anti malware

I can't remember where the setting was, but it at least used to be available somewhere in the config menus back when I still tried to use FF, before IE7. Never used Noscript myself. Don't even know if it existed then, browser exploits and shit weren't as common in those days.

Maybe they removed it, I dunno. I don't bother with FF anymore, IE does everything I need and it is faster and more responsive than FF on the things I care about so...

 

Adobe needs to die. Their shit is shit, and they don't even update it properly either.

 

Not possible. Unfortunately in my companies industry, we have a mix of AD controlled domain computers, and personally owned laptops/desktops with wildly varying OS's in the same environment. I have to be able to compensate for users own laptops that can't join a domain, can't change OS's, can't make major changes to etc.

 

Then your only real options are endpoint firewall & web filter based. Have you looked at the Barracuda webfilter/spyware box? Surfcontrol is decent too as is that free one DansGuardian. Basically you're going to have to route everything through a proxy that only allows connection to known safe sites. You could even try this with OpenDNS if you have dhcp foe all the clients and static ips for external.

 

Well the next problem is that we have 8 offices, each having their own cable internet. There's a decent amount of web traffic in each office and there's no way I can justify dedicated T1+ links between the offices to the head office to centralize the web traffic, and they wouldn't pay for endpoint protection for all 8 offices either. I have office-to-office VPN links but no way I would route all web traffic over them. Cheaper just dealing with the issues as they arise.

 

Untangle is free & includes a good web filter. It's best run on a low-end dedicated box, but there is an XP version (called re-router) that works well so long as you have a dumb router that doesn't block ip spoofing from your LAN.

You could easily install the dedicated version on some old boxes and put one at each site. You'll need dual NICs, but they can be configured and monitored via https and have many good features. I dropped mu checkpoint VPN-1 fw & barracuda for untangle two years ago and it's been great.

 

I'll check that out thanks.

 

Does anyone have links to this type of malware site? Preferably a "test your vulnerability" site, but I'll take the real thing too. I'd like to see how good my security is.

 

Malo,

Why's your company still relying on IE6? It's obsolete and being phased out faster and faster by basically everyone important. Does MS even release security updates for it? Even if they do, they won't do it forever. IE6 is already causing you problems, it's just going to get worse from here on out, never better.

Yes, switching to something else is going to cost you people money, but it will cost you even more money in the future when the need to switch away from IE has become so imperative that it just can't wait any longer. So simply bite the bullet and migrate away from that junk. It's nearly a decade old by now, what other piece of software are you using that is THAT old? ...Well, other than winxp, I mean.

It's been known for years that IE6 is baaaaaaad. Holding on to it is just going to give you people a lot of grief and unneccessary work. But sure, don't do anything now, or in a year, or two. Just keep on the way you're going, and then one day when you've been haxed in a major way, your company secrets stolen, your databases trashed, rootkit malware on your workstations and so on... Well, just remember it could all have been avoided.

 

Thanks! no shady sites haha, just torrent sites to watch tv shows that I missed etc. I try to update my comp. as much as possible with symantic live update. I guess I need better virus protection

 

I didn't say IE6, I said IE. Many sites run by companies serving our industry require IE 7 or 8.

 

Maybe put the link in a spoiler tag in case of casual clicking from users?

 

Heh, many public torrent sites, ARE a bit shady. I've had a few of the popular ones (piratebay, isohunt, etc.) redirect to sites that attempted to inject malware including the one mentioned in this thread.

Regards,
SB

 

Great news!

 

Interesting Lifehacker post today about security, viruses: http://lifehacker.com/5559102/micro...ds-unknown-malware-but-avoids-false-positives


Looks like Microsoft Security Essentials works out pretty well. Another interesting product linked is this: http://secunia.com/vulnerability_scanning/personal/. Basically it lets you know when your software is out of date. I might try it out. For one, I can turn off the multitude of update notifications that individual apps send out in various manners. That in itself would be nice, to stay with a unified notification.

 

the trouble is that their source for performance data changes dramatically every time the report is issued. Kaspersky was near dead last two report cycles ago, etc. Anti-malware software never catches more than about 70% so it's not a complete solution IMHO.