One cannot talk about defending a computer, without first defining some of the types of attacks that can be made. This discussion can get quite technical. Please at least read the section on "Good email etiquette in a SPAM, virus, and hoax laden internet". If you follow these guidelines, even without fully understanding the all the technical discussion whch follows, you will help contain SPAM and hoax proliferation.

This discussion is about attacks that are carried via the internet, and target computers and computer users, not via other mechanisms. The internet is simply a (relatively) new communications medium. There is nothing inherently evil about the internet, any more than there is anything evil about telephones, books, magazines, newspapers, radio, or television. Telephones, some types of radios (cellular telephones, walkie-talkies, and ham radios, for example), and the internet can be used as two-way communications devices, books, magazines, newspapers, broadcast radio and television are mostly one-way communications devices. One could use a computer, never connect it to the internet, and one would not have to worry about these types of attacks. One would not get any of the benefits of the internet in that way either: the internet supports a broad collection of useful capabilities: news stories, reference facts, catalogs, email among friends and business associates. Like all forms of communication, one needs to be selective in the types of communication that you partake of, to be sure that you achieve your individual goals.

Good email etiquette in a SPAM, virus, and hoax laden internet

There are some "good practices" that can also help avoid SPAM, virus, and hoax proliferation. Viruses often scan address books, email messages, and even disk files, looking for more email addresses to attack. The following techniques can keep you safe, and reduce the number of email addresses they find, not only on your computer, but also on other people's computers.

Types of attacks


SPAM is defined as email or other communications (Instant Messaging) that is unsolicited and unwanted. Note that much friendly email is unsolicited, and some solicited email may be unwanted. So it takes both to be classified as SPAM. You are a unique individual, and it is your definition of unwanted that is important, not someone else's definition. One person's SPAM may be the answer to someone else's oft-longed-for question or desire. SPAM may be annoying, it may be offensive, it may be time-consuming to delete, it may overwhelm desirable email, but it is not dangerous.

One large subset of SPAM is unsolicited commercial email, and that class is also referred to as UCE.

SPAM is generally received from email addresses that you've never heard of, but may appear to come from your friends, as SPAMmers often spoof the "From" address on their outgoing email, to be another address from their list of email addresses to SPAM, or sometimes it might appear to be from your own email address.. In fact, except for UCE, SPAM seldom appears to come from the person that actually generated it, and is often from a non-existent, or one-time use, email address.

Malware or Badware: Viruses, Worms, Trojans, Bots, and Spyware

Malware and badware are two names that seem to be used to refer to the whole class of programs that do bad things on or to your computer. Another definition is a program that performs operations on your computer that are unsolicited and unwanted. Note that viruses often travel via email, and may often get caught in anti-SPAM defenses, but they are distinct from SPAM in that they may also be destructive. Security people will make distinctions between viruses, worms, trojans, bots, and spyware, but for the average person, they can all be considered bad, and there are enough of them around that if you do connect your computer to the internet, you must have your defenses ready, or you probably will get infected.
The only reason to separate them into categories is that there are different defenses for different types of malware. Anti-virus software generally detects and removes viruses, worms, trojans, and bots, but not spyware. Anti-spyware programs concentrate on that area, and are not nearly as mature as anti-virus programs, in that they don't catch nearly as high a percentage of spyware, compared to the anti-virus programs catching nearly 100% of all known viruses. For this reason, many people recommend the use of multiple different anti-spyware programs.

Hoaxes and Social Engineering

An unsolicited message, even if it seems to be fully self-consistent, should be independently verified before it is believed, even if it comes from a good friend--because your good friend may have been duped.

Social engineering is a technique used to dupe the user into thinking that something is legitimate when it really isn't. Both SPAM and viruses have sometimes used social engineering as a technique for achieving their goals. An offer to give away something for free may be an attempt to collect email addresses, not just yours, but also those of your friends. Instructions claiming to protect you from something are just as likely to be an attempt to convince you to do something inappropriate, or to raise unfounded fears. The more urgency found in a message, the more likely it is to be a hoax. If a message suggests forwarding something "to all your friends" that is a dead giveaway that it is probably a hoax.

There have been a variety of hoax emails that sound plausible, heart-wrenching, or warning of particular dangers to avoid. If they were legitimate, most of them would also be published by other means. Regardless of how plausible, heart-wrenching, or dangerous sounding, most such messages are not founded on facts. Independently verify the information before acting on it.

Be especially careful of messages that contain instructions for doing something that you wouldn't have thought to do on your own, particularly if it involves destructive behavior such as deleting computer files. Again, independent verification is the key.

Types of defenses

Defending against incoming SPAM

The delete key is your friend, with SPAM email. Anything you don't expect, just delete it. If it appears to come from a good friend, but doesn't sound like them, and has a strange attachment or link that your email program doesn't automatically display, just delete it.

Some SPAM email comes complete with a link to "click here to be removed from our mailing list". Generally it is not a good idea to click on such links. The links may, in fact, take you to a page of advertising, or something more offensive. The link may actually infect your computer with some virus, should this SPAM be generated by a virus. If the SPAM comes from a legitimate company, and you might have accidentally signed up for some of their mailings, it might be OK to "click here and be removed", as suggested. However, clicking such links from unknown companies may just verify that your email address is a valid address, and even if that company sends you nothing more, they might sell your address to other SPAMmers.

