Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Spyware and 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Spyware and 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Spyware and 2004 - 12.Jul.2004 5:38:00 PM   
BobW

 

Posts: 200
Joined: 27.Mar.2002
Status: offline 		I have yet to play with ISA 2004 in too much depth, but watching Tom's articles about stopping the ject viruse via http filtering made me wonder...

Can we use this ability to stop the auto installation of some Spyware?

Just a thought,
Bob

[ July 12, 2004, 05:44 PM: Message edited by: BobW ]
Post #: 1
RE: Spyware and 2004 - 13.Jul.2004 1:58:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bob,

I'll move this to the ISA 2004 section.

thanks!
Tom

(in reply to BobW)
Post #: 2
RE: Spyware and 2004 - 13.Jul.2004 11:19:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bob,

You bet! In fact, you can stop access to any Windows executable by putting a checkmark in the right checkbox. Cool!

HTH,
Tom

(in reply to BobW)
Post #: 3
RE: Spyware and 2004 - 13.Jul.2004 4:50:00 PM   
BobW

 

Posts: 200
Joined: 27.Mar.2002
Status: offline 		Sorry about having that in the wrong forum, old habits die slowly.....so does ISA 2000 I guess.

I am guessing that not all spyware is an exe, but from what I can see form your original article, we SHOULD be able block other installation types (activex?) as long as we can come up with appropriate signatures!

I, for one, am VERY excited about this as spyware is a serious pain.

Bob

(in reply to BobW)
Post #: 4
RE: Spyware and 2004 - 14.Jul.2004 12:34:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bob,

It doesn't have to be an .exe file. It just needs a certain hex value in a specific location of the firewall to indicate that its a Windows execuable. So the file can have any extension.

HTH,
Tom

(in reply to BobW)
Post #: 5
RE: Spyware and 2004 - 16.Jul.2004 9:04:00 AM   
FrankVerheggen

 

Posts: 24
Joined: 16.Jun.2004
From: The Netherlands
Status: offline 		Wouldn't it be much easier to just block the domains?

If I create a hosts file on the ISA server with the known addresses would that block the spyware from calling home/being installed?

I know there are some sample hosts files on the internet (I use them at home).

Frank

(in reply to BobW)
Post #: 6
RE: Spyware and 2004 - 16.Jul.2004 3:57:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Frank,

Use Domain Name Sets *not* hosts files. That method isn't very effective and not recommend unless you're a just trying to protect a home user on a hobbiest network.

HTH,
Tom

(in reply to BobW)
Post #: 7
RE: Spyware and 2004 - 16.Jul.2004 5:23:00 PM   
FrankVerheggen

 

Posts: 24
Joined: 16.Jun.2004
From: The Netherlands
Status: offline 		At home I am a hobby user [Wink]

(in reply to BobW)
Post #: 8
RE: Spyware and 2004 - 17.Jul.2004 2:43:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Frank,

OK, in that case, you can put the hosts file on your client machine. It doesn't scale very well with 10,000 clients [Big Grin]

Thanks!
Tom

(in reply to BobW)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Spyware and 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts