SMS from Microsoft also offers dynamic creation of groups based on a SQL
queries. These queries can be for either hardware configuration of the
system, software configuration or a combination of both.
Additionally, SMS can be used for uninstallation of programs as well.
Thanks
Rohit Dube
- http://www.prasar.org - come join the cause of silicosis victims,help
them get justice -
-----Original Message-----
From: Jordan Wiseman [mailto:Jordan_Wiseman (at) Valleymed (dot) org [email concealed]]
Sent: Friday, October 01, 2004 4:33 AM
To: James Baird; Mark Acker; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Not a bad solution...however, not all programs are actually required to
register themselves in the same place in the registry. Although best
practice states that programs SHOULD use certain parts of the registry
for certain information, there is no real enforcement of this within the
OS. The best case scenario would be if every program (according to MS
anyway) used the MSI framework to install. Then you have a central
location to query and control all the installed software...but as we all
know, not everyone uses MSI.
As for a system that can automatically detect and respond to specific
changes in the software environment; I know of one that I have actually
used: Inuit's Track-It! Deploy
(http://itsolutions.intuit.com/Deploy.asp). This is a commercial
application unfortunately, but it can do what you require.
TIDeploy is (at first glace) a software distribution system but it has a
unique ability (in my experience with software push technology) in that
you can create "dynamic groups" of workstations based on some common
elements (software, hardware, etc) that the machines will ADD THEMSELVES
TO on the fly. Basically, it can do this:
1) you create group based on existence of "bad" software
2) machine checks in with server and sees new group
3) machine add self to group
4) group configured to receive "removal" app
5) "bad" app removed
6) machine no longer qualified for new group and removes self
Anyway, aside from that, you could author a script that reads in a list
of "bad" software from a configuration file and searches the machines
for its presence...not necessarily quick or elegant if there is a big
list, but free and doable;)
Jordan
-----Original Message-----
From: James Baird [mailto:jbaird (at) rollins (dot) com [email concealed]]
Sent: Monday, September 27, 2004 12:32 PM
To: 'Mark Acker'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Windows XP has a feature to restore a system to the "previous"
configuration...
A while ago, I was part of a team to look for a product to replace SMS
in a rather large, distributed Windoze environment, and we stumbled on
Marimba, which makes a claim to do as you requested in your note. Of
course, Marimba is a commercial product, and using that method with XP
would be hard to manage over a large distributed environment...
I just had this thought...although it might take a great deal of
testing...You may be able to lock down that portion of the registry that
is required to register new programs on a system. Set permissions to
read-only for those local users (assuming that they are not using the
Administrator account to log on).
jb
-----Original Message-----
From: Mark Acker [mailto:markacker (at) yahoo (dot) com [email concealed]]
Sent: Wednesday, September 22, 2004 10:20 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Is there a way to take one of these tools and go a step farther? Say
for example, one has a corporate image and installing other software is
"frowned upon."
Could one take one tool or another, use it to discover that rogue apps
are installed, then automatically uninstall it? Essentially, establish
baseline-->audit-->remove unauthorized software.
Come on Harlan, there has to be a Perl script out there, eh? ;)
--- Dennis Bauer <dbauer (at) Mines (dot) EDU [email concealed]> wrote:
> Here is one that I have used it will report anything that is installed
> on the machine.
>
>
http://www.knowledgeleader.com/iafreewebsite.nsf/content/InternalAuditto
olsa
> ndresources?OpenDocument
>
> -----Original Message-----
> From: Schalk van der Merwe
> [mailto:Schalk.vanderMerwe (at) saoutsourcing (dot) com [email concealed]]
> Sent: Monday, September 20, 2004 10:14 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Application sniffer
>
> Dear All;
>
> I am looking for a tool that could scan a network and give a report on
> installed applications. We have a large developer wing and the guys
> are installing all sorts of applications on the PC. Does anyone know
> of something that can do this?
>
>
>
> Kind Regards
> Schalk vd Merwe
>
> SA Outsourcing Pty.(Ltd)
> Work: 011 506 8600
> Fax: 011 506 8666
>
>
>
> SA Outsourcing (PTY) LTD
> For support email support (at) saoutsourcing (dot) com [email concealed] or call
> 0861 7877678.
> Disclaimer: This message contains information that may be privileged
> or confidential and is the property of the SA Outsourcing (PTY) LTD.
> It is only intended for the person to whom it is addressed. If you are
> not the intended recipient, you are not authorized to read, print,
> retain, copy disseminate, distribute, or use this message or any part
> thereof.
> If you receive this
> message in error,please notify the sender immediately and delete all
> copies of this message.
>
>
------------------------------------------------------------------------
DISCLAIMER:
This message is confidential, intended only for the named recipient(s)
and may contain information that is privileged or exempt from disclosure
under applicable law. If you are not the intended recipient(s), you are
notified that the dissemination, distribution or copying of this
information is strictly prohibited. If you received this message in
error, please notify the sender then delete this message.
queries. These queries can be for either hardware configuration of the
system, software configuration or a combination of both.
