Virus, Hacking, Spy-ware, Spam and other annoyances,  privacy in a public place

I don't have access to a Mac or any other non-Windows PCs, so this mostly pertains to the Windows PC computers.  I also only use Microsoft Outlook or Outlook Express so send me any information you have about other products that you think should be posted here.  This article is very general and a work in progress,  it is by no means finished and may never be finished.  I am going to add to this article and expand on each issue and link to it as time goes on and allows.

A Virus is code that enters you computer and most of the times will cause damage.  The typical way it enters your computer is from email.  It used to be that it came in from floppy disks or shared programs.  For the most part, you have to open an attached file to activate the virus.  There are however a few that can infect your computer by just opening the email itself.  For this reason, you should make sure you have applied all of the security patches Microsoft has made.  You can do this from the "Windows Update" option on the IE "Tools" menu option or visit http://www.microsoft.com/technet/security/alerts/default.mspx to check on specific virus patches provided by Microsoft.  You will also find a link to Office Update at that page.  If you use any of the Microsoft Office product line, you should be using this tool as well.  You can protect yourself from most viruses at two different levels.  On a system level and on an email level.  You can protect yourself from these attacks with Anti-Virus software.  Make sure that the Anti-Virus software you select protect against virus attacks on both of these levels.  Make sure you update the virus signature files frequently, like almost daily

There are free Anti-Virus software package called AVG by Grisoft Inc. that can be found at http://www.grisoft.com/html/us_index.cfm or there is an offer by Computer Associates to Microsoft customers for a 1 year free version of EZ Armor LE at http://www.my-etrust.com/microsoft/.  This is an anti-virus firewall suite  This suite can also be obtained on CD free from Microsoft when you sign up for the free Microsoft Windows Security Update CD at http://www.microsoft.com/security/protect/default.asp.   A free online virus scanner called HouseCall can be found at http://housecall.antivirus.com. Please note that HouseCall does not check your email. You can try either MacAfee at http://www.mcafee.com/anti-virus or Symantec at http://www.symantec.com/nav for commercial Anti-Virus packages.  If anyone knows of a good free or other commercial  package, I will be glade to post it here.

Many hackers are just curious, but some are intent on reeking havoc on your computer and take great pleasure in doing it.  The Internet is a very public place and everyone connected to it is an easy target for hackers.  There is not just a front and back door for hackers to gain access to your computer by, there are thousands of access points.  You can protect yourself from hackers with a Firewall.  Make sure the Firewall you select protects against incoming and outgoing access.  It may not be obvious at this point why outgoing access needs to be controlled, but it will become clear in the next paragraph about Spy-Ware.

A good free Firewall called ZoneAlarm by ZoneLabs can be found at http://www.zonelabs.comZoneAlarm has an option called 'MailSafe' that will protect you against email that contains executable attachments. This option alone is a good reason to use ZoneAlarm.   They also have a two commercial products called ZoneAlerm Plus and  ZoneAlarm Pro.  Look for ZoneAlerm in the download area.  There is also a free firewall called Kerio Personal Firewall by Kerio Technologies Inc. and can be found at http://www.kerio.com/kpf_home.html .  These are the developers that created Tiny Personal Firewall.  An extra measure would be to use a router with NAT translation with a built-in firewall.  Linksys, SMC, Dlink and Belkin all make them for under $75 and all can be found doing searches on your favorite search engine.  This provides what is called a hardware firewall and turns your single connection into a network so multiple computers can share the internet connection.  This also means you will need an internet card in the computer and cables that connect you computer to the router. Only use the router as redundancy, not a replacement for one loaded on your PC.  The router does not protect you from outgoing traffic and will become apparent in the Spy-Ware section   If anyone knows of a good free and/or commercial Firewall, I will be glade to post it here.

