>We are getting clobbered with browser hijackers. Does GFI Download >Security kill these buggers? Gfi DS does not block all Spyware/Malware/Adware. It blocks malicious executables and binary files(by using more antiviruses) It does not block exploits which make use of html or text data. Explanation: DS sends instead of actual file html download status window therefore if there is some trick of downloading executable silently or by tricking user DS will send for this "not desired" automated download html status page instead of binary to client. Of course the object is then scanned but even if the scan with all antivirus engines doesn't catch unknown malware DS still protects you from this automated download because in order to retrieve the file to the client machine, DS requires user intervention which can break the malware's installation logic. For desired automated file updates you need to configure exception domain list (by default set for Microsoft updates GFi and Macromedia) However this works only when hijack of browser is using binary http transfer. When it is using just html/script text based http transfers to to change your system (registry usually) then DS will not catch it. DS also has option of disabling all activex and Java. It is done by removing html tags which define these objects from html page and then this filtered html page is sent to client browser. I noticed that all antivirus plug-ins which are integrated with DownloadSecurity are getting better and better with detection of adware (I was comparing it for last 3 month with Adaware from Lavasoft results). So my answer would be DownloadSecurity definitely will give you some protection but it will not protect your network against text/html based Browser Hijacking. You will need to install Ad-AWare similar programs on clients machines. Also let me mention that we see this need for generally addressing problem of Browser hijacking. Further you can install GfiWebMonitor2 which will show you in real time WHATS UP on your network right now and in past in http terms. WHERE,WHO,WHEN,WHAT This will help youidentify not desired http connections and program(malware) which is causing it. From my experience with GfiWebMonitor2 when I see in USER history Daily web usage (hits over time) some periodic activity it immediately catches my attention as I know these are not user's activities but more likely some automated http queries. Also web monitor shows 13 important real file types(mp3.exe.zip.rar.flash....) not only file type info what been served from web server by file name extension or content-type http header information. With Regards David Farinic -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Wednesday, May 19, 2004 6:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] GFI Download Security http://www.ISAserver.org Hi, I hope you guys know this product better than GFI's sales people. I called and I was not very impressed with the pre-sales knowledge. We are getting clobbered with browser hijackers. Does GFI Download Security kill these buggers? Or do I need to install AdAware on every PC in the company? I have downloaded the trial version, but was hopping for some anecdotal information from the crowd before I plunk down $1,000+. Thanks in advance. Ray Dzek Network Operations Supervisor Specialized Bicycle Components ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: davidf@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection, threats analysis and anti-virus for Exchange & SMTP servers. Viruses, Trojans, dangerous attachments and offensive content are removed automatically. Key features include: multiple virus engines; email content and attachment checking; an exploit shield; an HTML threats engine; a Trojan & Executable Scanner; and more. In addition to GFI MailSecurity, GFI also produces the GFI MailEssentials anti-spam software, the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.