Spyware and LAN client-server maintenance

Not sure why you added the Win98 group to this, but here's my answer:

1. While Ad-Aware and Spybot are excellent apps, I don't recommend using them except as after-the-fact scanners. Any of their options that include real-time protection *may* cause problems. And Spybot's "Immunize" and other features besides simple scanning are also known to be potentially problematic. Whether your systems encounter these problems or not is pretty much a toss of the dice. What keeps *my* system clean is SpywareBlaster, along with the MVPS HOSTS file. You should also add CWShredder to your arsenal of scanners. For more info and links, see the Security article in my sig.

1. The amount of time required to restore an image is probably more, overall, than performing maintenance procedures. But the amount of "hands-on" time is much less. Restoring an image, you have a single operation to perform, and then you leave it until it's done. Running maintenance means running several operations that take anywhere from a few minutes to an hour or more, and while some things can be scripted, there are still a number of moments when operator input is required. And even then, you do not have a "known state". Assuming that you have no need to preserve anything that was added to the system after installation, the imaging method is the simplest and surest method of maintaining your lab machines.

I forget the name of the software product, but it allows you to set the machine up, so any changes made to the base image are lost after a reboot. Therefore, if a machine gets infected with spyware, just reboot it, and it's gone.

As long as the students save their work to a network drive, there shouldn't be any problems.

Matt Gibson - GSEC

Thanks for answering all the same. I wasn't sure where to ask this question.

Thanks again.

scripted,

Excellent. We can run stuff overnight when everyone's gone home, so if that's the only objection, then I think I have my answer.

Fran

I seem to remember HP making something like this -- one person demonstrating by deleting system files and then rebooting.

The cost of the licences might kill off this approach though.

Fran

spyware,

measurable

running

BHODemon can help you weed out unwanted "browser helper objects". Of course you could adopt the unpopular (among the students) policy to block all java and activeX activity with the firewall unless there is some very good reason that they must be available.

measurable

I'm pretty sure my school has a program like this. It might be some sort of extention for Ghost.

check out these forums, this is the place to go....

From: "FRAN"

| Our school has just recently taken delivery of a number of Dell PCs | (1.7 GHZ, 40GB HDD, 256 RAM) that are going to be running WINDOWS 2000 | NT NOS. Our system is set up so that our student users don't have | right-mouse outside of applications such as MS-Office. Students have no | right to alter "c:\\". | | We are going to ghost a machine and use that clone the image to the | remaining 20 systems. | | Students have access to the web (with some restrictions imposed by the | requyired filtering systems) but our principle problems are spyware, | and of course the ususal viruses, trojans and so forth. We are running | Symantec with live upadates for these latter, but we still get a lot of | problems with unwanted plug-ins (eg "whenusearch" attaching to | Explorer). | | A couple of questions come to mind. | | I'm considering installing Adaware, and Spybot S&D on the original | machine from which the ghost will be created. Are these the most | time-efficient, user-friendly and effective Malware products? | | Is reghosting from a pristine or defragged machine an adequate | maintenance alternative to defragmenting and disk clean up or are there | good reasons for going around and deleting unnecessary programs and | temp files before running scandisk and defrag better in some measurable | way? | | I'm trying to ensure I spend as little time fiddling as possible, | because, in practice time comes to us teachers in bits and pieces and | getting half way through a task and having to do something else is | quite common.

Fran:

All those News Groups and to most, you have posted Off Topic. What you posted has NOTHING to do with Win98 or FireWalls ! Not one of the News Groups was for a Win2K News Group or a Security News Group !

Ad-aware SE and SpyBot S&D are good choices !

Ghosting a source PC and Ghosting to the other platforms is an excellent idea. I use Symantec Ghost Enterprise in a corporate environment and it it is highly valuable in deploying and maintaininmg the platforms.

Before you Ghost the platform, make sure Win2K SP4 is installed, all MS Office Service Packs are installed and all MS Critical Updates are installed. Install Mozilla FireFox as the default browser and configure all aspects of software. When done copy the profile to the Default User profile. Then make your clone. When you get down do, there is no need to worry about defragging prior to a Ghost image or after restoring a Ghost image. Defragging is the LEAST of your worries and shouldn't be a consideration at all.

Software that returns a computer to 'original state on a boot is Go-Back from Symantec.

For cleaning the computers, try Microsoft's AntiSpyware Beta. It runs in the background and updates automatically.

1) I don't know who or why someone said hands on maintince is eaiser or takes less time than a image restore, but they are full of crap. I'd rather reload from an image that try to remove spyware anyday.

2) Create the first OS. get it setup exactly the way you want, then use sysprep to prepare the image for cloning.

3) There are several products available for cloning discs, Ghost the most popular, I prefer Acronis True image.

4) The product you really need is Deep Freeze. ANY changes to the OS and filesystem are lost after a reboot. It is probally somewhat expensive, BUT, it really saves on the TCO. You will have no need for any Spyware or AntiVirus software. They also offer an educational package discount.

