Computer Security and Privacy

Computer Security and Privacy

by Carl Ingalls of Embossing Technologies, April 2004 (updated September 2007)
Carl@EmbossingTechnologies.com www.EmbossingTechnologies.com

Viruses, Spyware, and Spam can cause serious headaches for those of us who allow computers to play a major part in our lives. Just about anything you do on the Internet can expose you to an increased risk of encountering malevolent software, also known as "malware". Even if you never use a computer, most of the people and companies you do business with probably do.

No one can ever be completely safe from computer viruses and other computer threats. The best we can hope for is to reduce the risk to a more acceptable level. The good news is that there is a lot you can do.

To cause damage, almost all malevolent software must do the following two things:
1. First, it must trick you into taking some action, which will have the effect of opening the door.
2. Then, it must trick your computer into allowing it inside, and sending copies of itself to other computers.

Remember: the first line of defense against computer viruses and other malevolent software is YOU. Learn not to get tricked. Anti-virus and other security software are the second line of defense. They try to keep your computer from being tricked. Unfortunately, these software are simply not reliable enough to be your only defense. Viruses are now propagating faster than ever before. It is only a matter of time before some virus "knocks on your door" before your anti-virus software has a chance to get itself updated.

You must learn to recognize the tricks, and to avoid "opening the door". This is the main focus of this document.

If you want something simple that you can do right now, before you read the rest of this document, then my best advice is to never ever open any attachment to any email, no matter who sent it to you. The only exception is if you know, absolutely for certain, that the attached file is safe. Unfortunately, this is not as easy as it seems, because many viruses will try to fool you into thinking that the attached file is harmless.

Here are some examples of how an email virus will try to trick you. Both of these are intended to fool you into thinking that you are receiving an official message coming from the company that provides your email service. Also (and this is very important), both email viruses arrived in my email inbox without being detected by my antivirus software.

In the first example below, the "ISP.com" would be replaced by the name of the company
that provides your email service: "AOL.com" or "Comcast.net" in place of "ISP.com".
This email arrived with a file attachment named "MoreInfo.zip", and the body of the email
message instructs the reader to use a password to open the attachment.

Dear user of ISP.com gateway e-mail server,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Further details can be obtained from attached file.

In order to read the attach you have to use the following password: 26238.

The Management,
The ISP.com team www.ISP.com

In this second example, the file attachment was named "readme.zip".
This ZIP file was not password protected, and my antivirus software still did not
catch it. The body of the email includes a message saying that the attachment
has already been scanned for viruses by something called "www.bitdefender.com",
and was found to be free of viruses. Do not be fooled by claims like this.

Your mail account is expired.
See the details to reactivate it.

+++ Attachment: No Virus found
+++ Bitdefender AntiVirus - www.bitdefender.com

NEVER open any attached file that requires a password to open it, because the password causes the contents to be hidden from your anti-virus program. Email viruses with a password-protected ZIP file have proliferated recently. This type of virus is particularly dangerous, because most anti-virus programs are not able to look inside of a password protected ZIP file deeply enough to detect a virus.

What Are Viruses, Spyware, and Spam?

Viruses, worms, and Trojan horses are types of malicious software that run on your computer without your permission (and often without your knowledge) and usually cause damage to data or programs that are valuable to you. In most cases, a virus will arrive as an attachment to an email message that appears to come from someone you know. When activated, the virus will cause your computer to send infected email messages to people in your address book. Repairing the damage is often very difficult, especially if you have not backed up your data recently. You will also have to apologize to all of the people who got the virus from you. The best protection is to avoid activating any virus you might receive, and also to reduce the liklihood of receiving a virus in the first place. These are both described in detail below.

