Re: [SLUG] Spyware Filtering

From: steve szmidt (steve@szmidt.org)
Date: Sun Mar 27 2005 - 12:12:04 EST

Next message: Andrew Watkins: "My wish to charitable organisation"
Previous message: Eric Jahn: "[SLUG] DMA doesn't seem to be be working, but everything looks aok..."
In reply to: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Next in thread: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Reply: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sunday 27 March 2005 11:13, Doug Koobs wrote:
> xcalibre said:
> > Spyware Gaurd!, Spybot Search and Destroy!, Ad-AwareSe!
> > McCrappy has one so does Snorton TrendMicro,
>
> Thanks for the wonderful suggestions :) but I meant something that runs on
> a Linux firewall or proxy, to protect the whole network...

This is a pretty tall order as you need to read everything coming in through
that port. How does a firewall tell the difference between a properly
formatted web page and one that contains the above?

There are very expensive solutions which learns what type of traffic is normal
and then can stop unusual activities. I think we're talking $10K.

I've not seen anything like that which is Open Source (well, since I last
looked).

Take a decent firewall. It has all but a few ports open. One of them is
usually the ability to browse the internet, port 80. Port 80 then becomes a
hole in the wall. Any traffic coming in on port 80 will be let through.

If you sit on a windoze box that means if you browse a site with criminal code
it will arrive at your windoze box. (Which I'm sure you already have
realized.)

Using a proxy is not bad as it will read what comes in and send you a newly
generated packet. The advantage is that it's following rules which are able
to tell if you have an exe f.ex. coming through. I've not seen anyone able to
spot spyware, but I must confess I've not looked at things like squid for
some time.

Application firewalls can tell what's going on on application level. These
beasts are massive compared to a normal firewall as it's quite a different
job to separate traffic on this level.

I googled and found a good page to read about this subject:
http://neworder.box.sk/newsread.php?newsid=2998

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: Andrew Watkins: "My wish to charitable organisation"
Previous message: Eric Jahn: "[SLUG] DMA doesn't seem to be be working, but everything looks aok..."
In reply to: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Next in thread: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Reply: Doug Koobs: "Re: [SLUG] Spyware Filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:21:45 EDT