Flutterby™! : Busted!

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Busted!

2004-02-06 19:39:44.969264+00 by Dan Lyke 9 comments

The office I work in is not for the prudish. Our business is making sculptures of human bodies. Looking at porn on the web can be legitimate research. And we're in San Francisco, so it's not like any topic is off-limits for water cooler discussion.

Thus it was surprising this morning to discuver a shortcut to a porn site on the desktop this morning on one of our test machines; why would anyone be surfing the web out there? Go look at the cookie logs, discover lots of browsing around midnight thirty for the past few nights. Pretty obviously someone on the maintenance staff.

I have generally taken a casual approach to office security; as someone who knows how to circumvent security systems I've always pretty much believed that physical security is security, if someone gets in to the office they can get what they want off my hard drive.

Obviously that's a false assumption. When deleted off the desktop, the shortcut reappears slightly later. AdAware finds nothing. We've held off on the complete forensics on that machine 'til we show it to building management, but it's suddenly obvious that the casual web surfer, one who's not savvy enough to fire up Mozilla rather than IE or willing to run untrusted executables, could cause far more damage than the determined spy. It's time to start locking down the computers. Damn.

[ related topics: Sexual Culture Dan's Life Bay Area security Work, productivity and environment ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2004-02-06 20:16:23.893822+00 by: TheSHAD0W

http://security.kolla.de/

The most likely cause for this is a BHO, Browser Help Object. One of Spybot S&D's options is a BHO browser which will let you yank or disable them if you wish.

#Comment Re: made: 2004-02-06 20:24:27.824371+00 by: Diane Reese

I feel as if I've been in a dark hole for years: why didn't I know about AdAware and Spybot and the like? Just spent half an hour scouring this machine. Oops. Yeesh.

So. AdAware? Spybot? Both? Other? Discuss. (Sorry if I sound like an essay question, I'm in "make plans for college admissions visit back east with son" mode this week.)

#Comment Re: made: 2004-02-06 21:20:52.565694+00 by: dws

AdAware has a solid reputation. I've used it to cleanse several systems. It's an easy download and install. Dunno about Spybot, but SpyBan is one to avoid, at least judging by recent chatter.

#Comment Re: made: 2004-02-06 23:27:31.134875+00 by: Shawn

I've used AdAware, and concur with dws. Never used Spybot but I hear its name a lot (in that good way).

#Comment Re: made: 2004-02-07 05:03:19.84771+00 by: mkelley

I use AdAware on all of my clients' machines. Spybot is good too, but always use it after AdAware along with AVG Antivirus. All will keep your systems clean.

#Comment Re: made: 2004-02-07 06:10:50.509232+00 by: Diane Reese

Y'all recommend I pay the $27 to get the full version (which appears to shield from installing the spyware in the first place)? Does the full version do anything else worthwhile?

#Comment Re: made: 2004-02-07 19:39:45.085718+00 by: Shawn

In general I don't run any of that kind of software in the background (which is what AdAware will be doing if it is protecting you against installs). I always turn off stuff like AV Shield and incoming e-mail scanning with my Anti-Virus software (also AVG). I establish a security routine and scan all my stuff manually. So, no, I don't know that I'd recommend that option personally, but it's up to you.

I'd recommend paying purely in order to support the authors, though.

#Comment Re: made: 2004-02-08 01:04:24.1684+00 by: TheSHAD0W

Spybot S&D is more suited towards expert users, has more tools, and seems to find Trojans AdAware doesn't.

#Comment Re: made: 2004-02-08 01:47:07.585995+00 by: markd

And then I hug my Mac for not having to worry about any of this.