Quoting Odhiambo Washington <wash@xxxxxxxxxxxx>:
Yes, you are right, too. But if I apply such a blacklist, I reduce the
chance for such "malware" to pass through (altough it will never be 100%
protection). Do you agree?
You are not alone in that thinking.
The IDS think tank at bleedingsnort.org has a project where they are
cataloging the various user agents found in different types of spyware.
The idea is to assemble a repository for filtering, etc:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/user-agents.tar.gz?root=Spyware-User-Agents&view=tar
to extend that function into the real world, they have corellated URL
signatures found in various types of spyware and have put together a
site to actively identify malware as it passes through the network.
http://www.bleedingsnort.com/staticpages/index.php?page=listeningpost
This is *not* a magic bullet that will make us all secure, but if it
cuts out 60% of the bad stuff, that's pretty good. It's certainly more
than most anti virus scanners catch these days.
jp
-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact: services@xxxxxxxxxxxxxx
