RE: GFI Download Security
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 20 May 2004 12:54:33 +0200
>We are getting clobbered with browser hijackers. Does GFI Download
>Security kill these buggers?
Gfi DS does not block all Spyware/Malware/Adware.
It blocks malicious executables and binary files(by using more
antiviruses)
It does not block exploits which make use of html or text data.
Explanation:
DS sends instead of actual file html download status window therefore if
there is some trick of downloading executable silently or by tricking
user
DS will send for this "not desired" automated download html status page
instead of binary to client.
Of course the object is then scanned but even if the scan with all
antivirus engines doesn't catch unknown malware DS still protects you
from this automated download because in order to retrieve the file to
the client machine, DS requires user intervention which can break the
malware's installation logic.
For desired automated file updates you need to configure exception
domain list (by default set for Microsoft updates GFi and Macromedia)
However this works only when hijack of browser is using binary http
transfer.
When it is using just html/script text based http transfers to to change
your system (registry usually) then DS will not catch it.
DS also has option of disabling all activex and Java.
It is done by removing html tags which define these objects from html
page and then this filtered html page is sent to client browser.
I noticed that all antivirus plug-ins which are integrated with
DownloadSecurity are getting better and better with detection of adware
(I was comparing it for last 3 month with Adaware from Lavasoft
results).
So my answer would be DownloadSecurity definitely will give you some
protection but it will not protect your network against text/html based
Browser Hijacking.
You will need to install Ad-AWare similar programs on clients machines.
Also let me mention that we see this need for generally addressing
problem of Browser hijacking.
Further you can install GfiWebMonitor2 which will show you in real time
WHATS UP on your network right now and in past in http terms.
WHERE,WHO,WHEN,WHAT
This will help youidentify not desired http connections and
program(malware) which is causing it.
From my experience with GfiWebMonitor2 when I see in USER history
Daily web usage (hits over time) some periodic activity it immediately
catches my attention as I know these are not user's activities but more
likely some automated http queries.
Also web monitor shows 13 important real file
types(mp3.exe.zip.rar.flash....) not only file type info what been
served from web server by file name extension or content-type http
header information.
With Regards David Farinic
-----Original Message-----
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Wednesday, May 19, 2004 6:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] GFI Download Security
http://www.ISAserver.org
Hi,
I hope you guys know this product better than GFI's sales people. I
called
and I was not very impressed with the pre-sales knowledge.
We are getting clobbered with browser hijackers. Does GFI Download
Security
kill these buggers? Or do I need to install AdAware on every PC in the
company?
I have downloaded the trial version, but was hopping for some anecdotal
information from the crowd before I plunk down $1,000+.
Thanks in advance.
Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidf@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.
Other related posts:
