This article addresses one of the tools I use in the workstation environment for virus and adware scanning/prevention.
I love my firewall. I remind myself to give it a nuzzle whenever I'm in my server room. It's a NetGear (write me for the specific model and specifications if you're interested, however the techniques described herein typically work with any firewall). It has:
- a nice web interface that allows me to unblock and redirect any ports I wish (all ports are blocked by default),
- an email notification service to send an SMS message to my phone when certain activities occur,
- rules for inbound routing (very handy if you ever change IPs of a server behind the firewall),
- logging, with notification (if I'm really, really paranoid), and
- the most fun: Keyword Blocking.
The other stuff is cool (write me for more detail), but Keyword Blocking rocks. Don't tell my kids, as they're pretty cheeked at me for it. In my Ad-Aware and McAfee scans of their systems, many of the same names kept appearing (I provide a list of keywords below). These names contained a variety of content (cool games, neat screensavers, cool cursors) and trojans. The content is wonderful; I'd love it if my kids could enjoy their cursors, games and screensavers, but I cannot abide by programs that make requests for unwanted software on behalf of my kids. Upon accessing a blocked site, the firewall intervenes and puts up a big banner for the user to enjoy.
I've since expanded my blocking to include the domains of certain tracking cookies (I held off on this initially, as I didn't know the impact on legitimate sites). However, I've found this to be benign: ads served in their own window show the 'blocked' message, leaving the rest of the page intact.
Here's my current blocked keyword list. I've added these as I've discovered harmful programs loaded by access to their sites, or from research on various intenet sites. I'll keep it up to date from time to time:
- abetterinternet (as if)
- overpro
- smileycentral (it sucks: they have some cool smileys)
- funwebproducts (watch for directories of this name in your Program Files)
- cometsystems (cool cursors, but alas: malware)
- cometcursor (see above)
- bonzibuddy (touted as shopware, loads popups)
- navisearch (sounds nice: use Google)
- cashbackbuddy (as if I had to mention this one)
- click2find (use Google)
- screensavers.com (nice savers, but loaded with trojans. Note: .SCR files are dangerous)
- totalvelocity
- addictivetechnologies
- f1organizer
- yourspecialoffers (almost anything with 'offers' sucks)
- prize4all (almost anything with 'prize' sucks)
- r-vision
- ezula
- consumerincentivepromotions
- viewpoint.com
- zango.com
- systemsoap (a shame: I use a lot of SOAP calls)
- brodcast (from Br0derbund; updates splash screens)
- broder (see above)
- cashback (as if I have to mention this)
- hotbar (not-so-cool bar; loads popups)
- incentiverewards (almost anything with 'incentive' sucks)
- bullseye.com
- adserver (this one prevents various ads and cookies)
- coremetrics (monitors browser usage through cookies)
- advertising.com (duh)
- valueclick (almost anything with 'value' sucks)
- bargainbuddy (part of 'cashbackbargainbuddy')
- exactadvertising
Hope this helps.