Hi All

I am throwing myself at your mercy. I have a problem that I have been trying to solve for over a month.

My problem is with blocking web plugins from running in windows. All of the workstations run 2000 and there are two servers. One is the PDC and one is an isa server running in cache mode as a standalone server. In front of the server is a cisco pix firewall.

I have had several sypware and virus outbrakes where users have clicked yes on web plugins. I have been over the 2000 server policies with a fine tooth comb and have even created a new OU and aplied every lock down I can find but these still slip trough.

I am not even sure if ISA server can block these plugins as they all have diferent url's and .exe names.

If anyone has any ideas at all I would be truly greatfull if they would share them with me. I have seen a few articles on the web that talk about editing a reg. key but I dont fancy setting this up on 200+ workstations !!!

BTW...... Happy Christmas to all.

first, i would suggest you install all the standard plugins on all the workstations, or people will be coming after you with sharp pointy things. then, and this is the tricky part, have a meeting and TALK TO THE EMPLOYEES. tell them that the standard plugins are installed (after you have done so, naturally), and that if they need another one, they should come to IT personnel so it can be checked out first. its really amazing what conversation can do. of course, get spyware and virus software. www.trendmicro.com and http://security.kolla.de
however, you can just block all downloads, since to the best of my knowledge once its downloaded, the computer doesnt see it as any different from any other installation. this option would be a last resort.

Originally posted by redwench
first, i would suggest you install all the standard plugins on all the workstations, or people will be coming after you with sharp pointy things. then, and this is the tricky part, have a meeting and TALK TO THE EMPLOYEES. tell them that the standard plugins are installed (after you have done so, naturally), and that if they need another one, they should come to IT personnel so it can be checked out first. its really amazing what conversation can do. of course, get spyware and virus software. www.trendmicro.com and http://security.kolla.de
however, you can just block all downloads, since to the best of my knowledge once its downloaded, the computer doesnt see it as any different from any other installation. this option would be a last resort.

Hi Redwench

Its me that has been after the staff with sharp pionty things as I have spoken to them several times. It does no apear to stick in there brains !!! Maybee some one could write an app that shocks them with 10.000 volts when they click yes :)

None of the staff are able to download at the moment. I have blocked exe's and com's at the gateway but these poxy plug in apps seem to get in.

As for external apps, I tried that using adaware with ad-monitor but the users simply click allow :mad: :mad: :mad: :mad: :mad: :mad:

Thanks for the idea's though.

adaware is bleh. there is a spyware blaster available from kolla's site. it wont prevent all of them, but it will block some. give that one a try. and i dont see how youre getting all these viruses if you have windows updated and a running AV. and i would doubt those come from webplugins anyway. people generally surf large commercial sites at work, they dont give you virii.

of course, your company could institute a policy of charging the employee for IT time for virus and spyware removal, and repairs. that might get their attention :p

Originally posted by redwench
adaware is bleh. there is a spyware blaster available from kolla's site. it wont prevent all of them, but it will block some. give that one a try. and i dont see how youre getting all these viruses if you have windows updated and a running AV. and i would doubt those come from webplugins anyway. people generally surf large commercial sites at work, they dont give you virii.

of course, your company could institute a policy of charging the employee for IT time for virus and spyware removal, and repairs. that might get their attention :p

The problem apears to be from krack sites and the like. Usualy its "free porn" and toolbars. The trouble is that most of the users are doing web site reviews and cataloging so I cant block sites of that nature.

I do like the idea of charging them though :) :) :) :) I would have to take a small % for setting it up ;) ;) ;) ;)

Originally posted by Stuartbe
The problem apears to be from krack sites and the like. Usualy its "free porn" and toolbars. The trouble is that most of the users are doing web site reviews and cataloging so I cant block sites of that nature.


i wont ask why your company reviews and catalogs porn and illegal activity sites. i really wont.

on each workstation, put up a software firewall, install a resident antitrojan program, and a resident av program. i would still suggest you get the blocker from kollas site (its not his, he just links to it). you may begin the hunt.

http://security.kolla.de
http://www.diamondcs.com.au/
www.trendmicro.com

there are also a few online scans available if you should need them:
www.trojanscan.com
www.trendmicro.com

keep in mind that you dont need to install a plugin to get spyware or a virus from a site. cookies will do it. or clicking a link.

Originally posted by redwench
i wont ask why your company reviews and catalogs porn and illegal activity sites. i really wont.

on each workstation, put up a software firewall, install a resident antitrojan program, and a resident av program. i would still suggest you get the blocker from kollas site (its not his, he just links to it). you may begin the hunt.

http://security.kolla.de
http://www.diamondcs.com.au/
www.trendmicro.com

there are also a few online scans available if you should need them:
www.trojanscan.com
www.trendmicro.com

keep in mind that you dont need to install a plugin to get spyware or a virus from a site. cookies will do it. or clicking a link.


:) :) :) :) :) :) I think your getting the wrong idea about our company :) :) :)

We maintain site database's for web filtering software so we do have to visit dodgey sites.

The workstations are tight as a drum in terms of antivirus and all workstations have KPF running for aplication control.

The only time I ever get problems is with the plugins as they seem to bypass any firewall/proxy restrictions. I believe it may be due to them being active x scripts instead of normal apps.

Thanks for the sites BTW I will try a few of the spyware killers. One that runs as a system service in the background would be perfect.

Thanks Again......

filtering software?

KILL HIM!!!!!!!!

Originally posted by redwench
filtering software?

KILL HIM!!!!!!!!


:D :D :D :D :D Runs away with coat over his head :D :D :D :D :D