Spy-Ware is the newest form of privacy invasion on the internet.  This is generally a program that gets installed on your computer and sends information found on your computer back to it's owners via your internet connection.  It could simply be from visiting a website or opening an HTML formatted email message.  Some track the websites you visit and even items you purchase and send this information back to it's owners.  These programs are almost always un-knowingly installed while you are installing a seemingly legitimate application.  Most of these are obtained as Free-ware but some commercial software packages contain Spy-ware.  Some are installed via add banners on a web page.  For the most part, you are not informed of this devious practice.  The firewalls I mentioned above track the majority of the possible pathways a Hacker would use to call home from a program, but there are still several ways spy-ware can call home without installing software on your computer.   A good resource for Spy-Ware information is SpywareInfo at  http://www.spywareinfo.net/  There is no common name for this kind of protection software available, so I will call it Anti Spy-ware.  There are several packages that are available that qualifies as Anti Spy-ware. 

The first one I use, and I use all of these here, is Spybot - Search & Destroy and can be found free at http://security.kolla.de/.  Next is a free Anti Spy-ware package called Ad-aware by Lavasoft can be found at http://www.lavasoft.nu/.  They also have a commercial product called Add-aware Plus.  Then there is Pest Patrol found at http://www.pestpatrol.com.  I set Spybot up to run every time I boot the computer.  I run either Ad-Aware or Pest Patrol weekly.  These scan memory, the registry and the hard drive for installed spy-ware and offers you the opportunity to remove them when found.  Each have different was of finding there targets and one package always find something the other did not.  There are two more free products I install.  One, SpywareBlaster, found at http://www.javacoolsoftware.com, puts entries in your registry of known spy-ware that makes them unable to install.  The other, SpywareGuard, found at http://www.javacoolsoftware.com, runs in the background and detects suspicious activity as it happens.  If you where to ask me to pick just two, it would be SpyBot and SpywareGuard, but I would be hard pressed not to include SpywareBlaster as well. .  If anyone knows of a good free and/or commercial Anti Spy-ware package, I will be glade to post it here.

Spam is unsolicited email.  There is no way to completely prevent SPAM from being delivered.  You can use filters on your email reader to hide most of them from your eyes, but you still have to read some of it to identify if it is in fact a SPAM or not.  There is a web site called SpamCop at http://www.SpamCop.net that has a free and a commercial Web based product that allows you to report to the providers of these Spammers.  Most of these reports result in the Spammers resources being shut down.  A good resource for Spam information is SpamHunter's Resource at http://www.spamblocked.com/strads/spam/.  It is important to note that 99% of the time, the return address is rarely to actual person that sent the message as these messages are almost always forged.  Never reply to a spam asking them to stop.  They will only use your response as verification that your email address is valid.   Most spam now employs a form of spy-ware that phones home in one of many ways.  All of these would come in HTML formatted messages and most employ scripting.  One method that would not require scripting would be an image that send back a key imbedded in the URL of the image to be retrieved from their servers.  Scripting method would be the use of an embedded IFrame (not to be confused with Frames, both HTML tags) of an event the is triggered when you pass the cursor over something.  No click is needed.  It is my opinion the HTML formatted messages have their place and I allow them.  I do not allow them to retrieve anything from an outside server.  All that is needed is to tell the firewall to block all internet traffic except through the email ports.  I also turn off the ability of any scripts from running in all but trusted sites in the IE security settings.  If the is a demand for this, I would consider doing an article on this subject alone.  I feel it is far to complex to explain in this one.  The best thing to do is just shut off the email readers ability to display HTML at all.  On the other hand, you probably would be better off doing this, as it would make your regular surfing safer anyway.  If anyone knows of a good free and/or commercial Anti-Spam package, I will be glade to post it here.