A Virus Hoax is a false warning about a virus threat that is not real. It is not a program, but a piece of misinformation. Whereas a virus may trick your computer into destroying valuable information and emailing copies of itself, a virus hoax only attempts to trick you into destroying valuable information and emailing copies of itself. In this way, a virus hoax is worse than a virus, because it makes you personally the main part of the problem. The hoax usually includes instructions on how to locate some file or program on your computer and then how to delete it. In some cases, the file or program is necessary for your computer to operate, and may be difficult to recover. You will probably not discover the damage until after you have forwarded the email to all of your friends. Always check first, from a reliable source, before taking any action based upon a warning about a virus. Go to a search engine and enter the name of the virus and the name of the file to be deleted, and then read what others have written. Go to Norton or McAfee and see what they have to say about "virus hoax".

Spyware is software that is designed to gather information about you without your permission and without your knowledge. The information is usually gathered for commercial or marketing purposes. Spyware rarely causes damage to your data or programs. However, spyware is sometimes used to collect your passwords and then send them on to someone who could cause you considerable damage by impersonating you. Spyware can get into your computer by several methods.

You or someone else who uses your computer might install spyware accidentally. Some programs which have desirable advertised features also secretly engage in spying.
Spyware could be installed intentionally by someone who has physical access to your computer. This spyware will monitor everything you do, including recording all websites you visit and all account numbers and passwords you use.
Spyware could be installed by a virus.
Spyware could be installed when you visit a web site, and then follow instructions to download and run a program.

Spam is unwanted junk email from someone you do not know who is using your email address without your permission. It is usually a commercial solicitation of some sort, directing you to go to a web site or call a phone number. Some of us receive many times more junk email than friendly email every single day. The best solutions are to protect the privacy of your email address and to use a spam filter. These are both described in detail below.

What You Can Do About Viruses

Never "Open the Door".
The safest policy is to never open any attachment to any email from anybody, period. I also recommend that you never send an email with a file attached to it, because a very cautious person would never open it. Most of the time, there is some other method available. When you need to send information from a file to another person, try copying the contents of the file into the body of your email message. If this is not practical, and you have webspace available somewhere, then upload that file into the webspace, and email the hyperlink for the file instead of the file itself. This is much, much safer than an email attachment, and downloads faster as well.

Knowing who the email came from is not enough to protect you. For one thing, if your friend's computer gets infected with a virus, the virus will probably try to send itself to you, with your friend's name as sender. It may even reply to an email message that you had sent to that friend, copying your words from the subject line, prefixed by "RE:" just as if your friend had replied. Another reason you cannot trust an email even when you know the sender, is that most viruses today camouflage their source, either with a completely fake sender's email address or with a real address copied from somebody's address book. Many viruses will appear to come from someone you know.

If you must open an attached file, make sure it is safe first. To do this, you must learn how to tell what the file type is. On your PC, the file type is the sequence of characters that appears at the end of the name of the file, after the last period. Be careful - this is one area where a virus will try to fool you. For example, I once saw an email virus with an attached file named "PHOTOS.JPG.scr", and the text of the email message indicated that the attached file contained enticing photos. While I knew that the file type JPG is generally safe, I could see that the real file type for this particular file was SCR, which is one of the many file types that are quite capable of containing a virus. The very fact that an attempt was made to disguise the true file type was a dead giveaway that this was a virus. Also, icons may also be used to disguise the file type of an attached file. Viruses often adopt the icon that normally represents a harmless file type.

Many times, the attachment to an email is another email message (which may also have attachments). In some browsers, the actual file type of these attached email messages is not explicitly shown, but an icon that looks like an envelop may indicate that it is an email message. Please remember that icons can be faked - be careful.

Here is a short list of file types that are known to be capable of containing a virus. Please note that this is NOT a complete list - just because a file type does not appear in this list does NOT make it safe. These file types have been used by viruses in the very recent past.
BAT BHX CMD COM CPL DLL EXE HQX HTA JS MIM MSI PIF RAR SCM SCR UU UUE VB VBE VBS WS WSC WSF XXE ZIP
NEVER NEVER open an attached file that is password protected or encrypted in any way, especially not a ZIP file !! The contents of these files are hidden from anti-virus software.

