Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I've Had It Up To Hear With Idiot Users And Their Viruses

  • Please log in to reply
2 replies to this topic

#1 norwood781


  • Members
  • 50 posts
  • Local time:12:22 AM

Posted 07 June 2011 - 05:49 AM

At my last position, I had pretty much complete say on how to protect my network. With the miles of cubicle morons constantly infecting their machines by, their words, "not doing anything, I don't know what happened, it just booted up like that. I didn't go anywhere". So I installed a Squid box along with Dansguardian and shut their asses down.

Here at my new place, it's a much bigger company - and with that comes much bigger bureaucracy. We use Internet Explorer because a few of our applications require it. Though I always recommend people to use the Firefox with AdBlock+ I installed for everything else...but they don't know what that is. They think it is a different internet or something...it just makes their brains shut down. So they sit there until 11am and browse Youtube, Facebook and Myspace clicking away at links and infecting their machines.

I'm plan on proposing a Squid/Dans solution, because nary a day goes by without some idiot bringing me their infected machine to clean, thereby decreasing my efficiency to do other things and keep our network in shape.

What other solutions have any of you used, given the environment of IE and each user being a local admin? (don't even get me started on that...that shouldn't be, there's no good reason for it).

So I'm wracking my brain here on what can be done with this user type setup.

Ideas...any, all, brainstorm...please. I'm about to lose my mind, as I have three on my lab bench out back to go fix for the rest of the AM. And it's only Tuesday.

Forgot to mention, our "virus protection" is currently Trends (LOL). I plan on advising Avast because the only thing Trends can stop is my productivity.

Edited by hamluis, 07 June 2011 - 10:16 AM.
Moved from XP to AV, Firewall, etc.

BC AdBot (Login to Remove)


#2 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:22 AM

Posted 07 June 2011 - 07:29 AM

Well first of all, those site should be blocked at a corporate firewall due to this issue, and anyone who gets infected should have their network access revoked. Also they should be using a Domain Controller or Samba to authenticate with very limited access rights to the computer. Switching to another Virus Scanner wont solve your issues. A Robust Network Security setup will do.

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • Gender:Male
  • Local time:06:22 AM

Posted 07 June 2011 - 10:40 AM

I've blogged about some techniques and tools to lower the rights of process (like IE) that run with admin rights.

I suggest you read my posts, and come back here with any remaining questions.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users