by John Henshell
Like money, food, and electric guitars, the Internet provides pleasure and usefulness, but indiscriminate usage results in unwanted and unpleasant effects. You must take precautions before using e-mail programs and Web browsers.
You need an anti-virus program, a firewall, a pop-up blocker, and programs that block and remove spyware and adware. You can spend little or no money and have all these utilities. You will have to devote some time to maintenance.
Anti-virus programs are misleading. A virus is any uninvited program or executable on your computer that does something without your intended consent. However, Symantec (Norton AntiVirus) and Network Associates (MacAfee VirusScan), the leading manufacturers of anti-virus programs want to sell you multiple products, so they limit their programs to block and remove only certain types of viruses, such as worms and Trojan horses. Other insidious invaders are called “malware” (it may sound like a Wal-Mart brand name, but it isn’t), and require additional software to defend against.
Viruses and malware slow your computer. They can also:
hijack your e-mail address book and spread in messages that are sent to all your contacts.
show you pop-up and pop-behind advertising.
record your keystrokes and send the information to the perpetrator. If you type your social security number, credit card number, bank password, or other confidential information, your identity could be stolen.
use your analog modem to make international toll calls with the profits going to the perpetrator.
alter or destroy your operating system.
track your Internet usage and report that information to sleazy marketers and researchers.
corrupt your files.
route your browser to Web sites that sell pornography, video rentals, music downloads, or cheap airfare.
Malware spreads through many sources. Some people involuntarily install it on their own computers. These are the primary sources:
shared files (from floppy disks, CD-Rs, DVD-Rs, e-mail attachments, or peer-to-peer downloads)
Web browser pop-up and pop-behind windows
e-mail messages containing links or executables
cookies from Web sites
shareware, freeware, and some commercial software
“bonus content” on CDs and DVDs
You can prevent most of these forms of malware from invading your computer. Use an up-to-date anti-virus program to scan shared files.
If you do not have Windows XP with Service Pack 2, use a pop-up stopper program. The free one I used to use is no longer free, but I might still have an installer.
Do not open e-mail messages with strange subjects from strangers. Do not let an e-mail message direct you to a Web site unless the sender originated the message and you know the sender. If the message was created by a stranger and forwarded by someone you know, delete it without clicking on any licks or attachments. If you aren’t sure if a message is real or spam, and you use Microsoft Outlook, you can trace the message without opening it. Right-click on the message in your in-box and drag down to “Options.” In the big box at the bottom, you’ll see something that looks like this:
Received: from 220.127.116.11 (unknown[18.104.22.168](misconfigured sender))
by rwcrmxc12.comcast.net (rwcrmxc12) with SMTP
id <20041112035655r1200qfopke>; Fri, 12 Nov 2004 03:58:10 +0000
Received: (from www@localhost)
by www62.@contention.biz (8.39.1/8.13.1) id i87EaEZj043988;
Fri, 12 Nov 2004 00:50:03 -0300
Original-Recipient: rfc822; firstname.lastname@example.org
Date: Fri, 12 Nov 2004 01:56:03 -0200
From: "Alexis H. Hurt " <email@example.com>
To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
Subject: Important reminder
Content-Type: text/html; charset="us-ascii"
X-Message-flag: Authentic Sender, Hash: YmGmCcHg
Often you can see that the message has been routed through another country. In this case, I can tell that it went to 10 people with attbi.com addresses (mine is defunct), and therefore, is spam. The “important reminder” subject has nothing to do with me. I would guess that “mtgplanet” sells mortgages. The sender first sent this message to himself, which is often a cover-up of a lengthy recipient list. I deleted this unopened message without fear that it might have been specifically intended for me.
You can set Internet Explorer to reject cookies, but many cookies are beneficial, and you can’t access many Web sites if you decline cookies. Cookies are mini-applications.
If you choose to download and use shareware or freeware, research it first. If PC Magazine recommends it, for example, it is much less likely to contain malware than something advertised on a Web site. When you install any software, scroll through the license agreement to see if you are agreeing to install extra software. Some commercial vendors, especially game manufacturers, kindly donate adware and spyware along with what you bought. I have read that some of the programs that claim to prevent or remove malware actually contain it. A pending lawsuit alleges that three manufacturers bombard victims with pop-up ads and then try to sell them "Spy Wiper" or "Spy Deleter."
Almost all peer-to-peer file sharing network programs contain malware. The popular Kazaa program is notorious. The notable exception is WinMX. Its developers claim the program is clean, and most users believe that is the case. WinMX is free.
Spam is junk e-mail. Most commercial spam is time-wasting, but otherwise harmless. Some of it is easily recognizable. You don’t need to open messages from unknown senders with subjects that include “I lost 100 pounds,” “Viagra,” or “refinance.” You don’t need to open messages from CuteDarla123456.
Much of the junk e-mail I get isn’t commercial spam. Some of it comes from well-meaning friends and family members. People pass along fake virus alerts, chain letters, and warnings about some horrible (and always mythical) proposed legislation. Some folks love to pass along jokes, homilies, Readers’ Digest filler, trivia, political propaganda, and heart-warming human-interest stories. You may welcome some or all of these messages, but if you don’t want them, you may not want to offend the sender by asking to be taken off the list. Unless the subject clearly indicates the message isn’t personal, we are likely to open messages from people we know. However, this type of spam is often dangerous. Some originators of these messages simply want to share something amusing or enjoyable, or proselytize a viewpoint. Many have a more malicious intent. Some are so clever that they encourage you to pass the message along to loved ones. That’s a good way to hurt the ones you love.
My general recommendation is to avoid forwarding these messages or change your name to Spamela. If the content is so good that you are compelled to share it, copy and paste the text into Notepad and then into a new message. Do not copy links or HTML content (e.g. graphics, formatted text, pictures, multimedia).
Most commercial spam blockers are as time-consuming as manually deleting messages. I haven’t tried or read a review of anything that I would recommend. I think the risk of inadvertently screening an important message outweighs the potential benefit.
Spam senders use software that combs the Internet for @ symbols. The software collects e-mail addresses that have been posted on non-secure Web sites. You can reduce the amount of spam you get by only posting your real e-mail address when necessary for business reasons (e.g. secure job boards, purchases, bill-pay confirmations). Use a free Hotmail or Yahoo e-mail address for other purposes. If you need to provide an e-mail address, but don’t need to receive e-mail (some sites and services require this for access), use something like firstname.lastname@example.org.
Norton AntiVirus and MacAfee VirusScan typically cost about $40, but you can get them free or with deep discounts after rebates. One of the programs is often bundled with new computers. Both are usually free if you buy one of the leading tax preparation programs on the same receipt. Both manufacturers offer hefty rebates if you switch from the other manufacturers’ product. Both products are effective, but have several catches:
they turn your computer into a sleeping hare by scanning everything,
they must be continually updated to keep up with new threats, and
the updates are only free for a year.
I do not recommend other security products from these manufacturers. If you can’t afford to buy an anti-virus program, you can use a free Web-based virus scanner. Reliable sources recommend Trend Micro’s PC-cillin Internet Security (http://housecall.trendmicro.com/housecall/start_corp.asp) and Panda Software’s Panda ActiveScan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm). Expect them to be slow.
Firewalls prevent unauthorized third parties from accessing your computer. They block executables from executing without your expressed permission and can be used to prevent your software from automatically accessing the Internet.
So far, I’ve been impressed with the firewall included in Windows XP’s Service Pack 2. I say “so far” because I won’t be surprised if the evildoers can find cracks in the firewall faster than Microsoft can patch them. Service Pack 2 is a free upgrade from Microsoft if you have Windows XP.
If you don’t run XP, use ZoneAlarm. ZoneLabs offers pro and free versions. I used the free version (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp) for years with good results. It consistently gets better reviews than most commercial products.
A hardware firewall should provide better protection than the software firewalls mentioned above. The main advantage is that a hardware firewall will give you two-way protection (outgoing as well as incoming threats). My router, which was free after rebates, includes a firewall. I have had no conflicts using it along with the Windows XP firewall.
So far, the pop-up blocker in Windows XP’s Service Pack 2 does an excellent job. The commercial version of ZoneAlarm also includes a pop-up blocker.
A study conducted by America Online and sponsored by the National Cyber Security Alliance found that 80% of the computers examined contained spyware. Spyware is the common cold of the Internet. SpywareGuide.com currently lists 815 spyware applications. Whoever has the most… loses.
You can buy many programs that claim to prevent or remove these invaders. However, I use two free programs that computer manufacturers, computer magazines, and security consultants consistently recommend. Spybot Search & Destroy does a decent job of blocking and Lavasoft’s Ad-Aware SE does a very good job of finding and removing parasites. You must run these programs after every couple of hours of Internet usage. Check weekly for free updates.
If Ad-Aware regularly finds the same invaders, you can manually block them in the Privacy menu in Internet Tools under the Tools menu in Internet Explorer. I realize this is complicated. If you want help with this, I can provide more detailed instructions.
Another helpful strategy is to use a program that manages BHOs (browser helper objects). BHOs are Web browser (e.g. Internet Explorer) add-ons. For typical home use, the only BHOs you would use are either Microsoft programs or extensions of your anti-virus program. Some business programs include BHOs that increase functionality. Any other BHOs running in your browser are probably malware such as site trackers, ad managers and suppliers, and download managers. You can disable specific BHOs in the current version of Internet Explorer or use one of several good freeware programs to block them.
Many people believe that computers running Macintosh or Linux operating systems are immune or more resistant to malware. That is partially true. Most malware programmers don’t bother to create versions that will run on minority operating systems, but that does not mean those systems are inherently safer. Preventative measures are still necessary.
For a variety of reasons, I am currently advising people not to buy consumer models. The proprietary software is one reason. The major manufacturers (Hewlett Packard/Compaq, Sony, Dell, eMachines/Gateway) generally do not give you Windows CDs with their machines. Instead, they give you recovery disks that force you to reformat the hard drive if you need to reinstall Windows. The major purpose of security is to protect your data and your work environment. If you don’t have a Windows disk when you encounter a major computer crisis, you have a security risk.
I’m sorry if my advice was intimidating or ominous. I am trying to help. A regular, small investment in time and money can prevent a major investment in time and money, and provide a safer environment for you and your e-mail contacts. Think of Internet security practices as analogous to washing your hands, getting the oil changed in your car, or exercising. A kilobyte of prevention is worth a gigabyte of cure. I’ll offer two final precautions: (1) this information will become outdated, and (2) don’t overestimate my expertise.