Enterprise Level Spyware Prevention?

T

Tim Wardlaw

Limp Gawd
Joined
May 13, 2002
Messages
360
Hi guys, do any of you sys admins or security guys out there, working for a 50K+ employee network, have any info on spyware software that would run accross an enterprise level network? Because local prevention on individual boxes is ok... but when i need 50k + licences its a pain in the ass. I know trend micro has something right now but I need no know more about it, or any others for that matter.. I'm mostly looking for spyware, malware, etc. filtering. So if anyone can post up any info or companys or consultants to contact I would really appreciate it.
Thanks guys.

In the mean time... google is my friend :)
 
Well I don't have 50k users but I only have 200 User network with spyware prevention.

I chose Adaware. Since its the best I might as well use it..

This is what I did.

I purchased 200 cals of adaware 6.0

Setup a Workstation how I would like spyware scan and schedule to be implemented. Pointed update to a network share where a new reference file is going to be stored. I then created a custom msi of adaware directory. Since Adaware doesn't use registry to keep its settings I created a install msi from the directory and all the settings I made. I added the msi in remote installation services and pushed to install onto clients. I then setup adaware on a server, I disabled most features since servers are not prone too spyware, I just sheduled an update for reference file every morning and to put in a network share where all the workstations will look for a new reference file.

Adaware support helped me out with this. Great support and a great product.
 
good ideas.
I could prob buy a blanket license to cover all workstations and just set up an sms to all the clients. Right now im just blocking most things through a proxy but this could also help. thanks m8
 
yes but, were looking more for a system that we can implement across the corporation to prevent it from getting in, not just removing it once it is there.
 
SpywareBlaster is suppose to stop it from getting in and is also free.
 
you could always take away the internet... its cheap and effective... your superiors will love it
 
Sickness said:
you could always take away the internet... its cheap and effective... your superiors will love it
Click to expand...
Haha, yeah, just download the internet and use it locally... I love doing that... downloading THE internet..
 
hehe, yea getting rid of the net would work... BUT We would also go bankrupt so.. lol. If only MS could release an IE with ohh lets say.. no flaws?
 
Well, a guy that works here came from a very popular electronics retail chain. They used TrendMicro OfficeScan, and the newest version (6.5...which we're using) detects spyware and also has a personal firewall/IDS. It's pretty awesome. I'm sure if they're not 50k+ employees, they're REALLY close to it.
 
Lavasoft could make SO MUCH MONEY if they would only release a client/server version of AdAware, similar to Norton's enterprise anti-virus. I know I'd buy it for all the clients I work with.
 
I know what works I don;t trust any thing but adaware and webroot for spyware removal. Spybot S&D is garbage it misses to many damn things. There have been a lot of reviews that point to the fact Adaware is still the best and from personal expierience I concur with that conclusion.
 
put firefox on their comptuers, set it as default, and hide the IE icons from them... the ones that know that you can just type the url in windows explorer and make it turn into IE will also be smart enough to not be the ones getting spyware on their comptuers in the first place... everyone else will just use firefox and not know the difference.. i did that with a few people at work and so far it has worked...
 
I dont consider firefox to be stable enough yet for enterprise use, but maybe on a limited deployment. Just make sure that you dont have anything your employees use for company purposes that uses ActiveX.

What I wish they would do with firefox is include ActiveX support, but only on websites or domains that you would have to specify in a setting somewhere. There are legitimate uses for ActiveX...
 
Little OT

I recently deployed firefox as our default browser (small office 55 users). What made it possible and effective was an extension that allows users to right click a page and have it open under IE. Without this the rollout woul dhave failed as too many pages we need access to use either ActiveX or use sloppy code and normally Firefox refuses to render poorly (non standard conforming) pages. All the webs crappy pages are just a right click away now using firefox. YAY

With this I was able to roll it out and have little negative feedback. I find that amazing in itself as some users whine about things before any change even takes place.
 
^

Thats a great idea! I use firefox as my primary browser and have for months, but some pages just work better with IE.
 
Tim Wardlaw said:
Enterprise Level Spyware Prevention? Hi guys, do any of you sys admins or security guys out there, working for a 50K+ employee network, have any info on spyware software that would run accross an enterprise level network? Because local prevention on individual boxes is ok... but when i need 50k + licences its a pain in the ass. I know trend micro has something right now but I need no know more about it, or any others for that matter.. I'm mostly looking for spyware, malware, etc. filtering. So if anyone can post up any info or companys or consultants to contact I would really appreciate it.
Click to expand...
I would look into an application layer aware firewall content proxy. WebSense is a great product that works hand in hand with Microsoft's ISA Server, Cisco's PIX firewalls, and many other firewalls... It really works; you can fine tune what, where, who, & how your internet connection is presented to your end users.
http://www.websense.com/products/about/Enterprise/
 
Websense is a good product. I still feel you're going to need something at the host-level as well. The major downfall with Websense in preventing Spyware comes when it's integrated with the PIX (and possibly other vendors, I'm not sure how their products work with websense).

Basically how the PIX and Websense work is that when a user makes a request for a webpage, it goes through the PIX. The PIX sends the URL in a "Lookup Request" to the websense server. While the Websense server is looking up the URL to see if it's permitted or not, the PIX goes ahead and sends out the user's request for the web page to it's destination. The web server responds to the PIX with the requested page, and the PIX caches this page in memory until it recieves the response from Websense. If Websense says "ok" then the PIX forwards the cached page to the user. This is an extremely fast process, and the way the PIX acts is the reason there seems to be zero delay in web surfing. The downfall is that with a lot of spyware, the data the spyware is trying to collect from the user's PC is often sent out in the first packet. Remeber the PIX always forwards the first packet, it just caches the response and waits for Websense. So if that data is in the first packet, it's already gotten to the server. This is why it's important to have multiple layers of protection from viruses/worms/spyware/malware.
 
Thanks Guys, this is really helping us a lot. I knew I could count on you guys for some good info. :D keep it coming :)
 
You must log in or register to reply here.
Back
Top