Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Securing Client PC's

Posted on 2006-11-23
Medium Priority
Last Modified: 2010-04-11

We will shortly be moving to an web-banking application in our office, and I'd like to make sure our PC's are as secure as possible. The application itself is secure (SSL, secure authentication methods etc), however I'm interested in people's views on the client machines themselves. We run anti-virus software and a PIX Firewall, but is Spyware a threat? For the moment, we run Ad-Aware on each PC every couple of weeks or so, but is there any application that can stop Spyware in real time? Or any other recommendation against keyloggers etc?

Many thanks in advance...
Question by:Dilan77
  • 3
  • 2
  • 2
  • +4
LVL 38

Accepted Solution

younghv earned 800 total points
ID: 18002852
Hi Dilan77,
Spyware - or any other 'malware' - is always a concern.

I run 3 spyware apps.

MS Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx) PLUS at least one of the following.

SpyBot S&D searches your harddisk for so-called spy- or adbots;

Systernals also has a 'rootkit revealer' program.
Give it a try: http://www.sysinternals.com/Utilities/RootkitRevealer.html

"SpyBot" has an 'immunization' feature that is updatable and is designed to stop spyware in real time.

I think the single biggest danger for Internet users is the unrestriction 'accept' settings for cookies.
The Default setting is to 'Always Accept' both First and Third party cookies.
We run a Group Policy that changes those settings to 'Prompt' for First and "Always Deny" for Third.

Good Luck,
LVL 97

Expert Comment

ID: 18003457
Greetings, Dilan77 !
>>but is there any application that can stop Spyware in real time?

Spy Sweeper will protect your computers from spyware in real time. It is considered the best at catching spyware.

>> Or any other recommendation against keyloggers etc?

No one antispyware catches all spyware.  You can run more than one antispyware tool on your computer.  You can use SpySweeper and Adaware.

To prevent spyware, do not visit any porn or ad websites. Do not click on any links or open attachments in emails that you do know.

Best wishes!

Assisted Solution

deadite earned 800 total points
ID: 18006050
If you are really concerned about individual workstation security, you will also want to run firewalls on them to monitor incoming and outgoing traffic.  However, the windows XP firewall will not work, bc it only monitors incoming traffic.  If you have a third party firewall, such as zone alarm (properly configured) it will only allow outgoing traffic that you specify, and can further reduce the impact of spyware viruses, etc.

Spybot will detect some keyloggers, and most likely your AV package will detect some.  In fact, alot of anti-spyware programs will detect keyloggers in particular.  Again, some spyware programs differ in whether they can automatically scan, or if you must manually initiate it or use scheduled tasks to run them.

You can even do network security scans on your network using tools like Nessus, MSBSA, or NMAP

You can even hire 3rd parties that will do security analysis on your network by scanning it using utilities similar to the previous mentioned.

You can even implement Intrusion Detection Systems (IDS) which can be purchased (such as a Cisco IDS) or freely available ones such as Snort

You can even go insanely secure by having all your users use virtual desktops that do not have a permanent store.  If it does get infected, a simple reboot clears it.

Also, you should make sure you secure your network as much as possible at your PIX firewall to protect your internal network.  If you can prevent items coming into your network at the edge, it will save you alot of time working on the internal client security (strictly by a means of cleaning up).  You may even want to implement a  IRP (incident response plan) and Disaster Recovery Plan.  There's alot of good articles on these if you do a simple search.  This way, if something does occur, you will have a laid out plan to follow and rectify the issue prior to it becoming an emergency.  For example, if you discover a computer with a trojan, your first step in the IRP is to disconnect it from the network.

Even if you secure your border at your firewall, there's still alot of unforseen risks internally.  What if someone brings an infected laptop and connects it to a port on your network?  Do you have port security on your switches?  Also, do not forget about wireless.  Let's say you have a neighbor with a wireless router (and their machine is infected).  Someone in your company has a wireless card turned on, connects to their wireless router and gets infected.  You gotta think about a few unforseen scenerios such as that.

Basically it comes down to the fact that there is no 1 single solution for security.  It often depends on having several different layers and methods (active and passive).  It depends on the level of security you want, your budget, and the level of support.  Hope this helps give you some insight.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.


Expert Comment

ID: 18006087
I just thought of a few more things...

If you are interested in detecting some wireless devices, you can hook a laptop up and install netstumbler on it (free). http://www.netstumbler.com/

Also, with Snort you can combine it with VLAN's on your network to instantly move infected machines to a quarantine VLAN.  I think it's an interesting idea that I once read about in a few articles.  I can't find the actual articles, but here's a brief one that mentions it:

Expert Comment

ID: 18009369
1.install green border on the PC for internet surfing virtual browser (Reset the browser any spyware kept in virtual session)
2.Barracuda networks web filter (Anti spyware and drive by spyware)
3.counterspy from sunbelt software (Spyware)
4.Pandagate or anti virus in transparant mode in front of server
5.Kerio firewall on all PC
6.Firewall with basic IDP in line
7.image all PCs and server with acroncis for fallback
8.rebuild the PCs that are having the banking software to ensure nothing on them to start or online scan using counterspy online and panda activescan
LVL 23

Expert Comment

by:Tim Holman
ID: 18014269
Addressing AV and Spyware alone is not going to be sufficient - if you're running a business-critical banking application, then there's a hell of a lot more you need to do - everything from physical security through to security policies and procedures need to be addressed.
Are you processing credit cards or confidential information?  Has the web app been pen tested?
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 18015711
Best practices are the cornerstone to client/employee PC's. M$ will finally (15 years too late) be implimenting best practices in Vista, most system admins have known about them for ages, yet completely ignore them.
http://nonadmin.editme.com/WhyNonAdmin  http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx
Best Practices, namely Least User Privilege, protects you from spy-ware and viri more than most commercial or free utilities. You should still run AV, but you won't need anti-spyware anymore.

Author Comment

ID: 18022900
Thanks everyone, I'm going through the various apps now and will provide feedback soon.

The web app has been pen tested and we won't be handling credit cards. It's a system whereby we can make payments to the bank...no confidential information as such is transmitted across the internet, the bank knows what to do with the info from the codes we put in. To anyone else, these codes don't mean anything.

Appreciate the help...

Author Comment

ID: 18036723
Thanks all...Ad-Aware and Spybot combination, along with Least User Privelege, and a SNORT IDS system seem like what we're going to implement shorlty.
LVL 38

Expert Comment

ID: 18036894
Thanks Dilan77.
LVL 38

Expert Comment

by:Rich Rumble
ID: 18036923
If you do implement LUP, you honestly won't need the Anti-Spyware tools, my wife hasn't had any spyware on her pc in years since I switched her, same with our PC's at work, 3000+ users with no more spyware, and we do scan for it just to be safe, which is also what you should do, so I'll remove my foot from my mouth shortly...

Author Comment

ID: 18036932
lol :)

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question