HTTP Proxies used for Fighting Spyware: Feedback

• Previous message (by thread): HTTP Proxies used for Fighting Spyware: Feedback
• Next message (by thread): HTTP Proxies used for Fighting Spyware: Feedback
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apologies up-front if this really is off topic, but my experience with 
proxies and security, in general, might be of value in this case.

I use an HTTP proxy to help identify, block and report Spyware.  I'm using 
a squid proxy with a SquidGuard blacklist which I update more so than the 
community does.
As spyware hits our network here, I find their entries in the squid access 
log and add the entries to the blacklist.  The trouble is, I'm just one 
guy doing it when I can.  Perhaps
it would be of value to form a community that updates a centralized 
database (or just a flat text file, like squidguard does) which identifies 
and blacklists websites, domains and urls
which contain viruses/phishers/malware content?  I would most certainly be 
interested in working on a project like that.

However, much like my opinion on mitigating SPAM, I'm not convinced this 
is any sort of catch-all solution.  I manage malware protection, the same 
way I manage SPAM protection.  A slew of 2-5 mechanisms which work 
together to bring the best results whilst still maintaining the least 
number of false positives possible.

So, got some free time?  I'd gladly start a project/database/website to 
put a malware blacklist database together.  The key to it being 
successful, is unanimous decisions on what is blocked and what is not.

Again, if this is off-topic, my apologies.
Speaking of which, can someone re-point me to document that explains what 
is and is not considered to be on-topic?  :-)

Tim Rainier
Information Services, Kalsec, INC
trainier at kalsec.com



Two Bit <two.bit7 at gmail.com> 
Sent by: owner-nanog at merit.edu
09/23/2005 03:17 PM
Please respond to
Two Bit <two.bit7 at gmail.com>


To
nanog at merit.edu
cc

Subject
HTTP Proxies used for Fighting Spyware: Feedback






Hi there, long-time Nanog lurker network engineer with a (maybe off-topic) 
question related to network architecture solutions to fight the 
spyware/greyware problem.   I was wondering if anyone might have any 
experience deploying anti-spyware solutions which reside on HTTP Proxies.  
Several products claim to be able to detect spyware on the wire such as 
ISS, SonicWall, Fortinet, Astaro, BlueCoat.  However, I am concerned about 
the performance, especially since they have to use an AntiVirus product on 
the back-end (heavy processing).  Curious what the user experience might 
be, how effective any of these solutions are in really catching spyware, 
and any other operational experiences from engineers employing any of 
these solutions out in the field (not from vendors, please) that may help 
narrow down the choices.   Thanks for any input. 

• Previous message (by thread): HTTP Proxies used for Fighting Spyware: Feedback
• Next message (by thread): HTTP Proxies used for Fighting Spyware: Feedback
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]