Other annoyances:

Many ISPs are now filtering for spam and virus before it is delivered to your mailbox.  There is one problem that seems to be arising from this movement, and it is almost practiced everywhere.  They will actually delete the message when a virus is detected and sometime not even tell you or the sender about it.  There are two issues with this.  One, that there is no provisions for false positives.  As I said before, the virus and spam detection algorithms are not perfect so they will identify messages that are not spam and do not contain a virus and sometimes delete them without a trace.  Many ISPs I talk with claim they are doing what the law has told them to do or at least given them permission to do.  Second, the sender of a virus is very seldom aware they are send it.  Their computers have been hijacked and is being used without their permission.  I believe it is important to be able to let these people know what is happening so they can regain control of the computer they own.  This bring up yet another problem related to this, there is no place to report a message you receive so that the source of the message being sent will be notified.  I firmly believe that the ISP of the person that is sending the virus should be notified  and verify that the message contain a virus and that it came from their servers.  Then they should turn off the account until the virus has been eradicated from the computer.  This reporting would be best done at a central location.  This brings up yet another issue that is not being addressed.  It is very difficult to identify where a spam or virus laden message actually came from.  A great majority of these are forged and is not from who it says it is.  A protocol needs to be implemented that can detect a forged message and stop propagating it along to it's destination.  This again bring up the issue of false positive detection.  As you can see, these are all very complex issues and are not going to be resolved soon.  Congress just had hearing on the subject of spy-ware on Thursday 04/29/04.  The FTC opposes congress enacting any laws to govern spy-ware.  FTC Commissioner Mozelle Thompson said that there where current laws that restrict this activity and that it was already illegal.  When asked how many cases have been prosecuted, a number was muttered that sounded like it was less than 20.  Not nearly the hundreds of thousand of violations a day that occur.  When asked what the punishment was in those prosecuted cases, he stated that the laws only allowed them to recover the dolor amount that was gained on behalf of the spying.  This is not a deterrent.  They are only prosecuting a very tiny fraction of a percent of the violations, and all those that are caught have to do, is pay the court what the acquired by spying.  This means that they get to keep all the other money for the ones they did not get caught for, and they can continue doing everything with hardly a skip in step, or even a burp.   We need a law the puts teeth into the practice of spying without interfering with the legitimate use of the tools they use.  Yes, there are legitimate uses of spying tools.  One example used in the hearing was a support service.  They would use these spying tools to see what your computer is doing when you called for support to analyze what the problem you are having is and more than likely fix it without having to come to your house.

PopUps and PopUnders are not just an annoyance, they can contain several of the different pests mentioned above.  I have not found a PopUp/PopUnder blocker that I am totally happy with.  Because it is so difficult to know when a new browser window is desired or not and so difficult to find all of the different ways a new browser window can be opened, the application is a resource hog and will almost inevitable get into conflict with another application running on the computer.  The end result is to totally lock up your computer forcing a reboot.  At the very least, everything on your computer will run very slowly, especially if you have an older computer like I do.  I use EMS Free Surfer mk II found at http://www.kolumbus.fi/eero.muhonen/FS/fs.htm, but only when I am being adventurous and surfing to unsown territory.

Browser Hijacking comes in different forms.  Most browsers have buttons that take you to a default home page, a default search page or others default pages.  These locations are generally stored in your registry.  These buttons are hijacked when the value of these are replaced by devious people.  Another way your browser can be hijacked is through the use of your host file.  I must regress a bit.  All locations on the internet take the form of  a number.  This number is made simpler to read but being split up into four units. each unit takes the value of 0 to 255.  This number is called an IP address.  the IP address for www.yahoo.com is Then someone came up with a way to make it even easier to read and developed a way to assign a name to the IP address.  It is this that converts www.yahoo.com to so the request can find it's destination.  Ok, I'm back.  The host file is a way to translate this conversion locally without making the request to the internet to get the IP address from the name.  This was used to speed things up.  Why use the internet and wait for the IP address if you already knew what it was.  Thus the host file is a lookup table and it is used to translate a name to an IP address before it goes to the internet to make this request.  A devious person can find a way to add and entry to the host file and point a common name to an IP address that is really their site.  They can go as far as make the site they own look exactly like the one you expect to go to.  But much to your surprise, instead of being at Yahoo, you are somewhere being sold pornography or formulas to modify certain body parts.  There are two thing you can do here to protect your self from all of this.  One is to prevent or at least be alerted when an attempt to alter these places occur.  The other is to take advantage of the host file itself and turn it against all of these unwanted pesky visitors.  SpywareGuard mentioned above has an option that will alert you to any attempt of hijacking, even some I did not mention.  Winpatrol, found at http://www.winpatrol.com, has an option to monitor a file that is used by legitimate install programs and is also used by the devious people mentioned throughout.  You should only expect this install method to be used when you are installing an application.  The danger of this particular method is that it allows replacement of you operating system files. Host Toggle, found at http://www.accs-net.com/hosts/HostsToggle/, alerts you to changes made to the host file as well as give you  a convent way to manage the host file.   Here is where to revenge come into play.  There are a number of places that you can get a host file pre-loaded with know places that are unwanted to most of us and route them to a bogus IP (like, this is your own computer to the internet) address that will end up not being found.  All of a sudden adds at website are blank.  Pornographic pictures are blank.  This is great.

