Link to home
Start Free TrialLog in
Avatar of BFanguy
BFanguyFlag for United States of America

asked on

Stop browser hijackers on windows 2003 terminal server

I am currently running Symantec Antivirus Corp Edition version 10 on a Windows 2003R2 Terminal Server.  no other spyware / defender running.  Twice now I have had a users session on the terminal server get infected with one of those "Personal Virus Protection look alikes that wants you to purchase their software to remove their malware.
What would be a good, low resource usage program that I can purchase that will stop these malware's / hijackers from getting on the terminal server from a terminal server session.
Avatar of gilget
gilget

well your best possible way to do this is dont allow IE to access the internet but only your local network on the terminal server.

but if you cant do this for some reason. you can get either www.spywareterminator.com or Spybot S&D (Opensource).
they both have a plugin that will real-time scan the registry for any suspicious thing happening.

personally i would suggest using spywareterminator, cause there the realtime scanner is more simple to understand and handle.
I prefer adaware from lavasoft or spysweeper from webroot
detection rate of lavasoft is not as good as it was once anymore.

;)
Get a web filter...websense is expensive, but OpenDNS is free...give that a try...
www.opendns.com it will also provide you with stats and the such...as easy as point your clients dns to their servers.
Avatar of BFanguy

ASKER

Thanks for the comments, but how do these work with Terminal Servers.  i.e. does it load into memory for each different user (sometime i have up to 50 users on one terminal server) or does it load once and monitor as each user accesses the internet.
Avatar of BFanguy

ASKER

peralesa,  i have cyblock as a proxy / web filter and they still get hijacked...
well, realy, I would not suggest on using the tools on your termianl sever, cause this has some disadvantages:

1. most of them will be loaded into memory per user
2. users might make a wrong decision on a question of those tools and then a service that you need gets dissallowed.

dont do this

is it realy no possibility for you to turn off INTERNET access on the terminal server?
why would they need it anyway? accessing the INTRANET should be enough, cause they can access the internet on their local machine.
Avatar of BFanguy

ASKER

no local machine access - thin clients.
ASKER CERTIFIED SOLUTION
Avatar of gilget
gilget

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BFanguy

ASKER

Thanks for the help
no offence.
i would realy realy suggest you to turn of INTERNET access. or to limit it to only websites that are realy needed.
if you just open the websites you know and that are trusted, then you should be fine too (not 100% but lets say 99.9%).

all the best
tiz