- Jamf Nation Community
- Products
- Jamf Pro
- Update List of Restricted Software
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Update List of Restricted Software
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-12-2010 01:46 PM
It has been long time since I have updated my list of restricted software.
I have listed below what I currently have. Would love any input as to apps
to add to the list. Most of the black listed software is BitTorrent
software. Any other suggestions on software that you might now want someone
to run would be helpful also. I have talked with Jamf about maybe keeping a
list somewhere within the community that we could all post to.
Tomato Torrent Transmission XFactor iSwipe Acqlite Phex FrostWire ShakesPeer Cabos BitRocket Acquisition Bits on Wheels Azureus Xtorrent BitTorrent Mojoe
Rich Dagel
Senior Technology Specialist
Landor Associates
1001 Front Street
San Francisco, CA 94111
United States
415 365 3933
http://www.landor.com
Rich.Dagel at landor.com
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-12-2010 02:55 PM
I restrict apps being run by file path, so that only apps from /Applications can run, and since root:wheel owns Applications users cannot drop any apps into it. I also then add anything optional they want in self service. This can be done via MCX.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-12-2010 03:05 PM
This is tough, and will vary based on company or institution policy. Our
block list is based mostly on applications that could negatively affect our
limited broadband connection and apps that might be used to circumvent our
network management (Casper tools) and security policy. Missing from your
list:
- LimeWire
- Vuze (was Azureus)
- John the RIpper (password cracker)
- Little Snitch (could easily be set to block Casper) (users are not allowed
to enable the firewall)
Our environment is particulary interesting since we allow our users to be
admins on their machines (I know, I know; it's a logistical nightmare but
politics dictate it). So I'm left blocking just the stuff that could really
seriously affect our network or compromise security. And we do a LOT of HD
wipes and imaging. You wouldn't believe some of the stuff our users do to
their machines.
The reality, of course, is that not everything can be blocked so our list is
really just a first line of defense. Policies report back to me who's
launched what so I can keep on eye on the more curious students and watch
for egregious violations.
Damien Barrett
System Technician
Montclair Kimberley Academy
Montclair, NJ 07042
973-842-2812
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-15-2010 08:19 PM
That is why I recommend you use MCX and just block folder paths, and only allow apps to run from /Applications period. Users cannot download and install anything unless they have admin rights, and they can't run any app from their desktop or say from another folder or even a flash drive. Now, it can get annoying when you have a product like Adobe, which puts their licensing app in /Library/Application Support, but just by adding that path in your MCX file will remedy that.
I don't really want to maintain a list of apps that are not allowed, and I want it to be simple with as little overhead as possible.
You can do this with either OS X Server, or with Casper version 7 since it supports MCX.
-Tom
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-18-2010 01:11 PM
I like the idea of a list of application that others ban. As pointed out by
Damien, we each have different requirements for what we can allow and not
allow based on the institutions we work for. I am also faced with a number
of users who have admin rights and restricting Applications that pose a
possible risk whether they are bit torrent clients, P2P, etc it the first
chance to protect our respective environments form exposure to such risks.
It is impossible for any one of us to know of every single application that
is out there. What one person is aware of, many others are not and vise
versa. I would say that if such a list is maintained, we should also include
a brief description of the application or at least what kind it is, P2P,
BitTorrent, password hacker, etc. This way we know right away if we have to
be concerned or not.
I am interested in this if anyone else let me know.
--
Sean Gallagher
Sr. Platform Engineer
The Children's Hospital of Philadelphia
100 Penn Square East 7th Flr.
Phila, PA. 19107
267-426-2607
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-21-2012 11:13 AM
Here are the processes we block in AppState Labs
We can not block these at the perimeter as Faculty can and will use some of them for legitimate purposes. We do run Red Lambda as a monitor and can restrict if needed at the perimeter on a case by case basis. The reports from RL give us a good list of what to block
LimeWire
Cabos
LH-ABC
Azureus
Wuala
BitTorrent
fileSharingMUTE
amule
amulegui
Acquisition
Transmission
FrostWire
wrapper-macosx-u (FreeNet)
uTorrent
kazaa
k-litepro (Kazaa Lite)
Poisoned
SolarSeek
Xtorrent
iTerm
Vuze
Folx
Opera
eDonkey
Kademlia
