Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

Securing Client PC's


We will shortly be moving to an web-banking application in our office, and I'd like to make sure our PC's are as secure as possible. The application itself is secure (SSL, secure authentication methods etc), however I'm interested in people's views on the client machines themselves. We run anti-virus software and a PIX Firewall, but is Spyware a threat? For the moment, we run Ad-Aware on each PC every couple of weeks or so, but is there any application that can stop Spyware in real time? Or any other recommendation against keyloggers etc?

Many thanks in advance...
  • 3
  • 2
  • 2
  • +4
3 Solutions
Hi Dilan77,
Spyware - or any other 'malware' - is always a concern.

I run 3 spyware apps.

MS Defender ( PLUS at least one of the following.

SpyBot S&D searches your harddisk for so-called spy- or adbots;

Systernals also has a 'rootkit revealer' program.
Give it a try:

"SpyBot" has an 'immunization' feature that is updatable and is designed to stop spyware in real time.

I think the single biggest danger for Internet users is the unrestriction 'accept' settings for cookies.
The Default setting is to 'Always Accept' both First and Third party cookies.
We run a Group Policy that changes those settings to 'Prompt' for First and "Always Deny" for Third.

Good Luck,
Greetings, Dilan77 !
>>but is there any application that can stop Spyware in real time?

Spy Sweeper will protect your computers from spyware in real time. It is considered the best at catching spyware.

>> Or any other recommendation against keyloggers etc?

No one antispyware catches all spyware.  You can run more than one antispyware tool on your computer.  You can use SpySweeper and Adaware.

To prevent spyware, do not visit any porn or ad websites. Do not click on any links or open attachments in emails that you do know.

Best wishes!
If you are really concerned about individual workstation security, you will also want to run firewalls on them to monitor incoming and outgoing traffic.  However, the windows XP firewall will not work, bc it only monitors incoming traffic.  If you have a third party firewall, such as zone alarm (properly configured) it will only allow outgoing traffic that you specify, and can further reduce the impact of spyware viruses, etc.

Spybot will detect some keyloggers, and most likely your AV package will detect some.  In fact, alot of anti-spyware programs will detect keyloggers in particular.  Again, some spyware programs differ in whether they can automatically scan, or if you must manually initiate it or use scheduled tasks to run them.

You can even do network security scans on your network using tools like Nessus, MSBSA, or NMAP

You can even hire 3rd parties that will do security analysis on your network by scanning it using utilities similar to the previous mentioned.

You can even implement Intrusion Detection Systems (IDS) which can be purchased (such as a Cisco IDS) or freely available ones such as Snort

You can even go insanely secure by having all your users use virtual desktops that do not have a permanent store.  If it does get infected, a simple reboot clears it.

Also, you should make sure you secure your network as much as possible at your PIX firewall to protect your internal network.  If you can prevent items coming into your network at the edge, it will save you alot of time working on the internal client security (strictly by a means of cleaning up).  You may even want to implement a  IRP (incident response plan) and Disaster Recovery Plan.  There's alot of good articles on these if you do a simple search.  This way, if something does occur, you will have a laid out plan to follow and rectify the issue prior to it becoming an emergency.  For example, if you discover a computer with a trojan, your first step in the IRP is to disconnect it from the network.

Even if you secure your border at your firewall, there's still alot of unforseen risks internally.  What if someone brings an infected laptop and connects it to a port on your network?  Do you have port security on your switches?  Also, do not forget about wireless.  Let's say you have a neighbor with a wireless router (and their machine is infected).  Someone in your company has a wireless card turned on, connects to their wireless router and gets infected.  You gotta think about a few unforseen scenerios such as that.

Basically it comes down to the fact that there is no 1 single solution for security.  It often depends on having several different layers and methods (active and passive).  It depends on the level of security you want, your budget, and the level of support.  Hope this helps give you some insight.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

I just thought of a few more things...

If you are interested in detecting some wireless devices, you can hook a laptop up and install netstumbler on it (free).

Also, with Snort you can combine it with VLAN's on your network to instantly move infected machines to a quarantine VLAN.  I think it's an interesting idea that I once read about in a few articles.  I can't find the actual articles, but here's a brief one that mentions it:
1.install green border on the PC for internet surfing virtual browser (Reset the browser any spyware kept in virtual session)
2.Barracuda networks web filter (Anti spyware and drive by spyware)
3.counterspy from sunbelt software (Spyware)
4.Pandagate or anti virus in transparant mode in front of server
5.Kerio firewall on all PC
6.Firewall with basic IDP in line
7.image all PCs and server with acroncis for fallback
8.rebuild the PCs that are having the banking software to ensure nothing on them to start or online scan using counterspy online and panda activescan
Tim HolmanCommented:
Addressing AV and Spyware alone is not going to be sufficient - if you're running a business-critical banking application, then there's a hell of a lot more you need to do - everything from physical security through to security policies and procedures need to be addressed.
Are you processing credit cards or confidential information?  Has the web app been pen tested?
Rich RumbleSecurity SamuraiCommented:
Best practices are the cornerstone to client/employee PC's. M$ will finally (15 years too late) be implimenting best practices in Vista, most system admins have known about them for ages, yet completely ignore them.,1759,1891447,00.asp
Best Practices, namely Least User Privilege, protects you from spy-ware and viri more than most commercial or free utilities. You should still run AV, but you won't need anti-spyware anymore.
Dilan77Author Commented:
Thanks everyone, I'm going through the various apps now and will provide feedback soon.

The web app has been pen tested and we won't be handling credit cards. It's a system whereby we can make payments to the confidential information as such is transmitted across the internet, the bank knows what to do with the info from the codes we put in. To anyone else, these codes don't mean anything.

Appreciate the help...
Dilan77Author Commented:
Thanks all...Ad-Aware and Spybot combination, along with Least User Privelege, and a SNORT IDS system seem like what we're going to implement shorlty.
Thanks Dilan77.
Rich RumbleSecurity SamuraiCommented:
If you do implement LUP, you honestly won't need the Anti-Spyware tools, my wife hasn't had any spyware on her pc in years since I switched her, same with our PC's at work, 3000+ users with no more spyware, and we do scan for it just to be safe, which is also what you should do, so I'll remove my foot from my mouth shortly...
Dilan77Author Commented:
lol :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now