RE: Network spyware detection

["Mark Harris" <mharris () aspacesolutions com>]

I use a three programs, one passive the other two active. The benefit is
they overlap but catch things the others do not.

Passive: Spyware Doctor
Active (i.e. user needs to start scan - if using free version ;-)): AdAware
and Spybot Search and Destroy.

HTH


Mark Harris, CISSP
CISO

ASPACE Solutions - Securing your multi-channel business
T: +44 (0)20 7744 6248
M: +44 (0)7793 047 875
Website www.aspacesolutions.com

Three Tuns House
109 Borough High Street
London SE1 1NL


Private and confidential: This message and any attachments may contain
privileged / confidential information. If you are not an intended recipient,
you must not copy, distribute, discuss or take any action in reliance on it.
If you have received this communication in error, please notify the sender
and delete this message immediately.


-----Original Message-----
From: Nick Duda [mailto:nduda () VistaPrint com]
Sent: 02 August 2004 17:58
To: Dowling, Gabrielle; Barber, Chris Mr. ATEC/Contractor;
security-basics () securityfocus com
Subject: RE: Network spyware detection


Check out Lavasoft AdAware Pro. Realtime Ad-ware scanning.

- Nick

-----Original Message-----
From: Dowling, Gabrielle [mailto:dowlingg () sullcrom com]
Sent: Saturday, July 31, 2004 1:31 AM
To: Barber, Chris Mr. ATEC/Contractor; security-basics () securityfocus com
Subject: RE: Network spyware detection

Chris....

There are significant drawbacks to SAV9's adware "scanning"
functionality.

As you inferred, detection is limited to scheduled scans, there is no
realtime protection component as yet.

More important, it does not have any comprehensive cleaning
functionality as yet, so using the option to delete or report detected
files can be quite problematic.  (To their credit, there are cautions in
their documentation about this).

Given these two factors, it doesn't strike me as a reasonable solution
at the moment, as it essentially means you can use it for alerting
purposes only, and then have someone visit the workstation and run a
host of cleanup tools (and incur the cost for those tools, since my
perception is that none of these are free to use in a corporate
environment).  Only to have to visit the same workstation again a week
later because hey, the user chose to respond to the popup to optimize
their browsing experience once again.

I've done a limited pilot of SAV9, and found that while its done a very
good job of detecting adware (etc.... and for etc I should point out
that it is also supposed to add enhanced detection for other non viral
threats such as porn dialers)), I suspect I will not roll out this
feature and rather leave it as SOP that if users complain about system
performance, PCS will check and remove adware with an application
specifically designed for that purpose.  Otherwise, given the
proliferation of such these days, we'd have to double our pc support
staff just to respond to these detections (and for little gain, unless
their ability to perform work is measurably slowed down as a result of
the adware).

I do not see any good enterprise level apps for this purpose at this
point in time(I know some are trying to enter this place), and it's a
significant problem.  AV seems ideally suited to take on the role, for a
variety of reasons.  McAfee is supposed to already provide cleaning, but
I have no experience with current versions and so couldn't comment on
their actual success with this.

Regards

Gaby

-----Original Message-----
From: Barber, Chris Mr. ATEC/Contractor
[mailto:Chris.M.Barber () atec army mil]
Sent: Thursday, July 29, 2004 9:20 AM
To: 'security-basics () securityfocus com'
Subject: RE: Network spyware detection


Ben,
        Symantec Antivirus 9.0 has that option built in.  With SAV
Enterprise you can manage all your SAV clients and have them scan for
AD/Spy ware.  It is not an automatic scan, but it can be setup as a
scheduled scan. The schedule and the policy are pushed from the
Enterprise server to the clients.


Chris.



-----Original Message-----
From: Ben Huntley [mailto:benh () steffian com]
Sent: Tuesday, July 27, 2004 8:10 AM
To: security-basics () securityfocus com
Subject: Network spyware detection


hi,

do any of you have recommendations/preferences regarding spyware
detection software appropriate for win2k networks?  spybot s&d 1.3 is
part of our base workstation image, however, we'd like to find something
that can be controlled & maintained from an admin perpsective (e.g
broadcast updates, tweaks, et al).  thanks in advance!

ben

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----



**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the
intended recipient, please delete the e-mail and notify us
immediately.
***********************************************************************


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.733 / Virus Database: 487 - Release Date: 02/08/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.733 / Virus Database: 487 - Release Date: 02/08/2004



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------