RE: [ActiveDir] OT:spyware

[Shadow Roldan]

Here’s what we do   When we detect a user has become infested with spyware we 1st   Use a combination of Spybot S&D, Lavasoft AdAware, and Hijaack this until we are sure the machine is clean   Then, depending on the kind of user, we either threaten to or just take away their local admin privileges (this seems to stop at least some stuff from being installed)   For particularly troublesome users, I install TeaTimer, remove shortcuts to IE, and force them to use FireFox.   That’s just us!     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kern, Tom Sent: Wednesday, September 29, 2004 1:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT:spyware   Lately I my users have been plagued with spyware and adware. What do you guys do to fight this? Can Spybot be pushed out as an msi via a gpo? Or ad-aware? Should I set the killbit on all the local active x controls? Should I prevent active x and _javascript_ing in IE thru a gpo?   I’m running win2k/xp clients, but mostly win2k.   Finally, when you get a worm or a virus that writes to the hklm\software\microsoft\windows\currentversion\run key, does the worm/virus run under the user’s security context? Meaning, if the user is just a local user and thus has no privileges to write to those keys, shouldn’t the worm or virus not be able to as well?   Thanks and sorry for the deluge of questions, OT as they are.