Kaseya Community

Preventing Malware

  • It REALLY bothers me that Kaseya can't help us PREVENT malware attacks - unless of course we shell out a minimum of $2400.00 and buy KES licenses!

    There has been a lot of discussion about installing, updating and running third party free malware check/fix programs, but none of them seem to PROTECT the workstations, or sucessfully clean them without user intervention.

    I guess this is a PLEA to ANYONE out there who is using Kaseya to:


    • Protect
    • Scan
    • Report
    • Clean


    I refuse to shell out $2400.00 to kaseya so that I can sell an eighth of the licenses for half the total cost!

    I'd rather pay someone HERE to come up with a great solution :-)


    Any thoughts, comments, best practices or ideas?

    Legacy Forum Name: Preventing Malware,
    Legacy Posted By Username: Interprom
  • Gavin,

    There have certainly been a lot of scripts posted to the forum that use third party free malware check/fix programs. Just do some searches.

    But, those are all for helping to reduce clean-up efforts. Regarding pro-active protection, I don't see any way to "PROTECT" or "PREVENT" infections/attacks without an anti-virus/anti-malware product.

    We are currently evaluating KES, but presently, we have Symantec Antivirus and Symantec Endpoint Protection deployed on all end-user machines. I couldn't imagine not using something.

    I see KES as a replacement for our current AV products and licensing methods, I don't see it as an add-on compared to having nothing. Just my 2 cents.

    Lloyd

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lwolf
  • If you don't want to shell out for AV then you are really going to have a half-baked solution.

    But I guess you want some direction here.
    Put AV in at the gateway level. Untangle have a neat package that has all sorts of good reports. This will block a lot of stuff. But not all - You will still need to protect the workstations somewhat. Untangle is Open Source.
    To address workstations, I would implement a lockdown policy via kaseya that removes users from the Administrators group of the local machines.

    Machine lockdown is not easy and we are going through the process of this.
    And finally, Because you do not have AV on each endpoint make sure you have a lot of different Malware removal scripts available.

    By the way.. We have found selling endPoint AV is pretty easy. Although you would have to shell out for it initially, it does become profitable pretty quickly.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: garry
  • If InterProm is saying he doesn't run AV on his machines, this is unthinkable.

    If you really can't justify the minimum number of KES licenses, get out there and buy ANY other AV product. End of story.

    Other than that there are a lot of scripts for malware programs like spybot, ad-aware etc. These are good, but should definitely be ON TOP of a good AV.

    I have one client that is not going to be running AV on their workstations soon. This is because they are going down the terminal path, and their workstations are going to run software that restores their PC configuration every time the machine restarts, much like a thin client. An administrator level password will be needed to save ANYTHING locally to the hard drive permanently.

    This is the ONLY time I would not run AV on a machine, short of an accounting machine that has no networking cables connected. Frankly those clients just don't exist, however.

    Regards,
    Chris

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: chris@busy.co.nz
  • Check out my post on this thread: http://community.kaseya.com/xsp/f/94/t/10046.aspx



    Malware is avoidable you just have to re-think your security approach. Anti-virus alone is not going to stop malware infestations.



    Matt

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: connectex
  • connectex
    Check out my post on this thread: http://community.kaseya.com/xsp/f/94/t/10046.aspx



    Malware is avoidable you just have to re-think your security approach. Anti-virus alone is not going to stop malware infestations.



    Matt




    Yes you need to rethink the approach, but it's not necessarily the IT Guy's job alone ... Anti-Malware takes education ...PERIOD... You have to educate the end-users where these things come from and why the infections happen (email, bad websites, bad downloads, etc.) Make the end-users feel partly responsible for protecting. Then do things like website blocking thru OpenDNS to help filter out the bad websites, use KES (or any other AV Product) to help get the known stuff and keep a system clean, use things like Postini to ensure email stays clean and free of viruses and mal-ware ... The education has to happen or then yes the Malware writers have won because people will keep going to their websites and downloading their crap without knowing what they are really doing. Think about it this way, if no one at all responded to spam mail, do you think it would stop completely? You're darn right it would, as soon as it became unprofitable it would stop entirely, the same thing with most malware out there today - MAKE IT UNPROFITABLE - EDUCATE YOUR USERS!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: TBK Consulting
  • Well that's why I promote using non-admin users accounts as the base of system security. Users don't know all the malware tricks. Once you think they know them a new one appears. They just want to do their job and not have to remember everything the IT guy told them to avoid doing. It's like having a non IT person ask you for a lesson on how to remove viruses. I just tell them there are far to many variations and that the game is always changing.

    Matt

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: connectex
  • Yes the game is always changing but there are a few hard and fast rules the end users should always follow - don't open attachments if they don't know who sent them, use spam rules to get rid of spam, don't download things from unreputable sites ... etc ... just because a buddy sent it to them doesn't always mean it's virus-free!

