General discussion


Is spyware clogging your firewall?

By debate ·
Has your organization experienced a problem with spyware? How did you deal with it? What tools do you use to fight spyware? Share your comments about dealing with spyware on your organization's systems, as discussed in the Sept. 20 Internet Security Focus newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today! Click this link to subscribe automatically:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Two thumbs up!

by Nitrosoft In reply to Is spyware clogging your ...

Great, you suggest that instead of fixing a problem you just hide the effects? why not suggest the rollout of software such as Spybot search and destroy that might be able to detect and stop spyware installations? and regular scanning of machines to help detect and fix spyware problems? Certainly I think anyone thinking of taking the advice -mask the problem so it appears to have gone away, would be wrong.

I honestly hope you don't feel you've done a good job, If I were the manager at said hospital I don't think I'd be happy if I paid you to fix a problem and instead of fixing it you just covered it up. -What sort of advice is that to spread? I say bad advice.

Collapse -

I agree!

by cfiorotto In reply to Two thumbs up!

Soy administrador de la red de una peque?a empresa (30 computadoras), y he encontrado este Spyware en dos de nuestras PCs. Corriendo un programa actualizado como Ad-Aware Personal soluciona el error. El tema es cuando se trata de una cantidad de mas de 100 maquinas conectadas con Internet, ?c?mo identificar cual tiene este Spyware instalado? De eso se encargar?a el administrador de esa red, no alguien que valla un par de horas a solucionarle el problema. Creo que lo tuyo es s?lo una solucion TEMPORAL. La tarea de identificar y desinstalar el Spyware queda a cargo de la instirucion.

Buen trabajo!

Collapse -

I agree = "Estoy de acuerdo"

by j.g. In reply to I agree!

"I am LAN admin at a small biz w/ 30 PCs, and I have found this spyware on 2 PCs. Running a pgm. like AdAware Personal solves the problem. The trouble is when you have over 100 machines on thhe do you ID the one with the spyware? That's what the LAN Admin should've done, not someone visiting for two hours of problem-solving. I believe your solution is only TEMPORARY. "Homework" of ID'ing and uninstalling Spyware is still left for the institution to do."

Hasta la lista,

Collapse -


by tovar_cuellar In reply to I agree!

In fact, many times I've experienced troubles with performance that was because of a Spyware, but still haven't experienced url's firewall blocking. But I agree, that's not difficult to find that.

In contrast, I think it's better to have Spyware removal software like Spybot or Ad Aware. Still better, to have an integrated Firewall-AntiSpy solution. And somthing I don't agree with is that this could not forcely be the Administrator's job to correct this problem, at least not manually, if having this type of integrated solution.


Collapse -

My tool

by neuber In reply to Is spyware clogging your ...

We use Security Task Manager ( It displays detailed information about all running processes (applications, DLLs, BHOs and services). For each process, it improves on Windows Task Manager, providing file name and directory path, security risk rating, description, start time, CPU usage graph, embedded hidden functions e.g. keyboard monitoring, browser supervision or manipulation, process type e.g. visible window, systray program, DLL, IE-plugin, service, and more. The Security Task Manager recognizes also virtual driver software, services, BHO and other processes hidden from the Windows task manager

Collapse -

Enterprise Solution - Block ALL Avenues of Spyware

by black_eyed_pea In reply to Is spyware clogging your ...

I may write a follow up in this forum for SOHO solutions to spyware, but what I'm about to write does not exactly apply to small businesses living on the cheap. Spyware is a complicated and invasive problem. It therefore requires a layered approach. In my opinion, a proactive enterprise will have the following:

1. A web/URL filter to block sites that host spyware, mobile malicious code, web-based email, and remote proxies. (Installation of P2P file sharing and IM clients are a leading cause of spyware.)
2. A solution that will allow administrators to block the download of certain file types.
3. A solution to block specific ports used by spyware related apps like IM and P2P.
4. Methods to detect and block spyware on each client workstation.
5. Methods to remove spyware that did not get blocked.
6. Acceptable use policies for enterprise network and email.
7. End user education.

An enterprise can configure a secure stack, including a firewall, cache proxy, and web/URL filter to accomplish the first three objectives. SurfControl and Websense are worth investigating as URL/Web filters. Websense claims their product is the only one that blocks incoming and back-channel transmission of spyware.

Check out these URLs:

Related Discussions

Related Forums