We take the same layered approach.
Trend IWSS at gateway with Trend OfficeScan inc Firewall / Anti-Spy on
desktops, complimented by either Spybot / MS AntiSpyware, and we do find
that one system will detect stuff the others don't.
Trend especially appears to detect lots more problematic cookies than
any of the others. The layered approach is the best, as you can not
depend upon one vendor getting updated dat files out quicker than the
others, but by having multiple layers you increase your chances of
getting a update for one of your range of products quicker.
And Spybot and MS are both free, so it should be feasible for everyone
to have a layered approach.
Rgds, K.
-----Original Message-----
From: Bruce Klein [mailto:bruce.klein@iovation.com]
Sent: 25 October 2005 22:20
To: Quark IT - Hilton Travis; focus-virus@securityfocus.com
Subject: RE: Microsoft AntiSpyware falling further behind
There will never be a perfect solution - don't wait.
For the moment think of Spyware as cold weather and you want to be
protected (warm); put on layers to protect yourself.
Symantec has updated themselves to add Spam and Spyware to their
antivirus product. We are using Symantec, Websweeper, MS anti-spyware,
and Whole Security (behavior based AS).
You might say this is overkill but who knows for sure - while they all
play nice together I feel like I am at home by the fireplace with a good
supply of logs.
Regards,
Bruce Klein |Director of IT
O:503-943-6750
C:971-645-7304
F:503-224-1581
www.iovation.com
-----Original Message-----
From: Quark IT - Hilton Travis [mailto:Hilton@quarkit.com.au]
Sent: Friday, October 21, 2005 1:51 PM
To: focus-virus@securityfocus.com
Subject: Microsoft AntiSpyware falling further behind
Hi All,
It seems that not only does Microsoft AntiSpyware recommend that
Claria's spyware is ignored, but it also misses a significant amount of
cookies that are placed on a system - I have a VPC environment where I
browse the Internet so that anywhere I go won't affect my regular
Windows session/installation. Regularly CounterSpy is detecting cookies
(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
know about.
Now, this is not only disappointing, but potentially dangerous. Any
customer or end user running Microsoft AntiSpyware or CounterSpy is not
being protected from these cookies, and MSAS doesn't even detect them -
that's right, neither program's active monitoring is stopping the
installation of these cookies, but at least CounterSpy is detecting them
post-installation.
AntiSpyware is far, far from the accuracy of antivirus, especially
something like NOD32. I wonder how long it will be before a decent
AntiSpyware application is released that, like NOD32 does with viruses,
actually stops spyware *before* it is installed?
--
Regards,
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://quarkgroup.com.au/
Microsoft Small Business Specialists
http://www.threatcode.com/ <-- its now time to shame poor coders into
writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
The information contained in this email message may be privileged,
confidential and protected from disclosure. If you are not the intended
recipient, any dissemination, distribution or copying is strictly
prohibited. If you think that you have received this email message in
error, please notify the sender by reply email and delete the message
and any attachments.
**********************************************************************
CONFIDENTIALITY NOTICE.
This email is private and confidential and may contain legally privileged
information. If you are not named as an addressee it may be unlawful for you to
read, copy, distribute, disclose or otherwise use the information contained in
this email. If you are not the intended recipient of this email please destroy
this communication and contact:
itsecurity@terex-irl.com
Any views or opinions presented are solely those of the author and do not
necessarily represent those of the company unless otherwise stated. The
contents of any attachment to this email may contain software viruses which may
damage your computer system. The Terex Group has taken all reasonable
precautions to minimise any risk, but cannot accept responsibility for any
damage which may be sustained as a result of any such viruses. The recipient
should conduct their own virus checks before opening any attachment to this
email.
www.powerscreen.com
**********************************************************************
