Security Incidents: RE: IE Malware / Spyware Control Methods

[matt <matt () scrapshells com>]

The solution you choose depends entirely on how much you trust your 
clients to learn and follow good security practices.  The fact that you 
are having to deal with a large amount of spyware, to me reduces that 
trust.

Ad-aware, SpybotSD, Firefox are all reactive solutions.  While I would 
agree that they are good and do use them myself, I have installed all of 
them on many client computers to return to the client site weeks or months 
later and find that they have never been run, never been updated, or 
effectively crippled by user actions.  Can you trust your clients to 
periodically run Ad-Aware and use firefox for their browser?  Remember 
that Internet Explorer will beg to become the default browser at every 
chance it gets bypassing all of your time installing firefox.  Many 
endusers believe that just because a product is installed they are 
protected and freely continue the same poor security habits.

All that not to mention the fact that replacing IE as a browser will not 
help you at all if the spyware/malware becomes installed as a part of 
third party software.  How many of your users have installed Kazaa, 
weatherbug, every "helpful" search bar and internet enhancer under the 
sun.

Give the users less privaleged accounts, enforce policies on installing 
software, and use automated periodic Ad-Aware scans.

Ad-Aware Professional has documented command line switches to automate 
updates, scanning, and can even hide the entire process from the user.  
Put it in a script and have it send you the results.  

                                -Matt-