Centralized Update Required!

[Ken]

Acknowledged that MS has not released an enterprise beta
for Antispyware. However, we in the public school systems
are in need of a cost effective antispyware solution. The
Beta is a natural for us. However, we must have
centralized updates for the software due to bandwidth
limitations. 7800 desktops contacting MS though a 3mb
pipe just is not going to float.

That said. All that is needed is where the files can
obtained and where they go. We update antivirus and a
host of other applications daily, this one can't be that
big of deal. Just provide the information. Please!

 

[Bill Sanderson]

Are you reading the messages here? I'll admit that the search is busted,
but a link to the KB article containing the information you are looking for
is posted to the previous thread you also posted to--and a day before your
post.

If you are using an html interface and are unable to expand posts, you won't
be reading this one either, I suppose, but the expand all function does
work.

 

[JohnF.]

How are all 7800 machines being exposed to spyware?

You need a Barracuda Spam Firewall and some strict access/application
policies in place so that these problems are handled long before the desktop
is exposed.

The hand-copying of the update files seems to work, but not reliably from
what I have read here in these NG's.

I know PS IT budgets are very very tight but if thousands of machines are
going to be allowed to run hogwild over the internet, the school system is
going to wind up spending much more the what Counterspy Enterprise would
cost.

Fairfax County Virginia PS's learned that last year with 30,000 plus
machines being hammered by a virus because they weren't keeping the OS
updates current. That cleanup cost a fortune more than already existing
commercial solutions nobody wanted to pay for.

AND, as long as you keep finding a way to do it on the cheap, nobody is ever
going to fix your budget.

Good luck!

http://support.microsoft.com/default.aspx?scid=kb;en-us;892519

 

[Ken]

Different issues here...

If you allow browsing of the interent spyware exposure is
going to happen. Spam Firewall? Got one, but that only
shields from the email born deployments. Ours comes in
via web browsing. The web filter identifies responder
sites but you walk a fine line between being too
restrictive to provide the tool for education and being
exposed so muched that the management of the system is a
nightmare.

Our AV solution works rather well. Our ONLY problems
with virus take place when users find a means to
circumvent the AV tools that are deployed.

Spyware has been our biggest issue this school year and
we've not found a solution that makes sense yet.

 

[Robin Walker [MVP]]

7800 desktops contacting MS though a 3mb
pipe just is not going to float.

You might consider a proxy web cache. Then only one copy of any update will
be downloaded.

 

[JohnF.]

Even though they are called spam firewalls, these devices go well beyond
spam - you can block the download of just about anything in any of the
internet traffic coming in your internet connection.

So you are telling me all 7800 of these machines have wide open access to
anything on the internet?

The fine line is for setting stringently and then moving it as each
requirement is justified.

The places most spyware comes from has nothing to do with education,
nevertheless you can configure a Windows machine right now to avoid trouble
99.9% of the time.

 

[JohnF.]

Dell is selling CounterSpy Enterprise for volume between 5,000 and 9,999
units at $5 per unit.

 

[JohnF.]

Get SpywareBlaster from www.javacoolsoftware.com and block thousands of
malware from installing regardless of any other protection present.

 

[plun]

After serious thinking JohnF. wrote :

Dell is selling CounterSpy Enterprise for volume between 5,000 and 9,999
units at $5 per unit.

Well, for a school I believe its better to pay teachers, buy books etc
then pay for spyware
protection.

Wait for MSAS final/IE 7 and use Firefox for free within schools for
time being and block IE6.

http://www.spreadfirefox.com/

 

[JohnF.]

Is is better to pay contractors millions of dollars to clean up an
irresponsible mess and shut the network down for two weeks or put the proper
protection on Internet connected machines before hand?

If you are going to allow Internet access in school you have to pay for the
right kind of access.

OF COURSE you have to pay teachers and buy books but that's NOT where most
of the money goes anyway and that is not the point here.

 

[plun]

After serious thinking JohnF. wrote :

Is is better to pay contractors millions of dollars to clean up an
irresponsible mess and shut the network down for two weeks or put the proper
protection on Internet connected machines before hand?

