URL Filtering on Avast Pro & Malware Problem

[ah_khoo]

Hi all,

I'm working as an IT support, my current company is using avast pro. Generally we are satisfied with the software, but there are few issues that I'd like to highlight here, one of them is the URL ffiltering. 

I've found the feature is useful, especially in controlling the URLs that can be accessed by users. But the thing is there is no limitation to normal user from configuring the filter list, meaning that any user with some IT knowledge can simply alter the list that have been set by IT personnel (me). It'd be good if we can come out with solutions on limitting end users from using these advanced features. 

Other than that, we've encountered few times of malware / spyware attacks even with the software is deployed. Though it's not critical but still I got complaints from users. The scenarios here is whenever user launch any kind of internet browser, be it I.E or firefox, there will be a string of "BBBBBBBBBBBBBBBBBB" characters appear on the top right hand corner of the browser. Out of desperation (pressured by my superior  ), I've solved this by temporarily installing Dr. Web Cure It! scanner. I wonder if there's anyone here facing the same problem like mine. All the users are frequent browser of chinese websites, that's why I understand their systems are exposed to lot of virus / malware intrutions. 

Last but not least, thank you for sharing. Please advise if anyone of you have the solution(s) to my problem. 

[Spiritsongs]

   Hi :


  Best to use a program SPECIFICALLY geared to combating spyware; since
  you are a company, I recommend the very Good "CounterSpy" from
  Sunbelt Software . 

[Tzvia]

I too, work in IT, and support over 3000 users in at least 3 states.  Thankfully, we use proxy rules and a firewall to limit/track where people go on the internet, and all incoming email goes through Postini, Trend for Exchange, then another well known brand AV software at the desktops.  At home, I use Avast even though the other software is free, and would choose Avast for work if I were the one making the decisions.  But those decisions are made at the corporate level, and our division is just a small piece of the pie (a division of a very large multinational aerospace holding company).  Oh well.  My Job includes being the 'Virus Focal', and I've used a lot of different products, and spend a lot of time remotely repairing the AV software we use on peoples desktops. 
If you want to control where people go- If I am 'hearing you' correctly, you could implement that in the users hosts file.  Any 'bad' domains/IP's should point to 127.0.0.1, and since the hosts file is parsed before the computer runs to DNS, that would stop all kinds of junk.  My personal hosts file reads like a book.  You could revoke all permissions to the hosts file to all but one administrator account so the end users cant fiddle with it even if they knew the domain was being blocked from there.  (The end users should not have local admin accounts, but that is another issue.)
Most the problems I have seen from the websites our people can get to are malicious scripts downloaded to CONTENT.IE5.  At the very least, the file should be prevented from executing even if it is not prevented from being downloaded or is not deleted.