Hi all,



We're running Windows XP on about 350 desktops.  We're very strict

with our user permissions and group policies, etc.  Users can't see

C:\ drive, they can't install apps, they can't write the registry,

they can't write to c:\windows, etc, etc.



While we have a corporate firewall in place and desktop anti-virus

scanners as a security measure - how can I stop Windows XP from

allowing a virus to run its own SMTP engine?



I don't want to license, install and manage personal firewalls on each

desktop PC but how else can I stop viruses from bring along thier own

SMTP engine?  Is there something in Group Policy?



My fear is having a desktop PC where the anti-virus software has

stopped running (for whatever reason) and a user opens email from a

web-based mail provider.  What's to stop the SMTP engine from loading

and doing damage?  The email isn't coming in through the firewall in

this instance - it's just Port 80 traffic.



Any ideas would be greatly appreciated.



Thanks,

Glen

If you practice Safe Hex and have AV software installed then the problem is mitigated.



That's it !



Dave







"Glen Heaysman" <glenheaysman@hotmail.com> wrote in message

news:3358aaa1.0403281948.726991b8@posting.google.c  om...

| Hi all,

|

| We're running Windows XP on about 350 desktops.  We're very strict

| with our user permissions and group policies, etc.  Users can't see

| C:\ drive, they can't install apps, they can't write the registry,

| they can't write to c:\windows, etc, etc.

|

| While we have a corporate firewall in place and desktop anti-virus

| scanners as a security measure - how can I stop Windows XP from

| allowing a virus to run its own SMTP engine?

|

| I don't want to license, install and manage personal firewalls on each

| desktop PC but how else can I stop viruses from bring along thier own

| SMTP engine?  Is there something in Group Policy?

|

| My fear is having a desktop PC where the anti-virus software has

| stopped running (for whatever reason) and a user opens email from a

| web-based mail provider.  What's to stop the SMTP engine from loading

| and doing damage?  The email isn't coming in through the firewall in

| this instance - it's just Port 80 traffic.

|

| Any ideas would be greatly appreciated.

|

| Thanks,

| Glen

ADDENDUM:

I should have added -- and the AV software is kept up-to-date.  :-)



Dave

My version of Trend that the IT department installed on my desktop will not

allow me to shut it down or uninstall it.  I have to hack the registry when I

want to shut it down!





"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:OW9uXIUFEHA.576@TK2MSFTNGP11.phx.gbl...

> ADDENDUM:

> I should have added -- and the AV software is kept up-to-date.  :-)

>

> Dave

>

>

Mr. Heaysman:



The easiest way, while not the least expensive way is for your company to setup its own "Exchange" mail server and have it run through an "ISA Server" in the DMZ.  



In this way you can control the incoming flow of the e-mails including web based e-mail.  I would also strongly advise you to obtain the Symantec's Enterprise Corporate Edition AntiVirus program.  



You would need to remove the individual AV programs running on your desktops and install the Symantec EE Antivirus client on each desktop. 



This can be pushed out to the individual workstations through Group Policy from the server (I.E. Domain Controler).



With the EE AV program installed on your server and the use of the Microsoft ISA server, which by the way, has its own built in and extremely effective firewall and the AV client installed on the desktops, your risk of infection from virus is greatly reduced.



This is would result in corporated wide AV protection, while reducing the work load of your Network administrator since all of the AV and ISA administration can be centrally controled.



As I said previously, this is not the least expensive way, but the intial cost will be recovered due to the reduced investiment in service calls and down time due to virus infections.



However this is no substitution or replacement for the continuing education of your employees to ensure safe practices and following corporate policy regarding opening of ANY untrusted coorespondence.



I hope this may be helpful.



If you need any further assistance feel free to contact me.






	
Quote:
	

	

		

			
				Originally posted by Glen Heaysman 

Hi all,



We're running Windows XP on about 350 desktops.  We're very strict

with our user permissions and group policies, etc.  Users can't see

C:\ drive, they can't install apps, they can't write the registry,

they can't write to c:\windows, etc, etc.



While we have a corporate firewall in place and desktop anti-virus

scanners as a security measure - how can I stop Windows XP from

allowing a virus to run its own SMTP engine?



I don't want to license, install and manage personal firewalls on each

desktop PC but how else can I stop viruses from bring along thier own

SMTP engine?  Is there something in Group Policy?



My fear is having a desktop PC where the anti-virus software has

stopped running (for whatever reason) and a user opens email from a

web-based mail provider.  What's to stop the SMTP engine from loading

and doing damage?  The email isn't coming in through the firewall in

this instance - it's just Port 80 traffic.



Any ideas would be greatly appreciated.



Thanks,

Glen 
			
		
	
	

Something you should NOT be doing !



Dave







"BeamGuy" <nobody@spam.com> wrote in message news:%23vM69NUFEHA.2868@TK2MSFTNGP12.phx.gbl...

| My version of Trend that the IT department installed on my desktop will not

| allow me to shut it down or uninstall it.  I have to hack the registry when I

| want to shut it down!

|

|

| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:OW9uXIUFEHA.576@TK2MSFTNGP11.phx.gbl...

| > ADDENDUM:

| > I should have added -- and the AV software is kept up-to-date.  :-)

| >

| > Dave

| >

| >

|

|

In addition, make sure your firewall is configured not to allow any outbound

traffic other than for 80, 443, whatever, from any IP you don't wish

it....as in, no outbound 25 from anything but your servers. Block common

webmail like Hotmail, Yahoo, mail2web.com, etc. Don't allow outbound port

110. Etc etc etc etc.



Glen Heaysman wrote:

> Hi all,

>

> We're running Windows XP on about 350 desktops.  We're very strict

> with our user permissions and group policies, etc.  Users can't see

> C:\ drive, they can't install apps, they can't write the registry,

> they can't write to c:\windows, etc, etc.

>

> While we have a corporate firewall in place and desktop anti-virus

> scanners as a security measure - how can I stop Windows XP from

> allowing a virus to run its own SMTP engine?

>

> I don't want to license, install and manage personal firewalls on each

> desktop PC but how else can I stop viruses from bring along thier own

> SMTP engine?  Is there something in Group Policy?

>

> My fear is having a desktop PC where the anti-virus software has

> stopped running (for whatever reason) and a user opens email from a

> web-based mail provider.  What's to stop the SMTP engine from loading

> and doing damage?  The email isn't coming in through the firewall in

> this instance - it's just Port 80 traffic.

>

> Any ideas would be greatly appreciated.

>

> Thanks,

> Glen

David H. Lipman wrote:

> Something you should NOT be doing !



But something that happens - so further mitigation of the affects of an

infection isn't a bad idea. (Of course why a company would lock down things

like AV that tightly and then let people run free with the registry editor

is another question... I'm not sure what their point is but surely that

can't be right!)

Strange things happen everyday... and our IT department has improved over the years...

...but just because they are professionals don't think that they can keep our computers safe

from the dangerous world out there.



The computer I am talking about is a laptop, so I am given administrator rights since I may need

to install software when I am in Singapore or some other such place.



The antivirus package is setup for the ordinary corporate citizen.



>

> But something that happens - so further mitigation of the affects of an

> infection isn't a bad idea. (Of course why a company would lock down things

> like AV that tightly and then let people run free with the registry editor

> is another question... I'm not sure what their point is but surely that

> can't be right!)

>

>