Re: Spyware Issue(s)

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 14 Sep 2004 09:22:21 -0700

Hmmm.
How about:
1 - don't let the users install ANYTHING
2 - see rule #1

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Ray" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 14, 2004 08:58
Subject: [isalist] Re: Spyware Issue(s)


http://www.ISAserver.org

This discussion is all well and good, but it totally misses the point.  What
is being done, or what can be done, to filter the spyware BEFORE it gets on
the machine at the ISA level?  Cleaning up after the fact is great for job
security and for times when we don't have anything else better to do.  Which
btw, is NEVER.  Where are the articles on isaserver.org discussing how to
keep all this crap off the network to begin with?  Maybe Dr Shinder is
secretly running an evil spyware empire on the side and doesn't want us to
know?  And what exactly is he a doctor of?  

Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, September 14, 2004 7:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)


http://www.ISAserver.org

Hi Tom,

Yep; they've been doing this for over a year now.
That's why all the LSP-focused tools...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 14, 2004 06:15
Subject: [isalist] Re: Spyware Issue(s)


http://www.ISAserver.org

Hi Jim,

Wow, that's pretty cool. The scumware vendors are inserting LSPs now? 

They oughtta  make a law.... ;-)

Tom 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, September 13, 2004 2:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

http://www.ISAserver.org

Sounds like you have some Winsock LSP-style spyware.
This will definitely "bugger" your client-to-ISA connectivity.
www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you find
junk like this. Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will
help you ferret out nasties like this.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message -----
From: "Greg Hess" <gmh@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 12:01
Subject: [isalist] Re: Spyware Issue(s)


http://www.ISAserver.org

No, its just that, on machines that have had spyware, our older firewall
seemed to still have no problem with their connectivity, but on ISA they
will get a 'page not found' or 'dns' error until the spyware is cleaned up,
I just wondered if anyone had any additional insight into this. G.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, September 13, 2004 3:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)


http://www.ISAserver.org

Are you suggesting that your ISA is blocking requests just because the
client has spyware on it? If so, that sounds like you've defined some pretty
creative policies...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Greg Hess" <gmh@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 10:56
Subject: [isalist] Spyware Issue(s)


http://www.ISAserver.org

Hey, we are transitioning a part of my company off of an old Checkpoint
firewall and onto ISA. As we do this, spyware seems to cause many more
problems with the people using ISA. Not in terms of getting it, but those
who have it often have it stop them from browsing the Internet until we can
get it cleaned off. Is there anything I can do to make ISA 'forgiving'
enough so that this won't cause such a headache? Any advice is appreciated.

Tx.
Greg.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmh@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2004