Spyware protection for Windows terminal servers?

  • Thread starter Thread starter Scott Marquardt
  • Start date Start date
S

Scott Marquardt

Despite decent security (on Win2K3 servers), we still have spyware issues
on terminal servers. I'd be interested in hearing two things.

First, best practices using normal administration tools and practices for
avoiding as many spyware headaches as possible. I haven't seen any
literature with this in view. For example, is it safe to lock down some
areas of the registry? How about pre-loading the registry with specific
keys used by common spyware, and locking them down completely? Any guidance
on dealing with ActiveX issues?

Second, is there any software presently on the market with spyware in mind
-- something analogous to Trend's excellent suite for virus protection
(which we use)?

Trend will be adding spyware protection shortly, we anticipate. But I'd
like to field other prospects.
 
In my experience I've found that normal Terminal Server Users, with the TS in Full Security Mode, and only read & execute permissions to C:\ & C:\program files can't really install anything. It's also good to empty the Temporary Internef Files when IE closes to get rid of junk that users try to download & install

I guess they could try to install a program in their profile directory, but most users wouldn't know how to do this. I've had terminal servers (& 2000/Xp Pro workstations) running like this for years w/o any spyware getting installed.

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- Scott Marquardt wrote: ----

Despite decent security (on Win2K3 servers), we still have spyware issue
on terminal servers. I'd be interested in hearing two things

First, best practices using normal administration tools and practices fo
avoiding as many spyware headaches as possible. I haven't seen an
literature with this in view. For example, is it safe to lock down som
areas of the registry? How about pre-loading the registry with specifi
keys used by common spyware, and locking them down completely? Any guidanc
on dealing with ActiveX issues

Second, is there any software presently on the market with spyware in min
-- something analogous to Trend's excellent suite for virus protectio
(which we use)

Trend will be adding spyware protection shortly, we anticipate. But I'
like to field other prospects
 
Scott Marquardt said:
Despite decent security (on Win2K3 servers), we still have spyware issues
on terminal servers. I'd be interested in hearing two things.

First, best practices using normal administration tools and practices for
avoiding as many spyware headaches as possible. I haven't seen any
literature with this in view. For example, is it safe to lock down some
areas of the registry? How about pre-loading the registry with specific
keys used by common spyware, and locking them down completely? Any guidance
on dealing with ActiveX issues?

SpywareBlaster preloads the registry with items to block known bad Active-X
controls. I know nothing about servers so I don't know if SpywareBlaster
would be usable to you. Here is more info:
http://www.javacoolsoftware.com/spywareblaster.html

--Mike
 
Mike opined thusly on Apr 22:
SpywareBlaster preloads the registry with items to block known bad Active-X
controls. I know nothing about servers so I don't know if SpywareBlaster
would be usable to you. Here is more info:
http://www.javacoolsoftware.com/spywareblaster.html

Thank you -- yes, we've added SB's cookie and ActiveX killbits set to the
registry on these machines. There are a couple other lists available
on-line, and of course any such inoculations created by similar
applications can be copied out of the registry and applied to all machines
via script.

IMO, administration of this is a bit of a headache but probably practical.
It's a great first step.
 
Patrick Rouse [MVP] opined thusly on Apr 21:
In my experience I've found that normal Terminal Server Users,
with the TS in Full Security Mode, and only read & execute permissions to
C:\ & C:\program files can't really install anything.

Aaargh! I just noticed -- TERMINAL SERVER USER has bloomin' Modify.

D'oh! Good grief.

Well, I know THAT's not best practices. ;-)
 
Back
Top