We use Appsense, it is highly effective on a well patched, properly configured machine. You need to have a handle on your installation accounts that are trusted owners of executables. You also need to make sure you are well patched to avoid problems of privedge elevation and buffer overflow exploits. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of PETERSON, DAVID Sent: Friday, October 15, 2004 2:04 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Spyware Tools Has anyone tried an app like AppSense Application Manager for spyware? It might be overkill, but may be more likely to stop them from installing if a program is only allowed to run or install if the owner is a preset trusted user. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Trevor Fuson Sent: Friday, October 15, 2004 4:56 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Spyware Tools Autoruns from sysinternals, it is similar to Hijack this however autoruns can hide MS signed components and executables. This makes malware disguised as MS components really pop out. The problem with all spyware removable tools is that they will never detect all malware. In fact most malicious software is actually valid software that has been specially configured to host all sorts of undesirable services from your computer. Types of software such as FTP servers, Web Servers, SMTP Servers, Task Schedulers, Packet Sniffers and Remote Control tools will all most likely be not be detected. Run autoruns with every option under the view menu selected, then inspect each entry on an individual basis. You should see a few items, like your antivirus and terminal services related tools. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rusty Yates Sent: Friday, October 15, 2004 11:37 AM Subject: [THIN] Spyware Tools What is everyone using to scan their servers for Spyware? We are currently looking for options. Thanks, Rusty NOTICE: This electronic mail transmission from the law firm of Dinsmore & Shohl may constitute an attorney-client communication that is privileged at law. It is not intended for transmission to, or receipt by, any unauthorized persons. If you have received this electronic mail transmission in error, please delete it from your system without copying it, and notify the sender by reply e-mail, so that our address record can be corrected.