If it were me, I would take a multi pronged approach here. Unbelievable.Īnd yes, it seems killing the tor.real process causes it to complain that it had a problem and needs to be restarted, but doesn't completely kill the app. In fact, there is an executable inside the TorBrowser.app bundle in the "MacOS" folder labeled as "Firefox" There are several other folders inside it with other executables like "tor" and the "tor.real" one. I can confirm it in fact masks itself as Firefox. Wow, it masks itself as Firefox? Are you certain about that? You didn't also have Firefox open at the same time did you? If that's what its actually doing, that's pretty sneaky!Įdit: Nevermind. At my school, out end-goal is to teach the users how to use the technology safely and effectively, regardless of whether they are in our classroom(s) or not. Teaching the end-users about being careful about installing software and not using questionable browser extensions will go a lot farther to our end-goal than obtuse and overbearing management. What's going to work the best? In my opinion, user education is better than heavy-handed lockdown. When found, I have a smart group that emails me once one of them is installed and then I can call the end-user in for a conversation about the AUP violation of attempting to bypass our network filter. For a few of the more gray-area browser extensions (Hola, Tor, Cupcake, etc.), I've written some extension attributes that scan the browsers looking for them.For MacKeeper, which is not detected by Sophos or Adware Medic, I've added the binary as a "restricted application" so if a user actually manages to install it, when it attempts to run, the management will kill it, delete it, pop up a message to the end-user, and then email me.This has been helping me to detect which machines have some malware and then I can pull them in, or send the user an email telling them to download AdWare Medic from Self Service and scan. Sophos has begun to list some of this Adware/Malware to its virus definitions listings, like Geneio and Palmall. I've also sent him money and encourage everyone to do so that's using his donation-ware software. I sometimes send the developer samples of newish malware that I find. It's easy to use and pretty comprehensive. This newish tool has really really helped us to fight this plague. I explain how they were probably tricked into installing it and show them how to use Adware Medic to keep their machines clean(er). Every single time I have to clean a machine of Adware, I give a small lecture to the student about being more careful about what they install. We've been training (and retraining) our users to be careful about what they install. Then export, clean, and Google.Ģ) My approach to fighting of this recent scourge of Adware is multi-fold. You can simply leave the search box blank with Applications selected and search JSS and it'll return everything. If I have time later, I'll re-post my updated list.Ībout every two months or so, I export the "Installed Applications" list to an Excel spreadsheet and then start Googling to see what kind of gak the kids have installed. I do this every month or so and my list has grown a bit since I posted this. Download, get the binary name, add it as a restricted process. Despite the incredible latitude our students have in using their laptops, we look at blocking these apps as ways of protecting our network and our equipment (and to a certain extent, protecting the student from themselves).ġ) I found most of these by good old-fashioned GoogleFu and searching for keywords. So, app restrictions are a first line of defense and pretty good one. If a student persists, we get the Adminisratio and Disciplinary committees involved. For 99% of our AUP violations, these app restrictions act as a first level of warning basically saying, "Knock it off!". If a student is actively trying to circumvent controls we put in place, it goes to a whole new level and the consequences are more severe. But.I can still see what's been installed (even if it's renamed or modified, etc.) and then it becomes even more of a disciplinary issue. Added a few more this weekend after scouring a few of my more industrious users' Applications list:Īt some point, we all realize it's a cat-and-mouse game, and a truly determined student will figure out ways around the software restrictions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |