[TriLUG] Corporate solutions for spyware?

Mike Parkhurst Mike.Parkhurst at samsys.com
Mon Jan 9 14:22:30 EST 2006


It's even worse than that.  Most M$ systems have more holes than Swiss
cheese, and users who click on anything they see don't help matters.  

I have a Barracuda, and BTW like it, but it does not SOLVE the spyware
problem, it just sort of closes two entry points.  Those points are e-mailed
viruses (virii?), and malicous SPAM.  That still leaves obvous holes like IE
and AIM, but we are getting a little off topic for my tastes.

To bring this back a little towards Linux/FOSS, I have been playing around
with Snort on Debian since I feel that the only reliable way to spot spyware
is as it phones home.  I have Oinkmaster configured to use the official sigs
as well as the bleeding edge signatures.  I tail -f the Snort logfile.  It
works great as far as stability, etc, but there are issues.  The first is an
insane number of uninteresting alarms, which can be configured out with the
Snort config file.  As an improvement on tailing the Snort logfile, I have
built a syslog server to send the alarms (and other traffic) to.  That
effort is rather primitive, though functional.  Has anyone out there built a
syslog server they like?  Care to share some pointers or links?  Any help
would be appreciated.

Mike
  
-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of jonc
Sent: Monday, January 09, 2006 12:48 PM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] Corporate solutions for spyware?

Spyware is a *big* problem these days. Some come via email but from what
I've seen in industry most spyware is put on Windows boxen by
unsuspecting folks who actually download it themselves and install
it.... "Hay look what Tiny Elvis does when I get an email!"

Folks who what stuff for free need to use Linux (or BSD).

Most virus scanners will also look for spyware - especially the really
bad stuff. Unfortunately, spyware is one of the least reported abuse
items, so many instances go unnoticed. Plus the user *actually*
installed it. Most times it does something legit that the poor batsord
wants.

I've found Zone Alarm to be most helpful in tracing it down and killing
it - even after the user has told Zone Alarm to let the spyware have its
way with their internet connection.

These days though you really need a app (if your Virus scanner doesn't
do it) that will look for and remove spyware. 

This site has also been helpful in manually extracting some relatives
who have "Tiny Elvis-ed" themselves into some real trouble:
  http://www.spywaredb.com/

Good Luck - Jon Carnes

On Mon, 2006-01-09 at 12:14, Chad Thomsen wrote:
> This may be off topic because spyware is usually a windows issue.  That
> being said what are folks doing about spyware in a corporate environment.
> Is spyware that big of a deal to worry about in a corporate environment
(200
> user network).  We have all windows clients, windows, linux and AS400
> servers.  I have already implemented spam and anivirus solutions but am
> wondering if the spyware is a real issue for a small to medium size
business
> and what  products to look at.
> 
> I am looking at a Barracuda applicance currently if I get a solution.  I
> can't go with Linux based (home built) because I don't have enough time to
> baby sit it and its nice to have managment point the finger at Barracuda
if
> something goes wrong with THEIR applicance and not my home built solution.
> 
> Any advice and/or opinions appreciated.

-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/




More information about the TriLUG mailing list