It's even worse than that. Most M$ systems have more holes than Swiss cheese, and users who click on anything they see don't help matters.
I have a Barracuda, and BTW like it, but it does not SOLVE the spyware problem, it just sort of closes two entry points. Those points are e-mailed viruses (virii?), and malicous SPAM. That still leaves obvous holes like IE and AIM, but we are getting a little off topic for my tastes. To bring this back a little towards Linux/FOSS, I have been playing around with Snort on Debian since I feel that the only reliable way to spot spyware is as it phones home. I have Oinkmaster configured to use the official sigs as well as the bleeding edge signatures. I tail -f the Snort logfile. It works great as far as stability, etc, but there are issues. The first is an insane number of uninteresting alarms, which can be configured out with the Snort config file. As an improvement on tailing the Snort logfile, I have built a syslog server to send the alarms (and other traffic) to. That effort is rather primitive, though functional. Has anyone out there built a syslog server they like? Care to share some pointers or links? Any help would be appreciated. Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jonc Sent: Monday, January 09, 2006 12:48 PM To: Triangle Linux Users Group discussion list Subject: Re: [TriLUG] Corporate solutions for spyware? Spyware is a *big* problem these days. Some come via email but from what I've seen in industry most spyware is put on Windows boxen by unsuspecting folks who actually download it themselves and install it.... "Hay look what Tiny Elvis does when I get an email!" Folks who what stuff for free need to use Linux (or BSD). Most virus scanners will also look for spyware - especially the really bad stuff. Unfortunately, spyware is one of the least reported abuse items, so many instances go unnoticed. Plus the user *actually* installed it. Most times it does something legit that the poor batsord wants. I've found Zone Alarm to be most helpful in tracing it down and killing it - even after the user has told Zone Alarm to let the spyware have its way with their internet connection. These days though you really need a app (if your Virus scanner doesn't do it) that will look for and remove spyware. This site has also been helpful in manually extracting some relatives who have "Tiny Elvis-ed" themselves into some real trouble: http://www.spywaredb.com/ Good Luck - Jon Carnes On Mon, 2006-01-09 at 12:14, Chad Thomsen wrote: > This may be off topic because spyware is usually a windows issue. That > being said what are folks doing about spyware in a corporate environment. > Is spyware that big of a deal to worry about in a corporate environment (200 > user network). We have all windows clients, windows, linux and AS400 > servers. I have already implemented spam and anivirus solutions but am > wondering if the spyware is a real issue for a small to medium size business > and what products to look at. > > I am looking at a Barracuda applicance currently if I get a solution. I > can't go with Linux based (home built) because I don't have enough time to > baby sit it and its nice to have managment point the finger at Barracuda if > something goes wrong with THEIR applicance and not my home built solution. > > Any advice and/or opinions appreciated. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