    Eventually end users can be smart enough to help prevent some of their own problems, but yes non-admin accounts is a good start, but it's not the end-all of security problems.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: TBK Consulting
  • simple. don't run or let your users run with admin rights. No scans or AV, no extra money, no user education needed, no extra restrictions on the user's mind and, most important, no malware.
    At first I thought that non-admin was not an end-all of security (actually protection, not security), but after 6 years of doing only non-admin users, I can say that we have gotten to a point where we trust it and even gurantee it to our clients.
    We are now bold enough to say that we come in, remove AV (and the associated cost (both money and time)) and gurantee that they will not get infected.
    Benefit to the users is that they don't have to be 'schooled' in what to open, not open, click on, not click on, watch for, not watch for, etc. etc. Because the bottom line is that it makes no difference how much you do that...they will still click and open and visit. To us is makes no difference...no harm is done.

    You're not going to hear this message in the mainstream IT world. We've been force fed that we absolutely positively must have protection software (if not several) and that everyone should be so educated that they should really pass a course to use their computer... It's just not so.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rhayes@expertnetsolutions.com
  • I'm with you on the having non-admin users. But I would NEVER not use anti-virus software. Non-admin stops all writes to the program files and windows folders. That's where a lot of malware tends to hide. There is some malware that will store themselves in internet temp files or temp files under the user's profile. Since non-admin limits the exposure these are easy removes. But it still can't stop these threats. Plus with more people turning to non-admin malware writers are beginning to adapt to newer non-admin techniques. So anti-virus software is now and always will be a MUST.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: connectex
  • Sure, we've seen the "non-admin" aware malware...the two minutes that it takes to remove this odd exception outweighs the hours of time needed to keep anti-malware software up-to-date and the expense of the anti-malware software - not to mention the expense of cpu cycles involved in overhead of anti-malware software.
    All I can say at this point is that anti-virus software is a NEVER for us and we gurantee the results. Our clients love the reduction in expense, love the fact that they get more life out of their computers (don't have to replace as often) and are happy to actually use their computers without the fear that everything they click on will infect them. They finally get some work done.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rhayes@expertnetsolutions.com
  • But why inconvenience the users when the problem could have been prevented to start with? Isn't that worth the costs of anti-virus software alone? Also based on the talks of several security experts the threats are evolving and concepts like in memory kernal patching are more likely. You'll need something to counter these new threats that non-admin alone won't.

    Matt

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: connectex
  • To each his own. Over the years we've had only two "mis-clicks" that have involved a profile cleanup. Hardly worth any cost (monetary or system) on AV. And, at the same time, I've walked into many a new client with fully subscribed AV software and removed many a virus.
    The day that user space can cross into system space is the day to reconsider the OS. I don't see this ever happening with MS OS's. What you're suggesting is that over time in-memory kernal patching will be user based and thus will be open to attack...I will be sure to be on a new OS by then.
    This concept is not for everyone, especially those that make a substantial income from AV and the support thereof. For our clients, it's an expense they don't need. It works for them, saves them money, saves us time, saves us money and we feel confident enough with it (and this has not come without extensive testing as well as investigation into the core security) to rely on it and gurantee it.
    System virus infection to-date - 0

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rhayes@expertnetsolutions.com
  • chris@busy.co.nz
    If InterProm is saying he doesn't run AV on his machines, this is unthinkable.

    If you really can't justify the minimum number of KES licenses, get out there and buy ANY other AV product. End of story.
    Chris


    I would NEVER let a client run without Anti Virus protection. All our clients are on Trend Micro Worry Free advanced.

    However, as good as this solution is, we are still spending too much time cleaning up junk that gets through.

    My inquiry was more around doing MORE to prevent malware, and being integrated with Kaseya somehow. I know that KES is a great solution. I just don't agree with the fact that (as usual) I have to purchase WAY MORE than I need just to access it.

    I'm not happy with Kaseya's sales model. "Get as much money as we can up front from our MSP's so that WE can stay in business".

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Interprom
  • You asked how to PREVENT malware and you asked how to do it without cost. My answer to you was to avoid it all together.

    The solution you state is obviously not very good if you are spending time cleaning up the junk that gets through.

    I'm not going to sell you on what works excellent, works without cost, PREVENTS malware, and does it at no cost. However, you did say you'd pay someone for a great solution...

    The truth is that there is too much fear from a provider to do this without knowing what they are doing. If you do it wrong, you are subject to issues. If you do it right, you do your clients a great service. The industry continues to collect massive money for malware, so-called, prevention and clean-up and yet, folks are still cleaning up junk or cleaning up full infections. Doesn't seem like anything more than a money grab to me.
    Those of us who get this concept and implement it properly PREVENT malware, and do it with no additional cost, nor spend time cleaning up. And our phrase is "I would NEVER let a client run WITH anti-virus protection...what a waste."

    But, I'm not here to sell you on something you don't get, just to present you with the answer to your question. If that answer doesn't work for you, then don't take it, but in my experience with trying to get protection tools to do their job, don't be disappointed with the results.

    Since you are tending to lean toward anti-malware apps and KES choices and not alternative options, then it seems that posting this question in the Scripts Forum is probably not the best place for such answers.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rhayes@expertnetsolutions.com