Whitelist the apps is one way. MS has AppLocker which can do this, there are a vast array of others out there. I think we've had this discussion before though......
On 11 October 2012 16:23, Tom Yergeau <[email protected]> wrote: > Unless we use “scissors security” how can we avoid things that even the > experts can’t isolate the code for? This article a while back brought it > all into focus for me…**** > > ** ** > > > http://www.computerworld.com/s/article/9231418/Elusive_TDL4_malware_variant_infected_Fortune_500_companies_gov_t_agencies > **** > > ** ** > > There are some promising products out there like Bromium, but that’s for > large environments, very new, and probably very expensive. Where does that > leave the rest of us?**** > > ** ** > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Thursday, October 11, 2012 10:59 AM > *To:* NT System Admin Issues > *Subject:* Re: OT: Scour redirect virus?**** > > ** ** > > The thing about malware is that you really have to avoid it in the first > place.**** > > ** ** > > Yeah, seems like a Captain Obvious moment, but once the system is > impacted, a sophisticated piece of malware is going to do all in its power > to stay out of sight, including disabling common/popular AV products.**** > > ** ** > > I did see a lot of links about the Redirect Virus on AVG's community site: > http://forums.avg.com/us-en/avg-forums-search**** > > ** ** > > You may already have run into information such as ( > http://www.pchell.com/support/scour_redirect.shtml), which indicates how > insiduous this malware can be.**** > > ** ** > > The fact that it's a rootkit makes it somewhat problematic to deal with.** > ** > > ** ** > > Host-based protection needs to move away from the ubiquitous AV toolset. > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Thu, Oct 11, 2012 at 8:47 AM, Christopher Bodnar < > [email protected]> wrote:**** > > Just wondering if anyone else has had to deal with this one. > > Got hit with this on my home machine this week. I am by no means a > security expert, so that may have been part of my problem. But was sort of > surprised by the lack of resources/info available out there from the major > players (AVG, McAfee, Symantec, etc....). I use AVG and it had no idea the > machine was infected. and couldn't find any mention of it on their support > site. Tried both TDSSKiller from Kaspersky and FixTDSS from Symantec. > Neither of which worked. Finally gave in and tried ComboFix, which really > looked like it was questionable, but resolved the problem for me. > > Luckily this was relatively harmless in the grand scheme of things. Just > very annoying. > > **** > > *Christopher Bodnar* > Enterprise Architect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services **** > > Tel 610-807-6459 > 3900 Burgess Place, Bethlehem, PA 18017 > [email protected] **** > > > * > The Guardian Life Insurance Company of America* > * > *www.guardianlife.com **** > > > ----------------------------------------- This message, and any > attachments to it, may contain information that is privileged, > confidential, and exempt from disclosure under applicable law. If the > reader of this message is not the intended recipient, you are notified that > any use, dissemination, distribution, copying, or communication of this > message is strictly prohibited. If you have received this message in error, > please notify the sender immediately by return e-mail and delete the > message and any attachments. Thank you. **** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- http://appsensebigot.blogspot.co.uk IMPORTANT INFORMATION/DISCLAIMER I certainly don't have time to monitor the content of e-mail sent and received via this account for the purposes of ensuring compliance with anyone's policies and procedures. I am pretty sure that somewhere in UK legislation there is some politically-correct drivel that stipulates I must never send or store e-mails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, encrypted, amusing, overly long, slightly opinionated, anonymous, likely to harm animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails of this nature sent in or out of this account may be intercepted and stopped by the system, but it's a long shot. This being the UK, even if I was prosecuted for breach of said email guidelines, I'd probably walk with a suspended sentence anyway, but if I'd forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. I am not responsible for any changes made to the message after it has been sent, in more or less the same way that cyclozine manufacturers aren't responsible for drug addicts mixing it with methadone and overdosing, so I'm glad I cleared the confusion up there nice and early. Where opinions are expressed, they are not necessarily mine. However, I don't make a habit of expressing other people's opinions for them, so you shouldn't take that statement as an indication that I am in the business of providing an opinion-expressing service. In the event that I did, this discourse would provide no guarantee that I would do it anyway, but I don't, so I won't. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended addressee, or the person responsible for delivering it to them, aside from the fact that you've clearly got some level of unauthorised access to their account or are at least engaged in some sort of fraud, I'm obliged to tell you that may not copy, forward disclose or otherwise use it or any part of it in any way. To do so may be unlawful, and as you're already breaking the law, I am sure that bombshell makes you quake in your boots and turn yourself over to law enforcement immediately. If you receive this e-mail by mistake, please advise the sender immediately. That would be me, and as I am clearly prone to sending emails to completely the wrong person, I should instantly be stripped of my status as a technical consultant and sent to do something more becoming of my stupidity, such as appearing on Big Brother, the X Factor or "insert country name here"'s Got Talent. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
