Letter #4: Poor man's antispyware solution
Reader: Carlos Zottmann
Head of Network Security
Superior Tribunal de Justiça
Environment: We have 2,500 workstations running Windows 2000 and Windows 98, which are being upgraded to Windows 2000.
Spyware dilemma: We have about 3,000 users and educating them on antispyware practices is difficult. We run our antispyware tools centrally through set up and run via logon scripts. That way we can gain some level of protection on all of our workstations regardless of the user's knowledge.
Antispyware solution: Spybot-S&D, Javacool Software's SpywareBlaster, Spyad, Symantec's AntiVirus
We have a poor man's spyware solution. We chose these three antispyware tools because they are free (to avoid licensing problems) and they complement each other. We don't use them in any particular order. We catch the modifications that these products make in the Windows registry, and replicate them to all of our corporate desktops through logon script.
We also use Symantec's AntiVirus solution, which has the ability to scan the desktops for spyware, adware, dialers, etc. We encourage our users to run this software if they want to scan their computers.
These tools don't eliminate our spyware problems (no solution does), but it helps to deal with it. Every workstation in our network now has some basic features offered by the three tools, including the ability to:
- Block the CLSIDs associated with a lot of spyware, preventing them from running.
- Block the setting of cookies by a number of sites known (by these tools) to install spyware.
- Block any download from a number of sites known (by these tools) to install spyware.
Carlos' reasoning for catching antispyware definitions in the registry:
- It minimizes the lack of a central management console for antispyware products when deployed over a corporate network.
- It ensures that every desktop has some level of protection against spyware, regardless of any user action.
- It doesn't offer a way to automatically discover the new spyware detected by each product, so we must catch the registry modifications every week (or during each specified period).
- We miss the online defenses that each one of these tools offers.
For more letters to the editor, click for the complete series.