Protecting clients against spyware using only URL filtering is not enough. Here is a free solution that will inspect traffic for known malicious content and protect in three ways other than URLs alone.
I continually am amazed by the free functionality available in the open source community. Today’s example is the spyware engine for the Untangle appliance. In earlier blog posts, I introduced the Untangle appliance and reviewed its AD user authentication feature and the free QoS service. The Untangle gateway and the spyware protection is a robust addition to the free product's offerings. Protecting networks from spyware is not 100-percent effective when only focusing on URLs. Untangle's spyware protection takes a different approach and protects against spyware on the appliance by performing transparent scanning on any port, remote subnets, transferred cookies, and ActiveX controls from the remote networks.The spyware engine maintains a custom database of known malicious sites that works from its antivirus protection and community contribution. For the Untangle appliance, this spyware protection is a free component of the open source gateway product. Installing the spyware is a one-click event from the Untangle management console. Once installed, the base configuration protects against the provided spyware database. Figure A shows the spyware blocker engine configuration panel.
From the client perspective, when a client goes to a Web page that is blocked or passes prohibited content, the Untangle appliance performs the intial stop of the transfer. The browser has the option to continue to the site, so a slight training investment to users would be a good idea: if the Untangle appliance displays such a warning, do not proceed. Figure B shows a browser going to a site prohibited by the spyware blocker.
The spyware blocker engine can be configured to modify the block lists, cookie lists, ActiveX controls, and subnets to match your own requirements and security levels. Further, the blocked activity is logged so you can see how effective the default database is based on the traffic behind the appliance.
The Untangle open source gateway is a free product available as a hardware appliance or for download on your own standard equipment. Revenue add-ons of additional functionality and support offerings are available for the solution. More information on the Untangle spyware blocker module can be found at the Untangle Web site.