Here is a short list of file types that are probably safe at this time. This may change in the future.
BMP EPS GIF JPG PDF PRN TIF TXT

Microsoft Office documents, like Word, Excel, Access, and PowerPoint, are not exactly safe from viruses either. These documents are capable of containing a special type of virus called a macro virus, which in some ways is more dangerous than the other kind. Several years ago, I received an Excel spreadsheet that I was expecting from a client. When I opened the spreadsheet, my computer notified me that the spreadsheet contained macros, and it gave me the option of enabling or disabling the macros. Since I was expecting data, with no macros, I chose to disable the macros, and I then notified my client that his computer was infected with a macro virus that was inserting itself into his spreadsheets. I strongly recommend that you set all of your Microsoft Office applications to notify you whenever a document contains a macro, or better yet, to always disable macros.

In Microsoft Word, you can set your macro security level by clicking on Tools on the main menu, then Macros, then Security ... Other Microsoft Office applications use similar methods. I recommend setting your security level to "High". If you really like toying with macros, then you might consider "Medium" security. However, no one should ever leave their macro security level at "Low".

For AOL users: AOL automatically creates a ZIP file whenever the user sends an email with more than one attachment. Unfortunately, this means that the recipient of the email is not able to see the file type of any of the attachments, and cannot tell if they are safe to open. If your computer is set up to automatically open any of the individual files as they are "unzipped", then this is extremely dangerous.

Use Anti-Virus Software - and KEEP IT UPDATED.
Using an anti-virus program is a must. If you accidentally "open the door" for a virus (by opening the email attachment), it will help keep your computer from being tricked by the virus into damaging your data and sending it to your friends. However, you must keep your anti-virus files (virus signature files, or DAT files) constantly updated. Most modern anti-virus programs can be set up to do this automatically whenever you are connected to the Internet. The bad news is that viruses are now spreading through the Internet extremely rapidly. The virus that comes "knocking at your door" may be only a few hours old. It may take a day or two for even the best anti-virus software companies to have an update that is capable of recognizing a brand new virus. Therefore, remember that your computer is counting on You as its first line of defense, and the anti-virus software as its second line of defense.

Some companies that sell very good anti-virus programs are TrendMicro, McAfee, and Norton / Symantec.

Check for Critical Updates and Security Patches from Microsoft
Although the majority of viruses (and worms and Trojans) require action from you in order to infect your computer, some have the capability of exploiting vulnerabilities in your operating system or your Internet browser, sort of like "holes in the armor" and they can sneak in without waiting for you to open the door. Your computer can be exposed to these creeps simply by browsing a bad website, or even just by being connected to the Internet. The Sasser Worm is a recent (May 2004) example of one of these. The best defense against this type of attack is to go to www.Microsoft.com, and look for "Security and Updates". You should do this a minimum of once a week, and probably more like once a day. You can set up your computer to do this automatically.

Install a Firewall
A firewall will provide an additional level of protection, and is highly recommended.

Back Up Your Data.
This is your last line of defense. If a virus succeeds in tricking you into activating it by opening the email attachment, and it then succeeds in tricking your computer into erasing your files, you are going to really wish you had remembered to do a backup of your data. The program files can all be re-installed, even if you have to purchase new copies. However, there is no way to restore your own data files, unless you have a backup copy.

I use a DVD "burner" to copy all of my data files onto a DVD-ROM. With a capacity of 4.7 GB per DVD, this is more than enough for most PC users. I wrote my own program to control exactly what files get copied, but there are plenty of choices of good backup software. For most people, the problem is in remembering to use it.

What You Can Do About Spyware

Software Solutions: Anti-Spyware and Firewalls.
I strongly recommend that every PC capable of connecting with the Internet have a firewall installed. This is a program that controls how your computer communicates over the Internet. It makes it much harder for a hacker to snoop inside your computer for personal information. I also recommend the use of anti-spyware, although the best anti-virus software now also detects and removes most spyware that might be hiding in your computer. For both types of software, I recommend TrendMicro, McAfee, and Norton / Symantec.

