John Battles
asked on
Best Method for Preventing Spyware ? Besides Limiting Internet Usage
Here is situation. President of the company has a Windows 7 box that continually has loads of spyware. It gets to the point it creeps, email and internet get "not responding" messages and he becomes frustrated and tells me to "fix it". I usually run Malware Bytes MBAM (free version) and it finds alot of things, clean it up and he is fine for a few days/weeks.
We run a network version of Trend Small Business security that seems to detect and clean fairly well. Seems to be 3 or 4 people who end up with the spyware creep.
Any best method you guys can enlighten me on ?
We run a network version of Trend Small Business security that seems to detect and clean fairly well. Seems to be 3 or 4 people who end up with the spyware creep.
Any best method you guys can enlighten me on ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also see what a known "winfu master"* (black belt in windows security guy, a top security trainer/consultant) has to say at http://blog.win-fu.com/
* [Sami Laiho is one of the world's best Windows infrastructure trainers. Sami has been an MVP in Windows OS since 2011 and a member of the Microsoft STEP group (group of platinum MVP’s). ]
So what is my "shields up" defense if not an anti-malware solution and a firewall? Let’s first look at a list of my defensive measures:
No end user administrator rights – This is the most fundamental and important part. Even Microsoft documentation states that if you are running local administrative rights you can’t protect yourself.
Current OS – I’m running a 64-bit version of Windows 8.1 Enterprise that is fully up to date.
Unified Extensible Firmware Interface (UEFI) – I always run hardware that has UEFI and Secure Boot enabled.
Trusted Platform Module (TPM) – I always run hardware that has a TPM, either as a physical chip or as part of the firmware.
BitLocker – I always have hard disk encryption in place.
AppLocker – I only run whitelisted software. You can do this with Windows 8.1 Pro and Software Restriction Policies, but AppLocker in Windows 8.1 Enterprise is easier to administer.
IPsec – I only answer to devices I trust.
* [Sami Laiho is one of the world's best Windows infrastructure trainers. Sami has been an MVP in Windows OS since 2011 and a member of the Microsoft STEP group (group of platinum MVP’s). ]
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does he have admin rights to the machine? If so, taking those away may help a little though most malware/spyware circumvents those rights.
However, there is no guaranteed way to block everything. It really comes down to user training. If you get somebody that clicks on any old thing, they are going to continually have problems.
However, there is no guaranteed way to block everything. It really comes down to user training. If you get somebody that clicks on any old thing, they are going to continually have problems.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds promising, right? That's the concept of the built-in mechanisms "software restriction policies" (any edition but home) and its successor, applocker (only enterprise or ultimate editions have it).