[K12OSN] Way to block spyware with content filter?

[Quigg, Dale]

> Date: Thu, 17 Feb 2005 10:03:02 -0600
> From: Adam Melancon <adammelancon at gmail.com>
> Subject: Re: [K12OSN] Way to block spyware with content filter?
>
> > I had this idea.  I don't know if it would work, but I don't know why
> > it wouldn't.  And if it does, it could eliminate a lot of the time you
> > have to spend removing ad/spyware.
> >
> > Spybot Search and Destroy has an immunize feature that when activated
> > says it is blocking some number of bad websites silently in IE.
> >
> > My idea was to look through the spybot files to see if  I could find
> > this blacklist.  Then add those URL's to our content filter's
> > blacklist.  That way everyone in the school district is "immunized"
> > without a tech having to install Spybot S+D on every Windows PC.

Hi Adam,

Another variation on your idea is to use Snort to detect spyware type
packets and drop those packets.  This can also be used to limit virii
from overloading your network connection (it doesn't protect computers
on your LAN however).  ClarkConnect (I'm sorry if I always seem to be
"plugging" CC) has plans to do something like this.
http://www.clarkconnect.org/projects/spyware.php

The basis for the CC implementation is http://www.bleedingsnort.com if 
you want to "roll your own".

Hope this helps.
Dale


This e-mail and any attachments are intended only for use by the
addressee(s) named herein and may contain legally privileged and/or
confidential information. If you are not the intended recipient of this
e-mail, you are hereby notified any dissemination, distribution or copying
of this email, and any attachments thereto, is strictly prohibited. If you
receive this email in error please immediately notify the sender and
permanently delete the original copy and any copy of any e-mail, and any
printout thereof.