Good advice, Dick. Thanks for taking the time to write the note
because we all need that reminder once in a while.
Another common e-mail vulnerability is the preview window that shows the
beginning of the message you have displayed in your inbox listing.
The problem here is as you scroll up and down your inbox, you are
actually opening each of the e-mail messages on the displayed list.
There is some malware out there that doesn't require you to open the
attachment to get in trouble -- opening the e-mail itself is
enough. These are rare and usually not destructive, but why take
the chance? So I have the preview option turned off in my
e-mail. In Outlook, the option on the View menu (View >
AutoPreview in the version I use for work).
By the way, I don't Outlook much because every "script kiddie"
virus writer on the planet knows how to open up the Inbox and Address
Book and read through them so they can use legitimate e-mail addresses
and Subjects in the viruses they send out. They don't have to
infect your machine to use your e-mail as the sender of their malicious
e-mails -- all they have to do is infect a machine that has one of your
e-mails in it. But for work, I'm required to use it, but at least
it gets used on a private (VPN) network and I don't use that laptop for
anything besides work, so I'm not as much at risk that way.
I use Eudora for my personal e-mail client because it has a built-in spam
filter (necessary because the ISP that hosts my andyoppel.com site does
not have one) and because it integrates with the McAfee Virus scanner I
have. It automatically scans every inbound message, deleting
viruses and malware, and moving suspected spam to a Junk folder.
The spam filter learns as you flag missed items as spam, so it gets
better all the time. Right now it is catching over 90% of my
inbound spam with a very low false positive rate. Moreover, McAfee
scans any outbound attachments and puts a certification tag in the e-mail
header. That helps in two ways: 1) If I get a virus, it isn't
going to be able to send infected attachments to anyone, and 2) The
certification is used by many of the anti-virus programs to assist in
verifying that an attachment is virus-free. It's a double-check of
sorts. The other thing I like is that it updates itself
automatically (I call it auto-magically) so I don't have to
remember.
For Spyware (which a lot of us call Malware because some of it
technically doesn't spy on you but does other bad things like changing
your browser home page to one that is loaded up with viruses). In
addition to Spybot, I run Ad-Aware SE. You can buy the supported
edition from the publisher (lavasoft.com) or download the freeware
version from download.com:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
. I happen to know that Mr. Vallio also runs Ad-Aware.
-- Andy Oppel, N6AJO
Pacific Division Vice Director
At 09:17 AM 5/7/2005, you wrote:
7 MAY, 2005 - 1115 CDT
Some of you are probably already doing the things I talk about
below.
But it does not hurt to review what you do and you can use this
message
as a guideline for other computer users you know. Please excuse
the
bandwidth consumption.
Email messages using spoofed email addresses that carry virus-loaded
attachments are an expanding problem. The spoofed addresses are
obtained
from individual computers that are already compromised because the user
was ignorant, careless, just didn't give a d---, or any combination of
these factors. They are also obtained from public access web sites,
including
the ARRL web site.
Because of my public profile as an ARRL director, I find both of my
public email addresses (w9gig@arrl.org and dick@pobox.com) to now be
widely spoofed. I receive an average of three to five bounce
messages a day telling me "my email" has been rejected because
a particular address is no longer valid.
Of course the email in question was not originated by me.
In addition to having up-to-date anti-virus and anti-spyware programs
installed here, I use the following policies in dealing with email
attached files and web sites that install spyware programs.
ANTIVIRUS PROGRAMS
1. Buy a major anti-virus program and keep it up-dated.
2. Make sure it's set to scan everything coming into your
computer.
3. Run a periodic anti-virus scan of your entire hard drive. You
can
program this activity to take place in the middle of the
night on
a specified day. All you have to do is leave your
computer running
on that particular night.
ATTACHED FILES
1. The attached file has to come from someone or an organization
that
I know.
2. The attached file is expected. I know it is coming and
generally
know the name of the attached file ahead of time.
3. If either of these two parameters are violated, the attached file
is
trashed even if my screening programs let it arrive without
a warning
notice.
This includes electronic greeting cards from supposedly
reputable web
sites like Hallmark. Virtually all greeting card sites
use spyware
to develop customized email databases for future (SPAM)
sales messages.
WEB SITE SPYWARE
Sometimes, you have to use a legitimate web site that will install
spyware
on your computer. "Switchboard" (Yellow and White Pages)
is a good example. If you are in the habit of browsing disreputable
personal and commercial
web sites, the spyware that shows up will often have a virus
included. If these small programs are allowed to accumulate in your
computer, it will eventually slow down as well as broadcast a lot of your
personal
information back to the company or individual that installed the
program.
1. It's a pain in the butt, but I run (free) Spybot Search &
Destroy as
soon as I am finished web browsing. It usually
finds one, two, or more
spyware programs have been installed. However,
you need more than this
program to defend your computer.
2. At the end of the day, I run Counter-Spy and it's also
set to deep-
scan this entire computer's hard drive twice a
week. The full version
of this program has a small annual fee that's well
worth the money.
Counter-Spy finds hidden executable files that
anti-virus software
(Norton or McAfee) will miss.
I really doubt if congress or the states will ever be able to enact laws
that will truly stop this growing criminal problem. Laws that
provide for severe penalties will help. But this is an
international problem and
walling oneself off from the Internet is not a viable option.
In closing, just because you receive an email that shows me as the
sender,
do not assume it's legitimate unless it's a direct response to a
message
you have sent to me or it was posted on a closed reflector that you
know
I have access to. I even get bogus emails addressed to me that
appear to
have been originated by me!
73 - Dick Isely, W9GIG