[unisog] dns redirection vs local host files which or neither helps in the malware fight

Harris, Michael C. HarrisMC at health.missouri.edu
Fri Nov 5 16:00:54 GMT 2004

I am in a discussion with our workstation support staff about methods of
blocking spyware and malware

The workstation and server support folks want to rollout local hosts
files with an AD policy push and logon files.
Network folks think modifying DNS entries and doing redirection to an
internal warning page is a better solution, but not a good one.

Anecdotally I don't see either of these solutions being manageable but I
am looking for proof.  If you have links to success or failure stories
using these methods please send me a link, off list if you prefer.
(harrismc at missouri.edu)

Other than the obvious nightmare dealing with the constant churn of the
malware addresses I would like some input from what other sites have
done, what works and what doesn't.

I have done a bunch of googling already and found many host file sources
but mostly this is geared to individual workstations and small groups
not as an enterprise solution.  Also the sites via google don't talk
about the problems

Mike Harris
System Security Analyst
University of Missouri Health Center
harrismc at missouri.edu KC0PAH

More information about the unisog mailing list