Server side spyware blocker

[Drakkon]

Is there any software that can be installed to windows server 2003 that will block porn/websites for computers on the domain or more specificly block the spyware thats associated with them?
I'm looking for the quickest,fastest solution due to the fact some perv here can't seem to keep his hands out of his pants...so if it can be specific user based even better

 

[Brazen]

We use content filtering on our SonicWALL firewall. For a Windows Server I would recommend TrendMicro InterScan Web Security.

 

[MedicBob]

Blocking isn't really the answer as they can block legit sites too. Intervention seems to work better if it is at work. If they know you are watching them, it tends to stop. If not more drastic measures might be needed.

 

[b4u]

Why not putting a "black list" paper on the wall?

You would put user, amount of download, most visited sites ... you could display the first 20-30 users ordered by amount of download (descending, ofcourse).

I bet people would be more carefull then ... put the list near the coffe machine, wheer people do their work break.

 

[Need4Speed]

Originally posted by: b4u
Why not putting a "black list" paper on the wall?

You would put user, amount of download, most visited sites ... you could display the first 20-30 users ordered by amount of download (descending, ofcourse).

I bet people would be more carefull then ... put the list near the coffe machine, wheer people do their work break.

or the more savy users would use an ssh tunnel and proxy the connection

 

[skyking]

it is all a moot point without an Acceptable Use Policy (AUP).
Anything that you do could backfire drastically. This perv could sue the company!!!!
If you don't already have one, get with management and legal and draft one up.
If you do have one, document the abuses per current policy and act on it as set forth in the policy. To do anything else is a bad idea.

 

[alent1234]

where i work we use websense, but that costs an arm and a leg

the real value of these products is that they continually update with new websites, and websense is pretty good at that

if you want to use self-policing try this. on the file servers do a search for mp3, movie files, and picture files. If you find mp3's just delete them. if you find porn tell your manager so they can go to HR. one time i found porn on some woman's home folder, and she was fired.

 

[spidey07]

have them proxy through any number of programs that do this. I think even microsofts ISA server can do it.

 

[Drakkon]

well its not necesarly the porn worried about actually...more the spyware taht comes along with it....spend more hours cleaning that off machines some days than i do working on stuff that needs to get done...i guess thats the real question...are there any server products that can help out with that that dont make me install on every users machine?

TrendMicro InterScan Web Security - that does seem to have some potential...

 

[spidey07]

inline scrubbers work very wall - trend, as you mentioned.

The whole approach to spyware/virus/malware is one of defense in depth - protect the pcs, protect the servers, scrub the traffic to/from the internet.

Trend does a really good job of this.

 

[Brazen]

Yeah, like I said we use SonicWall's content filtering, but I definately liked Trends IWS better. Unfortunately we have come software that will not work if a proxy is set in Internet Explorer.

 

[alent1234]

The new version of Symantec Anti-Virus corporate edition is supposed to have spyware stuff in it. I think trend also has a similar product.

 

[imported_JFG]

How computer savvy is the user? You could set restrictions in his browser (most browsers). I had a user that frequented porn sites. I changed his home page to his favorite site & told him his browser was hijacked. He said he never visited the site. We told him we would have to investigate and get the higher ups involved. He was embarrassed & came clean & we haven't had the problem since

 

[skyking]

I have resisted the urge mightily, but I often think of having great fun with someone's host file. Oh the creative redirecting you could do.......

MUST RESIST

 

[Brazen]

How about a server side porn ACCELERATOR?

 

[Wizkid]

If you are worried about spyware/adware then you can always remove administatrive priviledges for the users. I recently did this here and it took care of 99% of the crap

Otherwise I agree with skyking... you need an AUP. And someone downloading porn at work should be fired.

 

[Boscoh]

You should never monitor your employees without having a policy (with or without login banners, as long as they sign off on a policy) that says there should be no expectation of privacy and monitoring could take place. Without doing that, you could be legally exposed. That also takes care of some problems when they know monitoring is happening. However, people are surprisingly stupid even when they know they are being monitored.

Websense works well to filter Internet traffic, and also can block spyware's access to it's servers, although it wont always block the spyware download itself. SurfControl works well too.

I've never used Trend Micro's proxy filtering server, but their OfficeScan Corporate Edition version 6.5 does include real-time spyware detection and removal on the desktop/laptop clients and it works VERY well.

 

[Trevah]

Another good idea is to use a driveshield program like http://www.centuriontech.com/driveshield.htm . It works really nice to avoid getting spyware etc...

 

[Kristi2k]

We use SurfControl here, and SC updates itself with the latest and greatest porn sites along with other non-work related sites that we can choose to block.

 

[Drakkon]

Again I'll state the porn is not the biggest issue (I work at a VERY liberal company that does a lot of research in various things and inevitibly we run across porn sites, the specific guy in question is just my biggest offender because he does research into human 3d models and frankly porn offers good varying perspectives of the body). It just seems like blocking the porn would cut it down, but in actuality its the spyware thats more concerning and it looks liek theres programs out there that might target just that.
The bigger issue is the spyware that comes along with them and with email and all that. Thanks for all the suggestions, it looks like there could be any combination of ways to solve this problem and reduce my having to spend a day a week on this guy's machine cleaning it up.

 

[spidey07]

Well if you're biggest issue is spyware, join the club.

It is one of the biggest concerns among IT nowadays. I suggest approaching it like you do viruses - multilayered approach on clients, servers and pipes.

Believe it or not I've been really impressed with microsofts latest spyware scanning/removal on clients.

 

[Brazen]

Originally posted by: Boscoh
I've never used Trend Micro's proxy filtering server, but their OfficeScan Corporate Edition version 6.5 does include real-time spyware detection and removal on the desktop/laptop clients and it works VERY well.

I thought that was new for version 7?

 

[Sielbear]

I am running ISA server 2000 at my office along with Websense. I have used both websense and surf control and I think both make a good product. I did have two problems with surf control - 1.) Users were not identified transparently in all circumstances. To ensure rules were enforced, I ended up entering IPs of the machines. 2.) Surf Control would stop the firewall service every 20 days or so.

The primary reasons we went with websense was to cut down on employee surf time and reduce spyware threats. During the evaluation period while websense was deactivated, web browsing increased 1200%. Crazy. As to spyware, I was spending hours removing spyware each month. I used GPs to deactivate the installer, removed local admin rights from users, and disabled all music, video, compressed, and executable file type downloads. Additionally, I filtered out P2P sharing, IM, IRC... you name it, it's gone. If a user were so inclined to use SSH tunneled over port 443, I can easily see the pattern from websense reporting capabilities and block that site.

Lastly, as to cost... it's just not an issue. For websense enterprise, along with 3 premium groups, cost was $36 / user annually. Thats nothing compared to the billable time of removing the spyware. Not to mention increased productivity of employees. Just my $0.25 worth...

 

[Boscoh]

Originally posted by: Brazen

Originally posted by: Boscoh
I've never used Trend Micro's proxy filtering server, but their OfficeScan Corporate Edition version 6.5 does include real-time spyware detection and removal on the desktop/laptop clients and it works VERY well.

I thought that was new for version 7?

Nope, 6.5 has it as well. However 7.0 has a greatly improved detection rate, especially as far as cookies go.