[unisog] Anyone using Active Directory to detect spyware/adware?

Nguyen, Minh Nguyen at lsdo.ucdavis.edu
Wed Nov 3 16:49:12 GMT 2004


You might also want to consider prevent the running of active X control.
For some of our users, we prevent any downloading from the web - which
unfortunately also blocks PDF files.    I haven't found a way to say
only block the download of these types of files.   For those really bad
users (student employees), we will also block out cookies and JavaScript
from non-.edu sites.    Please note that I work in an administrative
office - so it's much easier for me to create these policies.  I really
feel for those of you who are in academic departments. 
 
Just out of curiosity, how are these users installing spyware on their
work machine?  Do they have administrative rights.
 
Minh

____________________________________________
Minh Nguyen
Assistant Dean of Technology
College of Letters & Science Deans' Office
mailto:mtnguyen at ucdavis.edu
<blocked::blocked::blocked::mailto:mtnguyen at ucdavis.edu>  (530)752-7647

 

________________________________

From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Butler, Kevin D
Sent: Tuesday, November 02, 2004 7:07 PM
To: UNIversity Security Operations Group; unisog-bounces at lists.sans.org
Subject: RE: [unisog] Anyone using Active Directory to detect
spyware/adware?


The only use of AD for spyware control we have had success with has been
with Server 2k3/WinXPPro Software Restrictions policies. The policy
restrictions work well, but the only problem is that we can only block
those exe's, reg keys, and folders that our techs have identified as
spyware. We also leverage Spybot and Adaware logs to help in this as
well. Of course, the downside is that someone (ME!) has to type all this
into the policy, so I am quite sure that there is a lot we are missing.
Also, the Software Restrictions Policy only works under Server
2k3/WinXPPro. There isn't any love for 2k, though it would be nice if
Micro$oft added it to SP5, if and when it shows up on the radar. Hope
this helps some. If you would like to get a copy of our policy, drop me
a line direct to my email

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of andy at umbc.edu
Sent: Tuesday, November 02, 2004 2:10 PM
To: UNIversity Security Operations Group
Subject: [unisog] Anyone using Active Directory to detect
spyware/adware?

I realize that this question is rather broad, but I've been asked to see
if anyone is making use of Active Directory to detect and/or control
Windows spyware remotely (as opposed to running Spybot S&D or something
similar on each PC).

Any thoughts appreciated.


- Andy Johnston

------------------------------------------------------------------------
---
** Andy Johnston (andy at umbc.edu)         *
**
** IT Security                           *PGP key:(afj2002)
4096/8448B056**
** Office of Information Technology, UMBC* 4A B4 96 64 D9 B6 EF E3 21 9A
**
** 410-455-2583 (v)/410-455-1065 (f)     * 46 1A 37 11 F5 6C 84 48 B0 56
**
------------------------------------------------------------------------
---




_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20041103/35e22cf7/attachment.htm


More information about the unisog mailing list