Re: Antispyware and Solaris
- From: Logan Shaw <lshaw-usenet@xxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 06:26:03 GMT
darklupine wrote:
Greetings! My school is running a management tool called Campus Manager. In order to have your computer on the network, you have to download an ActiveX control and let it scan your computer, where it checks to make sure your Windows, antivirus and antispyware are updated. Obviously, this only works on Windows machines. I have no idea what is going to happen when they force a scan at the beginning of next semester, when it hits my shiny Solaris 10 install.
In order to give myself some ammunition incase it doesn't allow my computer access to the network, I am trying to get my Solaris install as close to the requirements as possible, with an updated antivirus, OS and antispyware. The first two I have, however, the antispyware is proving difficult.
Just install tripwire ( http://sourceforge.net/projects/tripwire/ ) or something along those lines. It serves a similar purpose even though it goes about it differently.
Years ago, I had a friend named Jeff who worked as a lab assistant in one of the CS department's labs at the university we both went to. Part of Jeff's job was to ensure nobody left clutter on the hard drives of the DOS machines (I said it was years ago, right?) that were in one of the labs.
So, Jeff wrote a program that resided on floppy disk and scanned the PC's hard drive for (a) any files that should not exist, or (b) any files that did not match the proper checksum, (c) any files that should exist but didn't. They weren't concerned about viruses at the time (and spyware didn't exist); the purpose was just to eliminate scratch data files that users would leave on the hard drives when they left, since hard drives averaged around 20-40 MB back then and disk space was precious.
Anyway, one day Jeff ran the program after the lab was closing and it found a virus. It wasn't meant to find a virus. It was just meant to detect changes. But find a virus it did, much to his surprise (and delight, since nothing else found that virus, and they weren't regularly scanning for viruses anyway).
The point is this: a good checksumming program will detect viruses, spyware, and any other unintended changes to the system.
By the way, have you thought of configuring a firewall on the Solaris machine so it's in "stealth" mode as much as possible, i.e. doesn't respond to TCP SYN packets with a reset, doesn't respond to any ICMP, and so on? If your machine drops all incoming packets when they scan it, perhaps they will just ignore it. And even if they don't, it's not a bad security practice, so you'll have a justification for doing that. :-)
- Logan .
- Follow-Ups:
- Re: Antispyware and Solaris
- From: Casper H . S . Dik
- Re: Antispyware and Solaris
- References:
- Antispyware and Solaris
- From: darklupine
- Antispyware and Solaris
- Prev by Date: How to install Oracle iso image
- Next by Date: Re: What do YOU use Zones For?
- Previous by thread: Re: Antispyware and Solaris
- Next by thread: Re: Antispyware and Solaris
- Index(es):
Relevant Pages
|
