comp.os.linux.networking Re OT Virus scanner registry keys

Document Sample
comp.os.linux.networking Re OT Virus scanner registry keys Powered By Docstoc
					                    comp.os.linux.networking: Re: OT: Virus scanner registry keys

                Re: OT: Virus scanner registry keys


From: prg (
Date: 02/04/05

Date: 4 Feb 2005 09:59:24 −0800

Noah Roberts wrote:
> I know at least some of you have to deal with Windows machines on
> network. I have asked everywhere else I can think to.
> I am trying to develop a program that scans windows machines to make
> sure they won't destroy the network. I check for SP2 and virus
> existance currently. I want to check to be sure the scanner is set
> to scan periodically, not just by user intervention, and that it has
> been used recently and came up clean. These things I am having
> finding and deciphering in the registry.
> Students in the Dorms tend to not ever use the virus scanner. So it
> up to date, and the service is running, for all the good it does.
> still get infected because they never scan...then I have to deal with
> it, and I hate windows.
> Anyway, if anyone has any information on these values and keys or
> a place where the information is available (I have even contacted
> McAfee and am still waiting...Norton has no damn address or anything
> their site, but I will continue attempting)...

Sympathize with your problems, but you may not want to go down this
road of remote registry access given the wide range of Win versons and
the real potential of leaving the registry wide open for _any_ remote
access if you don't get it right for each and every client setup. Yet
more proof of MS's brain dead implementation of this _vital_ system

Besides, these are not _your_ machines, so you may end up being

Re: OT: Virus scanner registry keys                                                        1
                     comp.os.linux.networking: Re: OT: Virus scanner registry keys
responsible for anything that goes "wrong" with them despite your pleas
that your editing/mucking with registry was not the fault. Put
yourself in their shoes if _your_ laptop "broke". You may not be able
to resist the outcry;(

We tried using this approach at the school district just to monitor
that _we_ had set up _our_ (~2500) machines correctly, and ... what a

Best would be to have a directory service and Win policy that enforced
starting/running the AV software on each client. Not easy in any case
and may be nearly impossible in a college setting with students'
laptops. We were running a NetWare net and eventually went with
ZenWorks to lock down and configure startup of _our_ computers.

We also relented and now scan all email moving through the system.
Even reduced that by having local email service/accounts only for staff
−− students have to use a web based email account of their choosing,
Yahoo, etc. They rarely used their local accounts anyway since they
weren't accessible off−campus. Having an off−campus, web email account
also useful when students needed a quick−n−dirty way of making a
"backup" of their term papers they worked on in the labs/library −−
just mail it to themselves.

Pegasus Mail will go far in reducing email born viruses. Since it's
free, we've used it for years in the schools. It does not provide the
same level of integration as Outlook, which causes some users to
complain, but makes mail admins shout with joy;−)

That said, you still need some way to insure the AV software _is_
running to automatically scan at least new flles and incoming email −−
scanning outgoing email will boink many mail server setups. IIRC, you
are making the AV software available on your site and installing it
when students first setup on the network.

Perhaps you can come up with a script that runs after the AV install
that sets the registry values needed to insure and lock how the AV
software runs. Setting registry values is probably easy enough but
haven't looked at what you can do with the policy editor lately. And
rather than testing the registry at each login, you could write your
own, encrypted "license" file that you read for proper checks. A
script that runs the AV? A downloaded/login script kicker that runs a
previously installed AV startup/run script on the client?

These are off−the−top ideas I've used in various contexts, not
together, and not for network "authorization" of any kind. Also
haven't looked lately at how Novell ZenWorks is coming along on Linux
−− maybe this weekend? Will try to look into "locking down" AV setup
on clients. No, not 'cause I'm such a great guy, but because this is
a recurring problem I've not looked into for some time. And I really
should look into it these days ;)

Re: OT: Virus scanner registry keys                                                  2
                     comp.os.linux.networking: Re: OT: Virus scanner registry keys
I'll get back with anything I find that may be useful to you.

good luck,
email above disabled

Re: OT: Virus scanner registry keys                                                  3