| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: uberhax at gmail.com (hax) Subject: Tools for checking for presence of adware remotely While I don't know of any specific tools that can check for spyware remotely, it should be possible to use some basic network techniques to check: 1) Check for known spyware related http requests. Most spyware seems to change IE's startup page, for example, if a blacklist was to be formed for spyware sites, anyone's box going to them could be flagged as potentially infected. 2) Configure SNMP. Under most versions of Windows, you can run some type of SNMP server. This could be used to remotely check what processes are running, and probably be configured to dump out registry key settings. Because thats how most spyware is detected anyway, that'd be a good way to find it. Of course, finding signatures might be a bit more difficult, as the major anti-spyware vendors seem to have their own ways of doing it. 3) Install something like Adaware (which you can run on the commandline) and write a logon script for your users that scans/cleans in the background. I'm no Windows admin, but I think that can all be done remotely by the PDC. Although I haven't had the joy of trying to implement such solutions yet, that's my take on the best approach. Let us know what you find --hax
Powered by blists - more mailing lists