RE: [ActiveDir] OT:spyware

[Kern, Tom]

When a user gets a virus, that virus will execute under that user’s security context. So a regular user should NOT have a virus write to those keys. True?   Or can a virus somehow get localsystem access?   Thanks   As to Symantec, I know this is not the forum for this, but I’m pretty much at my limit with their products. I get infected by viruses that came out a year or 6 months ago AND all our definitions are up to date. I could chalk it up to my fault as an admin, if someone could just explain to me how I can be infected by a virus I already have the defs for. I assume the real time auto protect service is made to start BEFORE any virus or worm does. Oh well. End of rant.       From: Dan DeStefano [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 5:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT:spyware   Remember that Ad-Aware can only be legally used in non-commercial environments. Spybot S&D and Spyware Blaster are both free to both home and corporate users, so I usually use these instead of Ad-Aware. Regular users should not be able to write to the hklm\software\microsoft\windows\current version\run key unless you have changed the key's permissions.     Daniel DeStefano         -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kern, Tom Sent: Wednesday, September 29, 2004 4:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT:spyware Lately I my users have been plagued with spyware and adware. What do you guys do to fight this? Can Spybot be pushed out as an msi via a gpo? Or ad-aware? Should I set the killbit on all the local active x controls? Should I prevent active x and _javascript_ing in IE thru a gpo?   I’m running win2k/xp clients, but mostly win2k.   Finally, when you get a worm or a virus that writes to the hklm\software\microsoft\windows\currentversion\run key, does the worm/virus run under the user’s security context? Meaning, if the user is just a local user and thus has no privileges to write to those keys, shouldn’t the worm or virus not be able to as well?   Thanks and sorry for the deluge of questions, OT as they are.