• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

How do you protect your users from themselves on the computer?

Jump to latest Follow Reply
ghen

ghen

Boss
Oct 14, 2009
260
2
First Name
call me Jason
#1
There's two basic things that you'll need to do to protect your users from themselves. First is to have an anti- product of some sort. Be it antivirus, antispyware, or both. Second, you need to protect them from the crazy wide open internet that will get them in trouble if a customer sees ;)

As an absolutely free solution to the second problem, I've switched my dealer group to OpenDNS. All you have to do is point your DNS server to them, set up a bunch of settings, and then start blocking categories. Its really easy to get around, but no one has figured it out yet!

Soon I'll be going to a more robust solution that involves a real gateway/firewall that will monitor all connections made and smartly block the ones I don't want and track individual PC's usage. Costs a ton of money though. bleh.

On individual PC's I've been using Symantec's Endpoint Protection, but at $11 per person when buying it over a certain number (150 licenses?) its a bit steep and doesn't protect against everything. I might end up switching this next year to something that keeps up more on the spyware front.
 
#3
@ghen - Hey ghen - what malware doesn't SEP prevent? Have any examples?. I've had SEP on ours for about 8 months now. 22 w/s-s. Before SEP at least 1-2 infections/baddies per week. Since - not one call. I check logs occassionally. I update continuously and I do a full deep scan every day. So far, so good. But what about SEP makes you unhappy? Care to share?

Note: in the latest AV effectiveness measurements, AVG (Free and Pro) scored disappointingly. See this article: AV-Comparatives - Independent Tests of Anti-Virus Software - Summary Reports

Thanks.

H
 
#4
ghen said:
There's two basic things that you'll need to do to protect your users from themselves. First is to have an anti- product of some sort. Be it antivirus, antispyware, or both. Second, you need to protect them from the crazy wide open internet that will get them in trouble if a customer sees ;)

As an absolutely free solution to the second problem, I've switched my dealer group to OpenDNS. All you have to do is point your DNS server to them, set up a bunch of settings, and then start blocking categories. Its really easy to get around, but no one has figured it out yet!

Soon I'll be going to a more robust solution that involves a real gateway/firewall that will monitor all connections made and smartly block the ones I don't want and track individual PC's usage. Costs a ton of money though. bleh.

On individual PC's I've been using Symantec's Endpoint Protection, but at $11 per person when buying it over a certain number (150 licenses?) its a bit steep and doesn't protect against everything. I might end up switching this next year to something that keeps up more on the spyware front.
Click to expand...

Websense works really well and isn't very expensive for web filtering. Like $20 per user a year or something I think.
 
#5
Yeah, my dealer group uses Websense and the group I was at prior to my current also used Websense.

Of course with the rise of social media, there is a divide between allowing the dealers/sales and service personnel access to social sites like facebook, twitter and even YouTube. I know we are currently testing out a few Social Media feature that Websense offers Defensio Security for the Social Web


Websense seems to be on the forefront of web security BUT I'll be straight and admit to not knowing a lot about this subject. I will say..from a user experience, Websense does seem to to take a toll on your bandwith.
 
#6
Hoib said:
@ghen - Hey ghen - what malware doesn't SEP prevent? Have any examples?. I've had SEP on ours for about 8 months now. 22 w/s-s. Before SEP at least 1-2 infections/baddies per week. Since - not one call. I check logs occassionally. I update continuously and I do a full deep scan every day. So far, so good. But what about SEP makes you unhappy? Care to share?

Note: in the latest AV effectiveness measurements, AVG (Free and Pro) scored disappointingly. See this article: AV-Comparatives - Independent Tests of Anti-Virus Software - Summary Reports

Thanks.

H
Click to expand...

Oh man, tons of 'em. I think the most recent was the AntispywareXP 2010 rogue anti-malware product. SEP didn't touch it. It hijacked IE, DNS, had popups from the system tray, disabled all the fun stuff like regedit and control panel, wouldn't let me install any commercial anti-spyware products by deleting their executables and dll's, forced the endpoint client to disable, etc.

ComboFix (if you know how to use it correctly) still cleaned it up, but endpoint didn't touch it.

edit: got another one today. Antivirus Live 2010
this one didn't stay resident in safe mode, so it was an easy clean.. but endpoint still didn't stop it.
 
Last edited:
#7
Wow! I haven't had a single incident of that <fill in the blank> crapware. The only thing we (I) may be doing differently (a guess) is I set SEP to update the pattern file "Continuously" thoughout the day/night. The logs I review haven't shown any activity - users haven't sounded a peep.

Now, I've fixed plenty of systems at my house from home users/customers with AV2010 and trojan variants though. These users don't have SEP, but use the normal range of AVG, McAfee, Kaspersky home products. (Anyone using a "free" version of these is just asking for it! -ed). Make sure you have the latest version of SEP mounted - 11.0.5 and keep checking the website for Maint Relses. One of the drawbacks here is that new relses have to manually installed un our "unmanaged" environment. There is some "down and dirtly" way to "script" perform the upgrades over the network but I haven't had time to sit down figure all that out.

So, all I can say is, thanks for the feedback and so far so good...

H


ghen said:
Oh man, tons of 'em. I think the most recent was the AntispywareXP 2010 rogue anti-malware product. SEP didn't touch it. It hijacked IE, DNS, had popups from the system tray, disabled all the fun stuff like regedit and control panel, wouldn't let me install any commercial anti-spyware products by deleting their executables and dll's, forced the endpoint client to disable, etc.

ComboFix (if you know how to use it correctly) still cleaned it up, but endpoint didn't touch it.

edit: got another one today. Antivirus Live 2010
this one didn't stay resident in safe mode, so it was an easy clean.. but endpoint still didn't stop it.
Click to expand...
 
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu