We do use the lockdown kit and have done for quite a while, initially to randomly monitor client machines for dodgy stuff then later to lock machines down. Unforunately it just does not work! Plus there is the social engineering of this scumware which takes advantage of users naievity to make them think the app is of real benefit to them and mentions phrases such as "Will work behind most firewalls" or "This plugin can bypass you network security setting which sometimes blocks innocent programs like this". The sad fact is scumware programmers write their software to bypass security mechanisms sysadmins put in place. We now simply rely on a good old fashioned firewall and signed agreement that says if you install unauthorised software you'll be out the door.
I'm a sysadmin in a large call centre which used to tolerate a certain amount of personal use of it's computers. One of the main helpdesk requests to the IS department had was for ghosting's of computers which had been so f**cked up by various bits of spyware. The worst offender by far was Save Now, getting it to uninstall was a pain and even when you did think it was gone, it would reappear sooner or later. We firewalled the Save Now website and any addresses the app connected to to and rather than die after 2-3 attempts the plugin would thrash the firewall contiuously trying to make a connection. We also came across a particular nasty spyware app which had no visible front end but would randomly redirect you to a porn site, thankfully we had Super Scout installed which blocked 99% of porn sites. However this didn't help the poor employee who unknowingly had this crap on his PC as he though he was going to be sacked for looking at porn (we have always had a very, very tough line on porn).
Most of the spyware on the computers was not intentionally installed which is what made it worse. The last straw for us was when we discoverd a Win98, 1ghz Pentium with 256mb RAM and a fast hard drive taking 15 minutes to start as it was loaded with so much spyware/plugins/rubbish and they all wanted to start simultaneously, running a packet sniffer on that particular machine showed that spyware was using over half the bandwidth available. We locked down the network after that barring access to anything known to inolve file sharing, plugins, spyware etc. However there is an interesting side note, we had a retained lawyer with IT specialisms, aparently the UK Computer Misuse Act makes it illegal to alter the contents of a computer without getting the users authority, which was interesting.
It's bad enought these spyware app's stealing money from deserving small websites and let's face it users as well. You just need to see the damage they can do to networks and computers as well, I can see a lot of sysadmins becomming very angry if these sort of applications get more sneaky and nasty in the way the operate.
I remember this well, my school had 6 of these Domesday kits, which must of made my school absolutely loaded. In fact they still use one of them, though not for the Domesday disks. They have a disk which has a lesson in social behaviour, a video plays and then stops with teletext style links apearing over the frozen image, typically you get a picture of some people and you use the rollerball to highlight a link to find out more. They still use the system because no one has ever transferred this disk to a more up to date format.
What always made me wonder was why they did not wait another year for the Archimedes computer, it was much more advanced and more compatible with PC's (at least they had point and click), plus their derivatives are still avaialble today despite the death of Acorn.
My school was one of the weird one's which decided to bury a copies of the laser disks along with a school uniform and a load of other 80's things in a time capsule, pity they didn't bury a player also.
While I was doing my CS degree I spent my placement year at a small data mining software company. Once we got a request from marketing company based in Estonia asking if we could clean some 'addresses', as their cutomers had a tendancy to deliberately mis-spell their addresses. We found their attempts to hide the company background and extent of their business odd especially the ordinary ISP email address (not their own domain), but never thought any more about it. We asked them for a sample data set of these 'addresses' so we knew what we were dealing with, initially they did not want to hand them over after a while we said if you don't show us the data we are unable to tender for the work. What arrived was a text files containing email addresses along the lines of: someone@REMOVETHISdomain.com me@SPAMOFFhost. com NOSPAMme@isp.net etc.
Suffice to say we did not tender for the work. What worried me was the fact that they were willing to pay good money (arounf 5,000 sterling) to extract maybe 250,000 email addresses, this goes to show there must be a good incentive to do all this spamming.
Slashdot Mirror
We do use the lockdown kit and have done for quite a while, initially to randomly monitor client machines for dodgy stuff then later to lock machines down. Unforunately it just does not work! Plus there is the social engineering of this scumware which takes advantage of users naievity to make them think the app is of real benefit to them and mentions phrases such as "Will work behind most firewalls" or "This plugin can bypass you network security setting which sometimes blocks innocent programs like this". The sad fact is scumware programmers write their software to bypass security mechanisms sysadmins put in place. We now simply rely on a good old fashioned firewall and signed agreement that says if you install unauthorised software you'll be out the door.
I'm a sysadmin in a large call centre which used to tolerate a certain amount of personal use of it's computers. One of the main helpdesk requests to the IS department had was for ghosting's of computers which had been so f**cked up by various bits of spyware. The worst offender by far was Save Now, getting it to uninstall was a pain and even when you did think it was gone, it would reappear sooner or later. We firewalled the Save Now website and any addresses the app connected to to and rather than die after 2-3 attempts the plugin would thrash the firewall contiuously trying to make a connection. We also came across a particular nasty spyware app which had no visible front end but would randomly redirect you to a porn site, thankfully we had Super Scout installed which blocked 99% of porn sites. However this didn't help the poor employee who unknowingly had this crap on his PC as he though he was going to be sacked for looking at porn (we have always had a very, very tough line on porn).
Most of the spyware on the computers was not intentionally installed which is what made it worse. The last straw for us was when we discoverd a Win98, 1ghz Pentium with 256mb RAM and a fast hard drive taking 15 minutes to start as it was loaded with so much spyware/plugins/rubbish and they all wanted to start simultaneously, running a packet sniffer on that particular machine showed that spyware was using over half the bandwidth available. We locked down the network after that barring access to anything known to inolve file sharing, plugins, spyware etc. However there is an interesting side note, we had a retained lawyer with IT specialisms, aparently the UK Computer Misuse Act makes it illegal to alter the contents of a computer without getting the users authority, which was interesting.
It's bad enought these spyware app's stealing money from deserving small websites and let's face it users as well. You just need to see the damage they can do to networks and computers as well, I can see a lot of sysadmins becomming very angry if these sort of applications get more sneaky and nasty in the way the operate.
I remember this well, my school had 6 of these Domesday kits, which must of made my school absolutely loaded. In fact they still use one of them, though not for the Domesday disks. They have a disk which has a lesson in social behaviour, a video plays and then stops with teletext style links apearing over the frozen image, typically you get a picture of some people and you use the rollerball to highlight a link to find out more. They still use the system because no one has ever transferred this disk to a more up to date format.
What always made me wonder was why they did not wait another year for the Archimedes computer, it was much more advanced and more compatible with PC's (at least they had point and click), plus their derivatives are still avaialble today despite the death of Acorn.
My school was one of the weird one's which decided to bury a copies of the laser disks along with a school uniform and a load of other 80's things in a time capsule, pity they didn't bury a player also.
While I was doing my CS degree I spent my placement year at a small data mining software company. Once we got a request from marketing company based in Estonia asking if we could clean some 'addresses', as their cutomers had a tendancy to deliberately mis-spell their addresses. We found their attempts to hide the company background and extent of their business odd especially the ordinary ISP email address (not their own domain), but never thought any more about it. We asked them for a sample data set of these 'addresses' so we knew what we were dealing with, initially they did not want to hand them over after a while we said if you don't show us the data we are unable to tender for the work. What arrived was a text files containing email addresses along the lines of:. com
someone@REMOVETHISdomain.com
me@SPAMOFFhost
NOSPAMme@isp.net etc.
Suffice to say we did not tender for the work. What worried me was the fact that they were willing to pay good money (arounf 5,000 sterling) to extract maybe 250,000 email addresses, this goes to show there must be a good incentive to do all this spamming.