Hi Charles,
If u are looking for a desktop solution then a product such as Zonelabs
Integrity will do the work,
Its centrally managed and its actuall a ZoneAlarm application firewall for
organizations which is also centrally managed,
The way it can be utilized for your needs is : your define a clean computer
as a template then u scan it with the tools that zonelabs provide,
Not that u have a clean template in the centrally managed database
All the managed desktops will only allow apps that in the clean list to
execute and connect to resources on the net.
THUS; addware and spyware will not be able to connect to no place
This is a good approach to security - defining a white list of apps,
If u are looking for a centrally managed gateway, solution.
Then :
1. Check Point NG with application intelligence can
control IM traffic in a granular way:
i.e. allow chat, do not allow file transfer in MSN..
Also: defining your own list of black listed user-agents
so the firewall will dynamically block such agents.
2. using login scripts that cleanup computers
at login is also a nice way to approach this,
3. a good proxy server for http will also complement the work,
i.e. isa 2004 proxy with add-ons from their partners to
perform anti av, and so on..
header filtering , file type filtering etc..
I think that if u wanna use a solution that will do the work then zonelabs
is the way to go. (now a part of check point) the approach is more global -
not specifically for spyware thus u get more value and flexebility.
since its not based on an accumulated spyware database that constantly needs
to be updated, rather it uses a white list approach, i.e. what I approved
will work and anything else will not work.
That’s all from me: (erez)
a former Check Point Security Consultant (and amployee).
________________________________
-----Original Message-----
From: Charles Ong [mailto:ocharles2004@yahoo.com.sg]
Sent: Friday, November 19, 2004 06:53
To: 'Steve McNamara'; 'Patrick Jordan'; focus-virus@lists.securityfocus.com
Subject: RE: Manageable Spyware Solutions?
Can it block unknown viruses too? Based on what I am using now, Finjan is
able to stop IM p2p and tunneling too... I am now using Finjan to block
AOL/ICQ, hotmail but allow only yahoo... ;)
-----Original Message-----
From: Steve McNamara [mailto:Steve.McNamara@ealaddin.com]
Sent: Friday, November 19, 2004 12:26 AM
To: Patrick Jordan; focus-virus@lists.securityfocus.com
Subject: RE: Manageable Spyware Solutions?
Pat,
I work for a company that sells a product called esafe. This
product blocks adware and spyware at the gateway level. Also, it blocks
P2P, IM, and tunneling. Even though, I work for the company I believe
the product is the best out their for content filtering.
-----Original Message-----
From: Patrick Jordan [mailto:patrick_jordan2003@yahoo.com]
Sent: Tuesday, November 16, 2004 10:51 PM
To: focus-virus@lists.securityfocus.com
Subject: Manageable Spyware Solutions?
Has anyone found an antispyware product that is
centrally manageable,
doesn't chew up crazy levels of resources (on server
and client), and is
still highly efficient at catching latest spyware /
malware variants?
We've tried a couple of the products from early
entrants in this area,
but they've been pretty unimpressive - but manually
running Spybot /
Ad-Aware combo on workstations also seems a losing
proposition.
Have a feeling this topic has already been done &
dusted, but any
thoughts much appreciated ....
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
