Re: Spyware Issue(s)
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Sep 2004 10:08:28 +0200
>...or what can be done, to filter the spyware BEFORE it gets on
>the machine at the ISA level?
My biased reply would be:
Get ISA plugins which:
-Break logic of malware's getting to your comps via HTTP channel (for
example with DownloadSecurity where DS replaces content of downloads
with html page so even if there is no AV scan made for downloads it will
stop most of adware/spyware getting via IE exploits and manage to
download file and then somehow executed it silently.)
-Block Spyware category sites with some daily updated database with
company dedicated to do it. (again for example Gfi WebMonitor3 which
uses ISS database)
-Have one fast http streaming AV scanner( but make sure it doesn't do
big postponing of data on http. That might break usual loading behavior
of web pages as user's don't like that or even it might stop some http
based application from working properly)
With Regards David Farinic
-----Original Message-----
From: Ray [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Tuesday, September 14, 2004 5:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)
http://www.ISAserver.org
This discussion is all well and good, but it totally misses the point.
What
is being done, or what can be done, to filter the spyware BEFORE it gets
on
the machine at the ISA level? Cleaning up after the fact is great for
job
security and for times when we don't have anything else better to do.
Which
btw, is NEVER. Where are the articles on isaserver.org discussing how
to
keep all this crap off the network to begin with? Maybe Dr Shinder is
secretly running an evil spyware empire on the side and doesn't want us
to
know? And what exactly is he a doctor of?
Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, September 14, 2004 7:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)
http://www.ISAserver.org
Hi Tom,
Yep; they've been doing this for over a year now.
That's why all the LSP-focused tools...
Jim Harrison
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.
Other related posts:
