For example, we use Exchange with the Outlook web client for student email access and web access. The client is useable with Firefox, but some features, like the check name applet, does not work. A desktop url opened in IE is our workaround... I guess my point is that you really need to review which web apps and sites your users want to access to truly weigh the pros and cons. In our case, the benefits were greater, and we made the transition as gracefully as possible. I know the parent means well, but sometimes the solution isn't that easy.

    --
    Never start vast projects with half-vast ideas.
  3. Did you pay for it? by killjoe · · Score: 5, Insightful

    So you installed ad aware and spybot on most of 2000 systems. Did you pay the authors of those software any money? Maybe if you paid them some money they could help you roll out massive deployments or modify their software to suit you.

    My guess is that like most companies you installed them without paying because you didn't have to fill out forms or break your budget. Now you are looking to pay somebody else for software after using their products for all this time.

    Just doesn't seem fair.

    --
    evil is as evil does
  4. Re:Obvious solution by Frogbert · · Score: 5, Insightful

    No it is not. There is no Microsoft Word for Linux, Open Office comes close and I love it to death but its just not ready yet.

    There is no god damned Access for Linux either. Heres a newsflash a lot of companies have database frontends that rely on Access, it may not be the best solution but it is the current system and to change it would cost thousands of dollars.

    Like it or Loathe it Visual Basic is used throughout many companies. Please correct me if I am wrong but do any Linux office products work with Visual Basic?

    These are just a few of the many examples why you couldn't just switch to Linux like that. Those are just the software factors too, forget user training, the cost of changing hardware that isn't supported to Linux etc.

    What about thousands of pissed off users because they can't figure out why the hell the start button looks different or why text on the screen doesn't behave as expected.

    I'm not trolling, I like Linux I think it is great for the home and for a hobby but its just not ready for the mainstream. Perhaps in a few years, but not today.

  5. Re:Webroot Spy Sweeper Enterprise and Lavasoft too by permanentE · · Score: 4, Insightful
    The attitude of all you LAN Admins in here really pisses me off, "it's easy, lock 'em down, don't give 'em admin, take away all their PC privilages". It's easy for you to say, you have admin! You can install any software you need.

    I wonder how much productivity you lock-'em-down admins are costing the economy as a whole. You wanna know something? LAN administration isn't the most important part of a company, you aren't making the company any money. Your job is to help us users be more productive in doing our job, it isn't to cause you the least hassle.

    How does it help the company when everytime I need to install some software to do my job I have to call you up and waste a couple of days for it to get aproved by the all-mighty-admin? How does it help the company when I can't immediately respond to a customer!?

    OK, so there are stupid users, but I don't care about them, they don't affect me, I'm just trying doing my job. Leave me alone god damnit!

    /rant

    --
    What was the last law that benefited people but not corporations?
  6. Re:Webroot Spy Sweeper Enterprise and Lavasoft too by Mod+Point+Sink · · Score: 4, Insightful
    Back in the mainframe days, they were a priesthood--users could only act with the data through the intercession of them and their terminals. The PC changed all that, and they've spent the last couple of decades stuffing the toothpaste back into the tube.

    Microsoft has greased the wheels with its exploit ridden, high maintenance software, creating security problems of epic proportion that are helping justify the return to the "glass house" in the eyes of management, who worries about things like HIPAA, Sarbanes Oxley, EU privacy directives, Gramm Leach Bliley, and all that--and creating a class of well-paid overseers to manage it.

    The users are mere pawns in the game.

  7. Re:Webroot Spy Sweeper Enterprise and Lavasoft too by ralphus · · Score: 4, Insightful

    Different companies have different political environments and different requirements for user permissions. Not everyone can be as locked down as you are because of various business requirements. Business requirements always trump security requirements, political requirements (like CEO "needs" admin rights) often trump security requirements.

    --
    Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
  8. Re:Easy and cheap by gregmac · · Score: 4, Insightful

    The www is something that can be surfed at home on personal time. Work is for work.

    Many other people have pointed out the value of being able to surf sites for work-related information (booking hotels, looking at competition, finding reference materials, finding suppliers/products, finding potential customers, posting job listings, ...).

    There are other ways to prevent misuse as well, rather than blocking port 80 - block specific sites (ie, hotmail) and/or use content filtering to stop people from looking at pr0n while at work. Keep in mind that these can be detrimental - at a health care related job, for example, there will be legitimate reasons to look up legitimate sites that will be blocked by content filtering.

    One thing that has been shown (I know I've read articles about this before, unfortunately I can't find referencse) is denying people "personal time" at works leads to an increase in sick days and other time off. Basically, if you don't let someone spend half an hour doing something personal while "at work", then they end up just taking an entire day off to get what they need done. This is my take on the matter, and I don't block any sites on our connection. (and no, I don't consider pr0n to be a legitmate "personal" use of time, but we're also a small company and no one really has much of a private office to use..)

    --
    Speak before you think
  9. Re:Webroot Spy Sweeper Enterprise and Lavasoft too by shyster · · Score: 4, Insightful
    The attitude of all you LAN Admins in here really pisses me off, "it's easy, lock 'em down, don't give 'em admin, take away all their PC privilages". It's easy for you to say, you have admin! You can install any software you need.

    That's because we know what we're doing. And, if we cause problems, we're the ones that have to fix it.

    How does it help the company when everytime I need to install some software to do my job I have to call you up and waste a couple of days for it to get aproved by the all-mighty-admin? How does it help the company when I can't immediately respond to a customer!?

    Who do you think is responsible for keeping track of the licenses for that software you want to install? Given admin access, how many users do you think will pirate software? (Answer: a lot). How many users will knowingly or unknowingly install spyware? (Answer: a majority) How many will get a virus? (Answer: A few. But those few will impact the entire company.) And, when they do all of this, and it takes 1-2 days to clean up their computer, how many users will understand that it's their fault and not blame the IT department? (Answer: None.)

    Your job is to help us users be more productive in doing our job, it isn't to cause you the least hassle.

    I suppose you feel the same way about your Purchasing Department (Why should I have to get a PO before ordering something? How does it help the company when I can't immediately order something I need?). Our job is not to help you be more productive in your job. It's to help the company be more productive. You're just a tiny little part of the equation.

    OK, so there are stupid users, but I don't care about them, they don't affect me, I'm just trying doing my job.

    If there truly is someone who is (a) knowledgeable of computers, (b) appropiately cautious of installing unknown or unlicensed programs, (c) reasonable enough to not blame IT for all of his computer woes, and (d) wants administrator access (and his manager doesn't care) - then I'll usually give it to them. In most cases, this guy also becomes my go-to guy for the department - which saves me from visiting for little issues.

    If you truly can't do your job because of restrictive policies (note that installing WeatherBug and AIM does not constitute doing your job) then you should explain your situation to your admin, your manager, and your admin's manager. If nothing gets done, then noone thinks you need admin access to do your job. Live with it.