Phishing and spoofing is the practice of fooling the person into believing that the message is official and is asking for some personal information for a seemingly legitimate reason.  An example would be a massage from your email administrator (just forged to look that way) telling you that there is a problem with your account.  It then asks you to click on the link so you can logon to make sure it is working again.  The link is forged in a way that uses a flaw in the browsers ability to display what you see in the info bar at the bottom of the window.  If you hover your cursor over the link, a legitimate looking link appears in the infobar, but if you click on that link you are transported to a different site.  This flaw or bug has been fixed and if you are current with your windows update, you should not be fooled with this.  There is also a free patch (Internet Explorer URL Spoofing Vulnerability) that will also show you where the link will really take you if you click on it. There is also a free browser extension (SpoofStick) that will show the real address in a tool bar. The newest twist is that these phishers are hijacking your browsers address bar and IE is not the only venerable browser.  This pop-up window allows someone to watch you log into other places and phone home about everything you do.  This is a very new method and there is not a lot known yet, more to come.  You can report phishing emails you get to http://www.antiphishing.org.  You can get a list of email addresses to report phishing to the spoofed site at JavaWoman.

More Tools:
A really great tool to use to find out if you already have some form of spy-ware installed on your system or have been hijacked is HijackThis found at http://www.spywareinfo.com/~merijn/downloads.html.  There are a lot of places you can go to have the resulting report analyzed to see what you have installed that you might not know and/or want installed.  This tool works so well, the site is under constant attack to keep it from being used by anyone.  Be patient, it will be back up.  If you really feel impatient, contact me and I will try to find an alternate source for you.

I know it looks like I have presented  an overwhelming amount of stuff here but it only touches the surface.  I know that there is not enough information here for you to run out and install all of what I have presented here and be safe or even get it all set up right.  It is meant more to alert you to what the threat is and that there are free resources out there to help protect you.  Note that I said help you because none of this is perfect.  Remember, don't open any attachments that you don't expect.  Send the sender a note and ask if they meant to send it before you open it.  Even though it might have come from them, they might not be aware the it was sent.   If you just open an email that has HTML formatting in it, you could be telling the sender your email address is valid.  Don't hit that monkey  with the club, you will give someone permission to install something I can guarantee you don't really want and you didn't even know it is happening..

I can be reached at and will do my best to help in any way I can.  I have started a Yahoo Group called pcWisdom and it can be found at http://groups.yahoo.com/group/pcWisdom/.  Please feel free to join this YGroup and seek assistance on these issues or any other issue you have about your computer and/or the internet.   My goal there not to make you and expert but to help in a way that is easily understood with just enough jargon so when you hear the words again, you will have an idea what is being said.  I would also welcome others with a technical understanding that can help in the same way to join.

If you are technically inclined and would like a more detailed explanation of most of  the subjects covered here, visit Gibson Research Corporation at http://grc.com/