Additional Security Precautions.
You can set up your operating system to require a password to log on to your computer. This will help prevent someone from directly installing spyware into your computer. When you are browsing the Internet, and a window pops up on your screen asking if you want to download and install a program into your computer, you should generally say no. The only exception is if you know that you want that program, and that you know you can trust the source. However, spyware is often hidden inside a free program that seems very desirable.

What You Can Do About Spam

Protect your email address.
Respect the privacy of everyone's email address, and insist that everyone respects the privacy of yours. This is very important.

Never reveal anyone's email address to someone else unless you have permission to do so, or unless you know the recipient already has that email address.
Whenever you give your email address (or anyone else's) to someone, insist that they never reveal it to anyone else without permission.
Never send an email to a list of people unless all of the people know each other's email address already, and you are certain that no one minds having her or his email address revealed. If you use TO or CC, then everyone who receives your email will see everyone else's email address.
Exception: If you must send an email to a list, always use the Blind Copy (BCC) instead of the TO or CC address fields.
If you receive a chain letter or other email that is likely to be sent to many people on the Internet, then DO NOT forward that letter to anyone. I have received such letters with several hundred email addresses collected within it. This is a very good source of email addresses for spammers. Do not let your email address appear on any such list. If you do receive such a letter, ask the sender to never include you on anything like that again. If you actually enjoy getting these things, then ask the sender to put your email address on the BCC line.

I also recommend that you instruct everyone else to respect the privacy of your email address in the same way. This will eventually reduce the amount of spam that you receive.

Get a Private email address.
Most people get their email address through their Internet Service Provider (ISP), which is the company that they use to connect to the Internet. If your email address ends with @aol.com, then AOL is your ISP. If it ends with @comcast.net, then Comcast is your ISP. The problem is that a lot of spammers get your email address directly from your ISP, most likely from hacking into their database. I have about 5 or 6 different email addresses, and at least 99% of my spam comes through the address that is from my dial-up ISP. At this point, I only use that address to collect spam (which I feed to my Spam Killer for entertainment).

You can get a second email address that is not associated with any ISP. Give your public ISP address to people or websites that you do not care about, and give your private email address to people you want to keep in touch with. You can get a free email address from Yahoo, Hotmail, or GMail.

You can also register your own domain name and get email with it. If your name is John Smith, your email address could be "me@johnsmith.cc". I have used a variety of services for domain name registration and for email hosting.

Anti-Spam Software.
These programs use filters that look for words or phrases that are common to spam email, like "Free Quote", "100% guarantee", "celebrities get naked", etc. Most obscenities are included, which might cause problems if some of your friends use that sort of language in email to you. Spammers are getting very creative in trying to get around anti-spam software.

Many of the ISP's are now doing a much better job of filtering spam before they pass it on to you. Also, most of the newer versions of email browsers (like Microsoft Outlook and Outlook Express) contain fairly good anti-spam filters.

Additional sources of information:

"Protect Your PC" at http://www.microsoft.com/security/protect
"Computer Security" at www.computing-in-retirement.com/computer-security.html
"Worms, Viruses, Spam & Hack Attacks. Oh My." by Larry Magid at www.pcanswer.com/articles/synd_wormsohmy.htm
"Check Your Viral Load for Bugs" by Michelle Delio at www.wired.com/news/technology/0,1282,58423,00.html
"Password protected ZIP files and Email worms" by Mike Maloney at http://archives.neohapsis.com/archives/ntbugtraq/2004-q1/0088.html
"Updates Protect Against New Bagle Worms' Encrypted Tactics" by TechWeb News at www.techweb.com/wire/story/TWB20040305S0009

Please feel free to pass on the link to this site to anyone you know who might be interested.

Website sponsored by Embossing Technologies.
Last updated 9/5/2007 5:33PM