There are programs you can buy, and systems installed by ISPs, that use educated guesses (heuristics) to detect SPAM. These systems seldom catch all the SPAM, and occasionally mis-identify legitimate messages from your friends as being SPAM. Because of the latter problem, you wind up having to go through all the SPAM messages anyway, looking for legitimate messages. The best of these is the proprietary system used by Google for gmail and other Google-hosted private domains, and is the service used by NevCal email. The next best, SpamAssassin, is pretty good, but does not catch all SPAM. It is available for use on private domains hosted elsewhere, or for personal use on client computers.

There is another technique, called whitelists, that classify messages based on who the sender is. You give it a list of all your known correspondents, and it blocks all the rest. This technique ensures that you don't miss legitimate messages from your known correspondents, but makes it harder to establish correspondence with someone new. If you expect new correspondents from time to time, or even known correspondents that change their email addresses, you still have to go through the blocked messages looking for legitimate ones. I prefer this sort of technique, because established communications with known friends, which might be expected to have a reasonable response time, never gets blocked. And new correspondents don't generally expect immediate replies. When Google-hosted email cannot be used, I recommend Choicemail, which uses a whitelist technique together with some extremely sophisticated heuristics, to separate mail into 3 categories: from friends, highly likely to be SPAM, and unknown. I used it prior to switching to Google-hosting for my email, and it is very effective. After switching to Google, it became redundant, so I no longer use it.

Whether using "heuristic" SPAM identification, or a "whitelist" technique, it is certainly easier to spot the few legitimate messages among the morass of unwanted messages, from the sender and subject line, than it is to have a jumbled mix of messages appear in your inbox.

Another technique that can be handy is to separate personal email from other email. One email address, used only for communication with friends, and another email address, used for all other sorts of communication, can allow you to deal with personal, important email separately from the deluge of SPAM that is more likely to come to an address used for other activities. A third email address comes in handy if you subscribe to mailing lists. I use a large number of email addresses to divide and pre-sort my email into various categories.

For Instant Messenger, the various client programs support a number of techniques for limiting your contacts to a known list of friends.

In general, it is good not to enter your personal email address or your instant messaging IDs into any of the following places.
Anti-SPAM techniques often also catch the messages of mass-mailing viruses. So it doesn't pay to be too curious about the contents of unsolicited messages.

If the volume of SPAM becomes burdensome, even with whatever techniques you or your ISP might use to control it, consider changing your email address. If you change your personal email address, be sure to send out your new address from your old address, and keep both addresses for a month or so, to catch the stragglers. The best technique is to send the change of address from your old address, to your new address, and use the BCC (Blind Carbon Copy) feature to address the message to your friends. Some ISPs limit the number of BCC recipients, so you may need to divide your list up into several emails. An alternate technique is to send the change of address from your old address, and address it individually to each of your friends. This takes a bit longer, but is more likely to get through.

Anti-malware defense techniques

An anti-virus solution has many pieces: I list them in order of effectiveness. For recommendations on firewall and anti-virus software, see Glenn's free protection software.
  1. Run a firewall. Even the Windows XP/Vista/7 firewall is better than nothing.
  2. Avoid using MS Outlook, Outlook Express, and Internet Explorer. The alternative software may not be bug free, but the bugs are much less likely to be exploited. There are free alternatives for both email and web browsing. For recommendations on alternative software, see Glenn's free internet utilities
  3. Delete suspicious email; do not open attachments or click links unless the message clearly sounds like the person that sent it, contains a clear, cohesive explanation of what the attachment or link is, and preferably only if you were expecting that person to send you an attachment or link at this time. If there is _any_ doubt about the authenticity of an attachment or link, an extra email to the sender should be sent to confirm why an attachment or link was sent, and what it is. When opening attachments, first save them as files, then scan them with your anti-virus, and then, finally, consider opening them. If you cannot contact the sender, consider waiting 2 weeks, updating your anti-virus software, and then scanning the attachment, before opening it. This increases the chances that your anti-virus program will have been updated to deal with the new virus threat, if the attachment is, in fact, a virus.
  4. Run anti-virus software of some sort, preferably one that automatically updates daily or more often, or update it at least once a week, everytime you hear someone talking about a virus, and everytime you receieve a suspicious looking email.
  5. Run anti-spyware software at least once a month, updating it each time you do a scan.
  6. In Windows Explorer, under Tools/ Folder Options, in the View tab, check all the boxes that say "Display..." and uncheck all the boxes that say "Hide...". Visible information is always better than hidden information, and you might even learn more about your computer.
  7. Apply the Windows Update patches, either automatically on Win2K, WinXP, WinVista, and Win7 or manually on older versions of Windows.

Anti-Hoax techniques

Use common sense. Independently verify the content of unsolicited messages. Do not resend messages that you haven't independently verified. Lack of verification is not an indication that something is true. A statement that in the message that states that it has been verified is not independent verification.

There are a variety of web sites that keep track of various hoaxes that are floating around. A few of them are listed below. Another technique that can be very effective for hoaxes is to go to Google and paste in a sentence of text from the hoax message, and see what comes up. Generally lots of anti-hoax web sites will come up in the list of hits.

Hoax Busters Symantec Hoax Page Vmyths Snopes About Urban Legends