Totally different problem.

If you are going to allow Internet access in school you have to pay for the
right kind of access.

Should a school pay extra beacuse of a browser with catastrophic
behavior...........?

OF COURSE you have to pay teachers and buy books but that's NOT where most of
the money goes anyway and that is not the point here.

Well, this is "the point" for a school with a small budget already
paying MS
a lot of money for licenses and for antivirus protection to another
company.

 

[James]

Hello,

Both Ken and John put up interesting arguments. I am also
looking a central definition update solution for this
product. We have multiple virus/spam solutions in
production from the core to the desktop - this isn't where
the issues arise.

Having an open internet policy on approx 3000 workstations
is, unfortunately this policy is enforced by a higher
authority and we can't put restrictions into place except
for bandwidth throttling (go figure) - so can anyone from
Microsoft, or excuse me if I have missed a post...
outlining if there is a local central definition update
solution in the mix.

If this isn't part of the road map well, I am keen to learn
of other products that do offer this.

 

[Ed Barba]

Who in thier right mind would allow 3,000 work stations on the network have
total access to the internet? Where I work the computers are totally locked
down and only have access to e-mail that is filtered first. No internet
accesss period! Only access to the company intranet. If one has to connect
to the internet for any reason there is a stand alone computer that is
connected to the internet only and to no other computer.
Ed

 

[Bill Sanderson]

It is on the roadmap.

About all that has been released about that roadmap is it's existence,
however. No dates.

 

[Chas Stokes]

Who in thier right mind would allow 3,000 work stations on the network
have total access to the internet?

It is just a little more prevelant than you think I guess. I work for a
major international company and just about all the computers have full
access to the internet (except for adult filtering.)

Just because your company locks you guys down does not mean that everybody
does (I guess that didn't need to be said.)

Besides, I would go insane on the weekends without my internet access!

Chas

 

[Ed Barba]

I can only imagine the nightmare of spyware and viruses infecting the whole
network. Since there is only one IT guy handling the whole network in the
one building and all the computers and servers I can understand why
everything is locked down tight. Like I said there is a stand alone computer
with full internet access if someone really needs to access the internet.
All they have to do is fill out a log sheet as to time of day/date/web site
accessed and reason for the access. Then log onto the computer with username
and password and open IE and type in the web site or do a search. After all
it is the company computers and they are strictly to be used for work
related issues and not personal stuff.
Our computers are so locked down that you cannot install any software the
floppy drive and usb ports are also locked too. If you need some type of
software installed it has to go through IT dept. and tested before it will
be installed.
At one time the whole network went down because of a virus that was
introduced from a laptop that a marketing sales person brought back from a
trip and then connected back to the network when he got back. Now all
laptops are connected to a stand alone computer in the IT dept. and scanned
thoroughly for everything before it is allowed to connect to the network.
Ed

 

[JohnF.]

Apparently, computer training in school nowadays involves searching for
serial cracks, checking out porn, shopping and searching for internet
bargains, installing online games, visiting online gambling, downloading
mp3's and movies, and clicking yes to every popup from every unknown site
found on a search engine results page. I say that because I don't do any of
the above and I have never even seen spyware much less get any.

 

[Ed Barba]

Apparently so. I have never got any spyware on my machine. Except in this
beta checking out sites posted here. Or when my daughter gets online and
clicks on anythng she sees.
Ed

 

[Chas Stokes]

Our network got crushed once because somebody introduced that melissa virus.
Our computers all use lotus notes so it was definitely an outside source.

It took the IT department weeks to get rid of that.

We also got hit by the sasser (I forget the name of it) virus that cripples
the LSASS.EXE file.

That was fun too.

Did they change anything? Nope.

I actually think that the computers SHOULD be locked down like yours are.
The last place I worked was so tight, you could not even change the
screensaver!

Chas

 

[Ed Barba]

Well I guess the IT department there has loads of people with alot of time
on thier hands. Ever since the last problem I spoke of the computers are
entirely locked down and we have never had a problem since. They all work as
they should and people are getting real work done.
Ed