Hi David, Great ideas! Thanks! Tom -----Original Message----- From: David Farinic [mailto:davidf@xxxxxxx] Sent: Wednesday, September 15, 2004 3:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org >...or what can be done, to filter the spyware BEFORE it gets on the >machine at the ISA level? My biased reply would be: Get ISA plugins which: -Break logic of malware's getting to your comps via HTTP channel (for example with DownloadSecurity where DS replaces content of downloads with html page so even if there is no AV scan made for downloads it will stop most of adware/spyware getting via IE exploits and manage to download file and then somehow executed it silently.) -Block Spyware category sites with some daily updated database with company dedicated to do it. (again for example Gfi WebMonitor3 which uses ISS database) -Have one fast http streaming AV scanner( but make sure it doesn't do big postponing of data on http. That might break usual loading behavior of web pages as user's don't like that or even it might stop some http based application from working properly) With Regards David Farinic -----Original Message----- From: Ray [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 5:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org This discussion is all well and good, but it totally misses the point. What is being done, or what can be done, to filter the spyware BEFORE it gets on the machine at the ISA level? Cleaning up after the fact is great for job security and for times when we don't have anything else better to do. Which btw, is NEVER. Where are the articles on isaserver.org discussing how to keep all this crap off the network to begin with? Maybe Dr Shinder is secretly running an evil spyware empire on the side and doesn't want us to know? And what exactly is he a doctor of? Ray Dzek Network Operations Supervisor Specialized Bicycle Components -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 7:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Hi Tom, Yep; they've been doing this for over a year now. That's why all the LSP-focused tools... Jim Harrison This mail was checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection, threats analysis and anti-virus for Exchange & SMTP servers. Viruses, Trojans, dangerous attachments and offensive content are removed automatically. Key features include: multiple virus engines; email content and attachment checking; an exploit shield; an HTML threats engine; a Trojan & Executable Scanner; and more. In addition to GFI MailSecurity, GFI also produces the GFI MailEssentials anti-spam software, the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx