Class of 1966 Home
Viruses, Firewalls, Spam etc.

Table of Contents:
  Introduction
  Viruses
  Firewalls
  Passwords
  Windows Updates
  Summary
  Spam (3 May 2003)

Several classmates (no names!) have experienced viruses and other related problems. I did what I could to help, and we were able to get their computers back to "normal." After a recent round of this, it was suggested that I write up something for others. In his case there was absolutely no security on his PC at all when the virus hit. "An ounce of prevention is worth a pound of cure," they say (though I never figured out who "they" are). So, if you are interested, read further, but we aware that it is somewhat length; I finished off a pack of cigarettes while writing it.

What you are going to find by reading this are the rudimentary things you should do. Bear in mind a few things:
    1. I am not a security expert. What I know are things that I have picked up from reading and experiencing the same problems that others have reported.
    2. No matter what you do, someone somewhere is going to find a way to break your security. Some people just have nothing better to do except make life miserable for the rest of us.
    3. If you access the Internet from a network, your network administrator should be the one to help you with security, not me. I have worked with sys admins who were very, very good (to whom I listened and from whom I learned), and others that know considerably less than I do (which is deplorable). But companies are, rightly, very picky about their network, system, and security administration so do whatever they tell you to do.

A reference check: I use the Windows 2000 Professional operating system. Most people use one form or other of Windows. Anyway, some of this may not apply or be slightly different if you are using an earlier version of Windows or XP. And if you use a Mac (lord, am I jealous), only the basics may apply.

A brief word about Mac’s: While I love the Mac interface, stability, and environment, many Mac (and Unix/Linux) users are a tad arrogant when it comes to viruses and such. "We never have the kinds of problems that you Windows users do!" To a large extent that is true, but not because the Mac OS is inherently more secure; like I said, any security system can be broken. It is just that the hackers (that used to be a nice label, not anymore) picked the biggest (and, admittedly, easiest) target - Windows and its components, such as Outlook and Outlook Express. So, if you use a Mac, Unix, Linux, or other operating system, you still need to be prepared - you will just need to get information from somewhere else.

Top

Viruses, etc.

The most common problem that people experience (or, at least, know about) is a virus. Actually, these are sometimes "Trojan horses" rather than viruses, but we will not dwell on the difference here.

Before the ubiquitous networks evolved and before the Internet became so popular, about the only way that a virus could spread was through an exchange of floppy disks from one PC (an infected one) to another one. Now virus writers do not even bother writing for that kind of transmittal method. The most common method, it seems, these days is through email attachments, though there are other means. On average I get about six [6] viruses and/or Trojan horses a week (at absolutely no cost to me!) through my email.

The first step, if you have not already taken it, is to acquire a good anti-virus program. Be sure to get one that will scan emails and email attachments - both incoming and outgoing. Every email that I send out is scanned for viruses even though, theoretically, my PC is virus-free because the hard drive and incoming emails have been scanned. But it is an additional security feature; I do not want to take a chance of being accused of spreading a virus, worm, or Trojan horse to you.

"Which anti-virus program should I get?" you ask. I can only go on my own experience so, if you do not have one already, I suggest Norton Anti-Virus 2002 (or there may be a newer version out by now). If you have it or another program, check its settings to be sure that it is set to scan emails and email attachments. If your program is not capable of this function, replace it with one that can! You can obtain these in most computer stores, such as CompUSA.

[Note: The 22 April 2003 issue of PC Magazine Contains an excellent (and current) review of anti-virus software tools. (It, also, has a great article on SpyWare. What's that?! Read the article.]

A-V programs detect viruses through "Virus Definitions" tables. New viruses come out every day. Sad, but true. It is imperative that you keep these tables updated. Norton (part of the Symantec group) provides a neat little interface ("Live Update") to make this easy; most other A-V programs that I have seen have similar interfaces. Remember: The A-V program itself does not check for viruses; it uses the Virus Definition tables to do that. Norton, I think, releases refreshed definition tables twice each week; Tuesday and Friday, I think. I run "Live Update" twice each week to update the tables on my PC.

Most A-V programs come off-the-shelf with one year’s worth of free updates. After that you have to pay a minimal charge (somewhere around $10-15 a year). Don’t worry; the program will tell you when you are coming to the end of your term.

A couple of real-life anecdotes to drive home the point. I was called into a company because one of the PC’s on their network had contracted a virus and was spreading it to the rest of the PC’s on the network. Unfortunately, the A-V program that they were using on that PC was an old and unsupported version; they had not bothered to upgrade to the latest version ("$40? I’ve got a business to run here!" My bill was $200.). The only solution to their problem, it turned out, was to reformat the hard drive and, then, re-install everything.

Another client (a relative, no less) decided that, "Gee, I haven’t had any problems. Why waste money subscribing to the update service?" Well, guess what? Sometime after that a new virus came out and infected her computer. She was lucky; we paid for the upgrade service and blew the virus away.

In summary, get a good A-V program and keep it updated regularly.

Top

Firewalls

When you are connected to the Internet, you are sharing your computer with the rest of the world (whether you know it or want to do so!). Though I never bothered learning how to scan the ‘Net for vulnerable PC’s, I have been told that it is relatively easy. A firewall is like (and named for) the real firewalls that are built into apartment complexes (and some houses) to keep fires from spreading.

Firewalls, basically, consist of two types: hardware and software. Company networks usually use the hardware variety. You can get and use one of these at home, too. But for personal use the software variety is most prevalent. You can even get a free one (Zone Alarm) from Zone Labs. You can, also, get the Pro version from the same place or at your local computer store; it costs around $50, I think. Personally, I use the free version. There are others available. You can probably find reviews and recommendations at PC Magazine or ZD Net.

So, what does a firewall do? In theory it prevents outsiders from accessing your PC. "Why should I care? I have nothing there that means anything to anyone else." You would be surprised. For one thing once an outsider (hacker) has access to your PC s/he can load just about anything they want on to it, including a virus or Trojan horse.

Let’s get a little technical for just a minute. A Trojan horse is, in general, a program that is on your computer that is used to access another computer. It does not usually "damage" your computer the way that a virus does, but it can be used to damage other people’s computers from yours. These things usually go into hibernation until a pre-defined date and then they all "wake up" at the same time reeking havoc on your PC, your network, or the ‘Net. Trojan horses are the means by which "denial of service" attacks are launched. Last year a Trojan horse was used to shut down all but two or three of the primary nodes of the Internet (I think I read at the time that there are seven or nine primary nodes).

I use a dial-up connection, as most people still do, to get to the Internet. A firewall is a good thing to have no matter what kind of connection you have - but it is especially recommended if you have a DSL or cable connections. They are high speed and (for good or bad) always connected to the Internet (well, as long as your computer is on). Hackers love it when they find one of those connections; they get their "work" done quickly and quietly because, even if you do not have a browser or email program running, you are still connected!

A firewall, thus, must also provide a check against things going out from your computer so it works both ways - it blocks unauthorized incoming and outgoing traffic. Here’s what you will notice if you install Zone Alarm. When you first run your browser, such as Internet Explorer or Opera, it will ask you if you want to allow this. Obviously, in that case you do so you check the "Yes" box and tell it to remember this the next time. Same with Outlook and other email programs. Occasionally I will access a web site through a link in an Excel spreadsheet or Word document. Zone Alarm asks me if I want to allow this. I press the "Yes" button - but I do not tell it to always allow it; just for this session.

The scary part, at first, is, when there is an attempt to access or scan your PC, Zone Alarm will display an Alert panel. I have been connected to the ‘Net sometimes for days without getting any "hits." And other times just long enough to check mail and gotten a dozen or more hits (often from the same IP address). I just drag the alert panel down to the bottom of my screen so that it is out of my way; once I shut down my Internet connection, I press the "OK" button on the alert panel to clear it from the desktop.

Top

Passwords

Windows 2000 comes with a Users and Passwords feature in the Control Panel (earlier versions of Windows may or may not have this feature; I cannot remember). There are, initially, two user accounts: Administrator and Guest. Personally, I prefer my own account so, naturally, I set up one named "Jerry." Each account has its own password. I do not let the system use the default passwords for the Guest and Administrator accounts - everyone out there knows what they are. And you cannot delete the Admin or Guest accounts. Make passwords simple in that it is something you will be able to easily remember. I suggest writing these down on a piece of paper (I use a Word document on a diskette) and store it away in a safe place. And passwords should be a combination of letters and numbers; typically I will use people’s names plus their street address or birthday. And, when I write those down, even though it’s on a diskette, I do not spell out the person’s name or street address. Rather, I’ll write something like "Mother’s maiden name + year sister was born."

If it seems like I’m paranoid, just remember this: Even paranoids have enemies. And since I have told stories on others, I’ll tell one on myself. When I was doing research for this piece, I brought up the Users and Password option. There were two user accounts out there that I did not set-up! Where they came from is a mystery to me; could have been from a piece of software that I installed. If so, too bad for me because I waxed those puppies!

Windows 2000 (and, perhaps, earlier versions of Windows - can’t remember) allow you to set "Sharing" for your hard drive - or not. To find it, run Windows Explorer or My Computer. Find the root directory (C:) and press the right mouse button (unless you’re left-handed and, thus, probably re-configured the buttons; in that case press the left mouse button). From the drop down list select the Properties tab. There should be a tab labeled "Web Sharing" or something like that. On my PC the ‘Do not share this folder’ is checked. Do not try this at work! Check with your system administrator! On the office networks that I have used we had to share our PC’s among the group.

Top

Windows Updates

Without going into a rant about Windows security (or lack thereof), one of the things you should do on a regular basis is run the "Windows Update" function. In Windows 2000 this is found by pressing the "Start" button. It is usually an item at the top (or close to the top) of the initial list.

Microsoft will periodically come out with updates to some of their software programs, such as Windows, Internet Explorer, etc. The major updates are called "Service Packs;" I am currently on Service Pack 3 for Windows 2000 and Service Pack 1 for Internet Explorer 6.0. Service Packs are labeled as "critical" updates. Microsoft will, also, label temporary fixes to security breaches as "critical;" these are, fyi, eventually rolled into Service Packs. In general, you probably should always install "critical" updates, but I cannot tell what Microsoft will come out with tomorrow and whether or not it fits your particular needs. I can say that I have installed every "critical" update, which they have issued for Windows 2000 and IE 6.0. For the other classifications ("Updates" and "Drivers") I have been more selective.

How long does this take? Well, for a full-blown Service Pack it can take the better part of a day. You install one piece and then Windows says, "You have to reboot now." Then install the next piece(s) and reboot. Frankly, all of that rebooting can become a pain in the rear! But I do it, anyway. On the plus side, Service Packs do not come out that often so it is not like you will be spending every weekend doing this. In fact, if you stay up-to-date, the updates are few and far between so it is usually just a matter of checking, which takes a few minutes.

To access the updates for Internet Explorer select the "Help" button in the browser's menu bar and, then, the "Online Support" (or similarly labeled) tab. I think (but I’m not positive) that IE updates will show up in the "Windows Update" list. Other browser's have similar support and update options.

A couple of points worth noting:
    1. If you are running a version of Windows that pre-dates Windows 2000 (such as Windows 95 or 98), Microsoft is no longer issuing Service Packs and fixes for these. However, if you never applied them in the first place, they should still be out there. I did that recently for my brother-in-law and had no problem.
    2. If you are running Internet Explorer and it is a version prior to 6.0, upgrade to 6.0 (and the Service Packs). It’s free so why not? If you are running Opera, Netscape, or Mozilla as your browser, get the latest version unless there is a good reason to not do so.

Top

Final Summary

    1. If you have access to a reliable security expert, such as the network admin at work or a friend who does it for a living (not someone like me), go over your situation with them. Even print this page and use it for review and note taking. These are, as I said, rudimentary precautions and perceptions gained from my experiences.
    2. At an absolute minimum get a good anti-virus program.
        a. Activate the email and attachments checking features (both incoming and outgoing).
        b. Run the Virus Definitions table update regularly (at least once a week).
        c. Subscribe to the update service after your "free" update period expires.
    3. Get a firewall. Zone Labs has a good (free) one (see above). And check for updates to it regularly, too.
    4. Run the Windows Update feature regularly and install "critical" (security) updates.
    5. Get the latest version for your browser and run your browser’s update feature regularly.

Will this make your PC impenetrable by hackers? Not by a long shot! But it’s a start.

I tried to make this basic enough so even Danny and Lindsey could fathom, at least, the concepts. If I failed, guys, let me know what I can do to make this better. (If I succeeded, let me know that, too.)

Top

Spam

This turned out to be longer than I originally expected. If you want to skip all of the grueling details and cut to the chase, just go to the conclusion.

We have all experienced spam - those annoying ads in our inbox urging us to buy generic viagara, insurance, etc. There isn't much you can do about it once it starts hitting your mailbox because someone out there already has your email address and is, probably selling it. Philosophically, one can shrug it off as being no more than electronic junk mail, which it is.

Some people have even gone to extreme of switching to another ISP or, at least, changing their email address at their current ISP. This will work for awhile. But spammers get their information from a lot of sources. One of those places is web pages. There are skimming tools that spammers use to scrape email addresses off of web pages. In case you didn't know, web pages are nothing more than HTML code, which is nothing but formatted text. So the scraping is relatively easy. Most of the time.

As I have explained to several people before, at the class site we use a simple technique to, at least, make it harder for the skimmers to work. It's just a simple little JavaScript. All the skimmers have to do is figure this out and set-up a routine to concatenate the "hidden" address into a "valid" email address. It's just that there are so many ways to write this script that it is usually not worth the effort. Just as an example, on our site I have both of my email addresses listed on my personal page: my standard email address and one that we set-up with the class site's domain. In the nearly one [1] year that the class site has been up, I have received no junk mail (spam) at the class address (though two viruses, which my anti-virus software caught, did find their way there). Both are "encrypted" using the JavaScript mentioned earlier.

Another technique for getting addresses is called a "dictionary attack." This is usually associated with an effort to crack passwords by brute force; i.e., people use simple passwords (and short ones, too) so the attack tries every conceivable combination of letters, numbers and, in some cases, special symbols. It can, also, be a means of sending mass mailings to a domain. Lately the biggest target, from what I read, has been MSN and Hotmail. While dictionary attacks can be identified by servers, the problem with large ISP's, like MSN, is their sheer volume of traffic. That is, it's usually the surge in electronic traffic that identifies the attack to the server, but in the case of large ISP's this is obviously a two-edged sword. In the case of small ISP's ("Mom and Pop" operations - few though they are anymore, it seems), they simply do not have the time (and expertise) to monitor and blunt these attacks.

Another technique is to set-up a tool (worm or trojan horse) on individual PC's that either read or just copy the address book and send it to the spammer. Good A-V software and firewalls (see above) will usually stop this sort of thing.

As you can see, the odds are that eventually you're going to get on to a junk mail (spam) list, and they are probably going to sell it to someone else. If you think that's a defeatist attitude, just know what my grandfather taught me: "Even paranoids have real enemies."

What can you do about spam in your mailbox? Like I said, you can change ISP's or just email address. But that's sort of like packing up and moving to get away from junk mail, though not nearly as dramatic or exhausting. One thing you can do is protect your address the same way you protect your social security number. Before you sign up for a newsletter or such, read the "Privacy Statement." Most of us don't and those of us who do, well, we sometimes are just too busy sometimes. If the privacy statement doesn't explicitly say that your address will not be given out to anyone else, except as needed by the site itself or as prescribed by law, then don't sign up! If they say something about "trusted partners," be very, very cautious. Just who are those partners? For what purposes?

Here's a technique for "hiding" your email address when you do sign-up at one of those sites or when buying something on-line. If your email address is normally "myname@isp.com", register your email address as either "myname(siteid)@isp.com" or "myname+siteid@isp.com". This technique may, or may not work for you; it depends on your ISP's mail program and some other factors. When it does work, the mail program is "smart enough" to strip out the "(siteid)" or "+siteid" part and get the message to you, anyway. Before you try it, you need to see which, if either, method works for you. Just have a friend send you a couple of emails (one for each method) and see which one, if either, gets through.

Will this stop spam? No, but if you substitute an abbreviation for the site for "siteid," at least you will be able to know to sold your email address. And then you know against whom to take action.

Spam is more than just getting junk in your inbox, as I found out recently. Email addresses can be "spoofed" or forged. I don't mean the "To:" address, rather the "Reply-To:" address. In short, what happened recently was someone (or a group of someone's) start sending out spam with my email address as the "Reply-To:" address. The only way that I found this out is was when the "postmaster" at dozens of sites returned "my" mail as undeliverable. Based upon that experience, my guess is that a lot of the spam that we receive has a forged "Reply-To:" address.

So what can I do about that? Probably not much - other than moving to North Dakota and getting a new email address. I am currently investigating options, including tracking down the @#$% bastards and suing their *&^% butts! (Excuse the momentary lack of decorum, please. Now, I'm feeling a little better.) If I find out anything, I'll pass it along to you in this section.

There are, however, some things that you should not do. Do not reply to any of this spam. First, it may be a forgery, as described above. If not, so goes the theory, you just confirmed to the spammer that they have a valid email address. This goes especially in those cases where the spammer included an "opt-out" by (for example) "Reply to this email with 'Remove' in the subject line." Now that's the biggest piece of tripe there is! No one is sitting back at the spammer reading all of those opt-out emails and, then, updating the list.

The same caution extends to the opt-outs with a web page. Many (most?) of these are just address harvesters. From personal experience I tried both of these methods, and even kept track of the results; i.e., did I get any more spam from these sites? I can't say for a fact that the spam increased (could be natural selection of some sort going on here), but I did continue to get email from nearly all of these sites. Besides, it's really an uphill battle. Even if you opt-out one place (successfully, we'll assume), another one pops up to take its place. And (I'm guessing here) many of those "new" spammer sites are just mirrors of each other.

However, if it was a valid list for which you did sign-up and which you now want to discontinue, ignore those precautions.

One positive thing (maybe) that I do with spam, is forward it to the FTC. No, they actually have an email address set-up just so that you can do that. Really! It's uce@ftc.gov. Now you have to be sure to include the "headers" (more on this later). If you use Outlook Express, then just us the "Forward as Attachment" option. For other email readers I'm not sure. Forwading all of those forgeries (that I mentioned earlier) was the only thing I have been able to do so far. Anyway, don't expect the FTC to reply to you; they're understaffed and underpaid as it is. And probably get tons of this stuff. But at least it's a proactive step. I have read that the FTC has shut down at least a couple of spammer domains but mostly for making outlandish claims, not for spamming. (Freedom of speech, don't you know.)

Another thing you can do, the next time you change your email address, is create an address that will be a little harder to break using "dictionary attacks" (see above). For example, "adamsj" is pretty lame. "adamsj3005" is a little harder both because it contains letters and numbers, and because it is longer. "adamsj-3005" would be even better. In short, randomly creating a user name that is all alphabetic, such as "qsfthbfaxzp" isn't going to defeat most dictionary attacks (besides being a bear to remember!). Use combinations of letters and numbers and, if permissible, special characters, such as '-' and '_'. The address should, of course, be something that you can easily remember, but, also, something that correspondents can use to identify you.

Just a hint: If you use email for something other than communicating with the grand kids in the next state, such as business, using "killer731" as your user name is not recommended.

In conclusion, what's the best thing you can do when you get spam? The easiest solution turns out to be the best one: Delete it and get on with your life. Never, never buy anything listed in a spam message; don't even go to any web site links listed. If only one [1] in a thousand [1,000] spamees (what have I just done to the English language?!) responds, the spammer wins. If you try to fight them by sending flame-mail, you're probably directing it at the wrong person or, worse, they (the spammer) will retaliate. So just do nothing!

For more information of email "headers" read this tutorial.

Other web sites you might want to visit regarding spam (and its cousin "chain mail") are:
  Break The Chain
  Email Abuse
  Spam Primer
  Junk Busters
  Sam Spade
  Spam Laws
  Spam Con
  Spam Haus
  Stop Spam
  A What To Do tutorial

Go to Top
Clicking on the GHS line art at the left will always bring you back to the Home page.

Clicking on the'GHS Shield' takes you to the official GHS website

Glencliff High School Home



This site best viewed with Internet Explorer at 800x600
Material Copyright © 2002 GHS1966 Staff