Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Antivirus Overwhelming Scanners

Posted by CmdrTaco on Thursday October 1, 2009 @04:20AM from the i'd-rather-be-phishing dept.

ChiefMonkeyGrinder writes "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."

1 of 334 comments (clear)

Min score:

Reason:

Sort:

Re:Major pain by Real1tyCzech · 2009-10-01 06:26 · Score: 5, Insightful

"Admin rights are required on all the computers for access to active directory and such."
BZZT!
Access to AD only requires the *user* have admin rights, not the Computer.
Try this (has worked wonders for us):
Create two accounts for each user. One for day-today use, one for AD admin tasks. (Add AD in front of their username or some such) Secure their day-to-day as a limited user account. Lock the admin account down. Don't even give them proxy access or network share access.
Create a shortcut on their desktops (to dsa.msc, or whatever) and right-click it. Under properties/advanced, set it to run with alternate credentials.
Now, when they log into their day-to-day accounts, they can still open the dsa shortcut and enter i their "admin" account credentials to manage the AD, but now neither the AD account or their mornal day-to-day account will be capable of installing "AV2009".
Seriously, try it.
Problem solved.