Additionally, SMS can be used for uninstallation of programs as well.
Thanks
Rohit Dube
- http://www.prasar.org - come join the cause of silicosis victims,help
them get justice -
-----Original Message-----
From: Jordan Wiseman [mailto:Jordan_Wiseman (at) Valleymed (dot) org [email concealed]]
Sent: Friday, October 01, 2004 4:33 AM
To: James Baird; Mark Acker; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Not a bad solution...however, not all programs are actually required to
register themselves in the same place in the registry. Although best
practice states that programs SHOULD use certain parts of the registry
for certain information, there is no real enforcement of this within the
OS. The best case scenario would be if every program (according to MS
anyway) used the MSI framework to install. Then you have a central
location to query and control all the installed software...but as we all
know, not everyone uses MSI.
As for a system that can automatically detect and respond to specific
changes in the software environment; I know of one that I have actually
used: Inuit's Track-It! Deploy
(http://itsolutions.intuit.com/Deploy.asp). This is a commercial
application unfortunately, but it can do what you require.
TIDeploy is (at first glace) a software distribution system but it has a
unique ability (in my experience with software push technology) in that
you can create "dynamic groups" of workstations based on some common
elements (software, hardware, etc) that the machines will ADD THEMSELVES
TO on the fly. Basically, it can do this:
1) you create group based on existence of "bad" software
2) machine checks in with server and sees new group
3) machine add self to group
4) group configured to receive "removal" app
5) "bad" app removed
6) machine no longer qualified for new group and removes self
Anyway, aside from that, you could author a script that reads in a list
of "bad" software from a configuration file and searches the machines
for its presence...not necessarily quick or elegant if there is a big
list, but free and doable;)
Jordan
-----Original Message-----
From: James Baird [mailto:jbaird (at) rollins (dot) com [email concealed]]
Sent: Monday, September 27, 2004 12:32 PM
To: 'Mark Acker'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Windows XP has a feature to restore a system to the "previous"
configuration...
A while ago, I was part of a team to look for a product to replace SMS
in a rather large, distributed Windoze environment, and we stumbled on
Marimba, which makes a claim to do as you requested in your note. Of
course, Marimba is a commercial product, and using that method with XP
would be hard to manage over a large distributed environment...
I just had this thought...although it might take a great deal of
testing...You may be able to lock down that portion of the registry that
is required to register new programs on a system. Set permissions to
read-only for those local users (assuming that they are not using the
Administrator account to log on).
jb
-----Original Message-----
From: Mark Acker [mailto:markacker (at) yahoo (dot) com [email concealed]]
Sent: Wednesday, September 22, 2004 10:20 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Application sniffer-next step
Is there a way to take one of these tools and go a step farther? Say
for example, one has a corporate image and installing other software is
"frowned upon."
Could one take one tool or another, use it to discover that rogue apps
are installed, then automatically uninstall it? Essentially, establish
baseline-->audit-->remove unauthorized software.
Come on Harlan, there has to be a Perl script out there, eh? ;)
--- Dennis Bauer <dbauer (at) Mines (dot) EDU [email concealed]> wrote:
> Here is one that I have used it will report anything that is installed
> on the machine.
>
>
http://www.knowledgeleader.com/iafreewebsite.nsf/content/InternalAuditto
olsa
> ndresources?OpenDocument
>
> -----Original Message-----
> From: Schalk van der Merwe
> [mailto:Schalk.vanderMerwe (at) saoutsourcing (dot) com [email concealed]]
> Sent: Monday, September 20, 2004 10:14 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Application sniffer
>
> Dear All;
>
> I am looking for a tool that could scan a network and give a report on
> installed applications. We have a large developer wing and the guys
> are installing all sorts of applications on the PC. Does anyone know
> of something that can do this?
>
>
>
> Kind Regards
> Schalk vd Merwe
>
> SA Outsourcing Pty.(Ltd)
> Work: 011 506 8600
> Fax: 011 506 8666
>
>
>
> SA Outsourcing (PTY) LTD
> For support email support (at) saoutsourcing (dot) com [email concealed] or call
> 0861 7877678.
> Disclaimer: This message contains information that may be privileged
> or confidential and is the property of the SA Outsourcing (PTY) LTD.
> It is only intended for the person to whom it is addressed. If you are
> not the intended recipient, you are not authorized to read, print,
> retain, copy disseminate, distribute, or use this message or any part
> thereof.
> If you receive this
> message in error,please notify the sender immediately and delete all
> copies of this message.
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
>
>
>
>
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
DISCLAIMER:
This message is confidential, intended only for the named recipient(s)
and may contain information that is privileged or exempt from disclosure
under applicable law. If you are not the intended recipient(s), you are
notified that the dissemination, distribution or copying of this
information is strictly prohibited. If you received this message in
error, please notify the sender then delete this message.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]