Good advice, Dick. Thanks for taking the time to write the note because we all need that reminder once in a while. Another common e-mail vulnerability is the preview window that shows the beginning of the message you have displayed in your inbox listing. The problem here is as you scroll up and down your inbox, you are actually opening each of the e-mail messages on the displayed list. There is some malware out there that doesn't require you to open the attachment to get in trouble -- opening the e-mail itself is enough. These are rare and usually not destructive, but why take the chance? So I have the preview option turned off in my e-mail. In Outlook, the option on the View menu (View > AutoPreview in the version I use for work). By the way, I don't Outlook much because every "script kiddie" virus writer on the planet knows how to open up the Inbox and Address Book and read through them so they can use legitimate e-mail addresses and Subjects in the viruses they send out. They don't have to infect your machine to use your e-mail as the sender of their malicious e-mails -- all they have to do is infect a machine that has one of your e-mails in it. But for work, I'm required to use it, but at least it gets used on a private (VPN) network and I don't use that laptop for anything besides work, so I'm not as much at risk that way. I use Eudora for my personal e-mail client because it has a built-in spam filter (necessary because the ISP that hosts my andyoppel.com site does not have one) and because it integrates with the McAfee Virus scanner I have. It automatically scans every inbound message, deleting viruses and malware, and moving suspected spam to a Junk folder. The spam filter learns as you flag missed items as spam, so it gets better all the time. Right now it is catching over 90% of my inbound spam with a very low false positive rate. Moreover, McAfee scans any outbound attachments and puts a certification tag in the e-mail header. That helps in two ways: 1) If I get a virus, it isn't going to be able to send infected attachments to anyone, and 2) The certification is used by many of the anti-virus programs to assist in verifying that an attachment is virus-free. It's a double-check of sorts. The other thing I like is that it updates itself automatically (I call it auto-magically) so I don't have to remember. For Spyware (which a lot of us call Malware because some of it technically doesn't spy on you but does other bad things like changing your browser home page to one that is loaded up with viruses). In addition to Spybot, I run Ad-Aware SE. You can buy the supported edition from the publisher (lavasoft.com) or download the freeware version from download.com: http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=b.... I happen to know that Mr. Vallio also runs Ad-Aware. -- Andy Oppel, N6AJO Pacific Division Vice Director At 09:17 AM 5/7/2005, you wrote:

7 MAY, 2005 - 1115 CDT

Some of you are probably already doing the things I talk about below. But it does not hurt to review what you do and you can use this message as a guideline for other computer users you know. Please excuse the bandwidth consumption.

Email messages using spoofed email addresses that carry virus-loaded attachments are an expanding problem. The spoofed addresses are obtained from individual computers that are already compromised because the user was ignorant, careless, just didn't give a d---, or any combination of these factors. They are also obtained from public access web sites, including the ARRL web site.

Because of my public profile as an ARRL director, I find both of my public email addresses (w9gig@arrl.org and dick@pobox.com) to now be widely spoofed. I receive an average of three to five bounce messages a day telling me "my email" has been rejected because a particular address is no longer valid. Of course the email in question was not originated by me.

In addition to having up-to-date anti-virus and anti-spyware programs installed here, I use the following policies in dealing with email attached files and web sites that install spyware programs.

ANTIVIRUS PROGRAMS

1. Buy a major anti-virus program and keep it up-dated.

2. Make sure it's set to scan everything coming into your computer.

3. Run a periodic anti-virus scan of your entire hard drive. You can program this activity to take place in the middle of the night on a specified day. All you have to do is leave your computer running on that particular night.

ATTACHED FILES

1. The attached file has to come from someone or an organization that I know.

2. The attached file is expected. I know it is coming and generally know the name of the attached file ahead of time.

3. If either of these two parameters are violated, the attached file is trashed even if my screening programs let it arrive without a warning notice.

This includes electronic greeting cards from supposedly reputable web sites like Hallmark. Virtually all greeting card sites use spyware to develop customized email databases for future (SPAM) sales messages.

WEB SITE SPYWARE

Sometimes, you have to use a legitimate web site that will install spyware on your computer. "Switchboard" (Yellow and White Pages) is a good example. If you are in the habit of browsing disreputable personal and commercial web sites, the spyware that shows up will often have a virus included. If these small programs are allowed to accumulate in your computer, it will eventually slow down as well as broadcast a lot of your personal information back to the company or individual that installed the program.

1. It's a pain in the butt, but I run (free) Spybot Search & Destroy as soon as I am finished web browsing. It usually finds one, two, or more spyware programs have been installed. However, you need more than this program to defend your computer.

2. At the end of the day, I run Counter-Spy and it's also set to deep- scan this entire computer's hard drive twice a week. The full version of this program has a small annual fee that's well worth the money. Counter-Spy finds hidden executable files that anti-virus software (Norton or McAfee) will miss.

I really doubt if congress or the states will ever be able to enact laws that will truly stop this growing criminal problem. Laws that provide for severe penalties will help. But this is an international problem and walling oneself off from the Internet is not a viable option.

In closing, just because you receive an email that shows me as the sender, do not assume it's legitimate unless it's a direct response to a message you have sent to me or it was posted on a closed reflector that you know I have access to. I even get bogus emails addressed to me that appear to have been originated by me!

73 - Dick Isely, W9GIG