Hi erez,
That sounds like something nice to have but in real life, it's too
difficult to implement such strategy... it's something that we want but we
can't have. Zonealarm sounds like a HPS to me which is not feasible cos
there are too much restrictions and our env is too dynamic to have a "clean"
template for all. As for the white list approach, it's entirely not possible
in our env too... anyway, thanks for the suggestions.
Regards.
-----Original Message-----
From: Erez Shtang (NEW) [mailto:erezsht (at) netvision.net (dot) il [email concealed]]
Sent: Tuesday, November 23, 2004 3:57 AM
To: 'Charles Ong'; 'Steve McNamara'; 'Patrick Jordan';
focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Hi Charles,
If u are looking for a desktop solution then a product such as Zonelabs
Integrity will do the work,
Its centrally managed and its actuall a ZoneAlarm application firewall for
organizations which is also centrally managed,
The way it can be utilized for your needs is : your define a clean computer
as a template then u scan it with the tools that zonelabs provide,
Not that u have a clean template in the centrally managed database
All the managed desktops will only allow apps that in the clean list to
execute and connect to resources on the net.
THUS; addware and spyware will not be able to connect to no place
This is a good approach to security - defining a white list of apps,
If u are looking for a centrally managed gateway, solution.
Then :
1. Check Point NG with application intelligence can
control IM traffic in a granular way:
i.e. allow chat, do not allow file transfer in MSN..
Also: defining your own list of black listed user-agents
so the firewall will dynamically block such agents.
2. using login scripts that cleanup computers
at login is also a nice way to approach this,
3. a good proxy server for http will also complement the work,
i.e. isa 2004 proxy with add-ons from their partners to
perform anti av, and so on..
header filtering , file type filtering etc..
I think that if u wanna use a solution that will do the work then zonelabs
is the way to go. (now a part of check point) the approach is more global -
not specifically for spyware thus u get more value and flexebility.
since its not based on an accumulated spyware database that constantly needs
to be updated, rather it uses a white list approach, i.e. what I approved
will work and anything else will not work.
That's all from me: (erez)
a former Check Point Security Consultant (and amployee).
________________________________
-----Original Message-----
From: Charles Ong [mailto:ocharles2004 (at) yahoo.com (dot) sg [email concealed]]
Sent: Friday, November 19, 2004 06:53
To: 'Steve McNamara'; 'Patrick Jordan'; focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Can it block unknown viruses too? Based on what I am using now, Finjan is
able to stop IM p2p and tunneling too... I am now using Finjan to block
AOL/ICQ, hotmail but allow only yahoo... ;)
-----Original Message-----
From: Steve McNamara [mailto:Steve.McNamara (at) ealaddin (dot) com [email concealed]]
Sent: Friday, November 19, 2004 12:26 AM
To: Patrick Jordan; focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Pat,
I work for a company that sells a product called esafe. This
product blocks adware and spyware at the gateway level. Also, it blocks
P2P, IM, and tunneling. Even though, I work for the company I believe
the product is the best out their for content filtering.
-----Original Message-----
From: Patrick Jordan [mailto:patrick_jordan2003 (at) yahoo (dot) com [email concealed]]
Sent: Tuesday, November 16, 2004 10:51 PM
To: focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: Manageable Spyware Solutions?
Has anyone found an antispyware product that is
centrally manageable,
doesn't chew up crazy levels of resources (on server
and client), and is
still highly efficient at catching latest spyware /
malware variants?
We've tried a couple of the products from early
entrants in this area,
but they've been pretty unimpressive - but manually
running Spybot /
Ad-Aware combo on workstations also seems a losing
proposition.
Have a feeling this topic has already been done &
dusted, but any
thoughts much appreciated ....
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
That sounds like something nice to have but in real life, it's too
difficult to implement such strategy... it's something that we want but we
can't have. Zonealarm sounds like a HPS to me which is not feasible cos
there are too much restrictions and our env is too dynamic to have a "clean"
template for all. As for the white list approach, it's entirely not possible
in our env too... anyway, thanks for the suggestions.
Regards.
-----Original Message-----
From: Erez Shtang (NEW) [mailto:erezsht (at) netvision.net (dot) il [email concealed]]
Sent: Tuesday, November 23, 2004 3:57 AM
To: 'Charles Ong'; 'Steve McNamara'; 'Patrick Jordan';
focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Hi Charles,
If u are looking for a desktop solution then a product such as Zonelabs
Integrity will do the work,
Its centrally managed and its actuall a ZoneAlarm application firewall for
organizations which is also centrally managed,
The way it can be utilized for your needs is : your define a clean computer
as a template then u scan it with the tools that zonelabs provide,
Not that u have a clean template in the centrally managed database
All the managed desktops will only allow apps that in the clean list to
execute and connect to resources on the net.
THUS; addware and spyware will not be able to connect to no place
This is a good approach to security - defining a white list of apps,
If u are looking for a centrally managed gateway, solution.
Then :
1. Check Point NG with application intelligence can
control IM traffic in a granular way:
i.e. allow chat, do not allow file transfer in MSN..
Also: defining your own list of black listed user-agents
so the firewall will dynamically block such agents.
2. using login scripts that cleanup computers
at login is also a nice way to approach this,
3. a good proxy server for http will also complement the work,
i.e. isa 2004 proxy with add-ons from their partners to
perform anti av, and so on..
header filtering , file type filtering etc..
I think that if u wanna use a solution that will do the work then zonelabs
is the way to go. (now a part of check point) the approach is more global -
not specifically for spyware thus u get more value and flexebility.
since its not based on an accumulated spyware database that constantly needs
to be updated, rather it uses a white list approach, i.e. what I approved
will work and anything else will not work.
That's all from me: (erez)
a former Check Point Security Consultant (and amployee).
________________________________
-----Original Message-----
From: Charles Ong [mailto:ocharles2004 (at) yahoo.com (dot) sg [email concealed]]
Sent: Friday, November 19, 2004 06:53
To: 'Steve McNamara'; 'Patrick Jordan'; focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Can it block unknown viruses too? Based on what I am using now, Finjan is
able to stop IM p2p and tunneling too... I am now using Finjan to block
AOL/ICQ, hotmail but allow only yahoo... ;)
-----Original Message-----
From: Steve McNamara [mailto:Steve.McNamara (at) ealaddin (dot) com [email concealed]]
Sent: Friday, November 19, 2004 12:26 AM
To: Patrick Jordan; focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: RE: Manageable Spyware Solutions?
Pat,
I work for a company that sells a product called esafe. This
product blocks adware and spyware at the gateway level. Also, it blocks
P2P, IM, and tunneling. Even though, I work for the company I believe
the product is the best out their for content filtering.
-----Original Message-----
From: Patrick Jordan [mailto:patrick_jordan2003 (at) yahoo (dot) com [email concealed]]
Sent: Tuesday, November 16, 2004 10:51 PM
To: focus-virus (at) lists.securityfocus (dot) com [email concealed]
Subject: Manageable Spyware Solutions?
Has anyone found an antispyware product that is
centrally manageable,
doesn't chew up crazy levels of resources (on server
and client), and is
still highly efficient at catching latest spyware /
malware variants?
We've tried a couple of the products from early
entrants in this area,
but they've been pretty unimpressive - but manually
running Spybot /
Ad-Aware combo on workstations also seems a losing
proposition.
Have a feeling this topic has already been done &
dusted, but any
thoughts much appreciated ....
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/04
[ reply ]