Fran probably added win98 group because there are a lot of smart people in this group.

: > We are going to ghost a machine and use that clone the image to the : > remaining 20 systems. : >

: > Students have access to the web (with some restrictions imposed by the : > requyired filtering systems) but our principle problems are spyware, : > and of course the ususal viruses, trojans and so forth. We are running : > Symantec with live upadates for these latter, but we still get a lot : of : > problems with unwanted plug-ins (eg "whenusearch" attaching to : > Explorer). : >

: > A couple of questions come to mind. : >

: > I'm considering installing Adaware, and Spybot S&D on the original : > machine from which the ghost will be created. Are these the most : > time-efficient, user-friendly and effective Malware products? : >

: > Is reghosting from a pristine or defragged machine an adequate : > maintenance alternative to defragmenting and disk clean up or are : there : > good reasons for going around and deleting unnecessary programs and : > temp files before running scandisk and defrag better in some : measurable : > way? : >

: > I'm trying to ensure I spend as little time fiddling as possible, : > because, in practice time comes to us teachers in bits and pieces and : > getting half way through a task and having to do something else is : > quite common. : >

:

--- everyone seems to want to access my system for some reason Wallwatcher.exe is okay -- will have to deal with Commercial Keylogger potential in XP PRO. of NTFS - D: drive when I return thanks and sorry I have been super busy -- and no I am not trying to hijack thread -- everyone else can disregard this information -- sorry for the inconvience but e-mail acting up and one e-mail account compromised -- must tighten security protocols on email and change all passwords in XPPRO. when it is fixed-- worst case -complete format and reinstall of XP PRO. TIA for all of your help>

GoBack is fantastic in 98SE for me. I will use Antispyware Beta from Microsoft to try and fix my Commerical keylogger in XPPRO.

: > We are going to ghost a machine and use that clone the image to the : > remaining 20 systems. : >

: > Students have access to the web (with some restrictions imposed by the : > requyired filtering systems) but our principle problems are spyware, : > and of course the ususal viruses, trojans and so forth. We are running : > Symantec with live upadates for these latter, but we still get a lot of : > problems with unwanted plug-ins (eg "whenusearch" attaching to : > Explorer). : >

: > A couple of questions come to mind. : >

: > I'm considering installing Adaware, and Spybot S&D on the original : > machine from which the ghost will be created. Are these the most : > time-efficient, user-friendly and effective Malware products? : >

: > Is reghosting from a pristine or defragged machine an adequate : > maintenance alternative to defragmenting and disk clean up or are there : > good reasons for going around and deleting unnecessary programs and : > temp files before running scandisk and defrag better in some measurable : > way? : >

: > I'm trying to ensure I spend as little time fiddling as possible, : > because, in practice time comes to us teachers in bits and pieces and : > getting half way through a task and having to do something else is : > quite common. : >

: :

Hard Drive Sheriff is one...

Jeff

since you seem to be an aol user -- just seeing that makes me doubt your credibility since imo AOL sucks and takes over your computer

You do have some valid points and I do appreciate your post even though I say again that it is critical to dump AOL as soon as possible because imo it takes over your computer and does not allow Microsoft to rule your computer which actually is very important as you may find out someday.

Thank you and Go-Back is great and I now use Microsoft's AntiSpyware Beta which I also consider to be GREAT. Grrrreat as Tony the Tiger from Kellogs cereal says LOL!!

: > We are going to ghost a machine and use that clone the image to the : > remaining 20 systems. : >

: > Students have access to the web (with some restrictions imposed by the : > requyired filtering systems) but our principle problems are spyware, : > and of course the ususal viruses, trojans and so forth. We are running : > Symantec with live upadates for these latter, but we still get a lot of : > problems with unwanted plug-ins (eg "whenusearch" attaching to : > Explorer). : >

: > A couple of questions come to mind. : >

: > I'm considering installing Adaware, and Spybot S&D on the original : > machine from which the ghost will be created. Are these the most : > time-efficient, user-friendly and effective Malware products? : >

: > Is reghosting from a pristine or defragged machine an adequate : > maintenance alternative to defragmenting and disk clean up or are there : > good reasons for going around and deleting unnecessary programs and : > temp files before running scandisk and defrag better in some measurable : > way? : >

: > I'm trying to ensure I spend as little time fiddling as possible, : > because, in practice time comes to us teachers in bits and pieces and : > getting half way through a task and having to do something else is : > quite common. : >

: :

install firefox and deny access to internet explorer

spyware,

Thanks

A fair few people recommend I do this, but my school's policy on the browser is determined by the state's education body (DET) which is to use IE.

I'm not sure whether this is a purely commercial arrangement or justified by the desire for surveillance and control of Internet access, but it's a requirement.

Personally, I'd like to go the LINUX route, but that's just not going to be permitted.

Fran