One cannot talk about defending a computer, without first defining
some of the types of attacks that can be made. This
discussion can get quite technical. Please at least read the
section on "Good email etiquette in a SPAM, virus, and hoax laden
internet". If you follow these guidelines, even without fully
understanding the all the technical discussion whch follows, you
will help contain SPAM and hoax proliferation.
This discussion is about attacks that are carried via the internet,
and target computers and computer users, not via other
mechanisms. The internet is simply a (relatively) new
communications medium. There is nothing inherently evil about
the internet, any more than there is anything evil about
telephones, books, magazines, newspapers, radio, or
television. Telephones, some types of radios (cellular
telephones, walkie-talkies, and ham radios, for example), and the
internet can be used as two-way communications devices, books,
magazines, newspapers, broadcast radio and television are mostly
one-way communications devices. One could use a computer,
never connect it to the internet, and one would not have to worry
about these types of attacks. One would not get any of the
benefits of the internet in that way either: the internet supports
a broad collection of useful capabilities: news stories, reference
facts, catalogs, email among friends and business associates.
Like all forms of communication, one needs to be selective in the
types of communication that you partake of, to be sure that you
achieve your individual goals.
Good email etiquette in a SPAM, virus, and hoax laden
There are some "good practices" that can also help avoid SPAM,
virus, and hoax proliferation. Viruses often scan address
books, email messages, and even disk files, looking for more email
addresses to attack. The following techniques can keep you
safe, and reduce the number of email addresses they find, not only
on your computer, but also on other people's computers.
- Use anti-virus software and keep it up-to-date. Use a
firewall program. Consider using an anti-SPAM program, and one or
more anti-spyware programs.
For software recommendations, see Glenn's free protection
- Pick a meaningful subject line. When the recipient
attempts to pick out your message from among their incoming SPAM, a
meaningful subject line can be extremely helpful to them. A
very generic subject such as "Hi" or "to keep in touch" or
"remember me" (see your incoming SPAM for examples), or no subject
at all (lots of SPAM does that too), is not particularly helpful
and making your message stand out as non-SPAM.
- When sending attachments or links, describe why you are doing so, with
sufficient text that your friends can actually tell that it came
from you, and isn't just text that you are forwarding along with the
attachment or link. And send the attachment or link,
and an explanation, but not
multiple layers of email headers that show where all the attachment or link
has been, and exposes lots of email addresses of other people.
- Do not tell all your
friends. If a message suggests telling all your
friends, you probably shouldn't. It may be a hoax, or it may
just waste their time. Only send things to people that you
think would be interested in receiving it, and which you have
to be true and useful (or humorous). OK, if you really,
really, really want to tell all your friends something, send them
the link to this page!
- Use BCC (Blind Carbon Copy). If you are sending an
email to more than one person at a time, use BCC to
keep the addresses of your friends private even from your other
friends, unless (1) you know that they all have each others
adressess anyway, and (2) you expect that all the replies should
come to all the recipients (when trying to set up a time for a
joint event, or such). Unfortunately, some ISPs place limits
on BCC usage, limiting the number of outgoing BCC recipients,
because SPAMmers often also use BCC to hide the fact that their
SPAM is going to lots of people you never heard of, as well as
yourself. Those ISPs probably also have other funny
ideas. If this is the case, you should find a different ISP,
because BCC is an effective weapon to use against viruses and
SPAMmers, by reducing the number of stray email addresses that are
found in people's files.
- BCC can be hard to find on some programs, but most email
programs support the concept. Here are some hints for some
particular email programs:
- Outlook Express: Start composing an email, and then go to the
"View" menu, and choose "All Headers". This setting should
persist for future emails as well.
- Juno: Use the CC box, and put parentheses around each
recipient's address or nickname. This changes the CC into
- Other programs: Look for "BCC" or "Blind carbon copy" in their
help system to figure it out. Most have it.
- When replying or forwarding a message to someone else, remove
the email headers from the message, and remove all the email
addresses of where it has been in the past. It is also nice
to remove multiple layers of indentation from forwarded messages,
and generally clean them up... if you think it is worth passing
along, it is worth making it easily readable too. This is
especially nice if you are sending the message to multiple
recipients... a little work on
your part can be a time saver for all the recipients.
- If you receive a virus laden message, and want to tell your
friend from whom it appears to have come, be aware that it is
likely a different friend that is infected, and the apparent From
address is unlikely to be that of the infected friend. So it
is generally not effective to inform them. Instead, in
discussion with your friends, it is probably more profitable to
encourage them to read this page and practice good email etiquette,
than it is to try to talk them into thinking you got a virus from
Types of attacks
SPAM is defined as email or other communications (Instant
Messaging) that is unsolicited and unwanted. Note that much
friendly email is unsolicited, and some solicited email may be
unwanted. So it takes both to be classified as SPAM.
You are a unique individual, and it is your definition of unwanted
that is important, not someone else's definition. One
person's SPAM may be the answer to someone else's oft-longed-for
question or desire. SPAM may be annoying, it may be
offensive, it may be time-consuming to delete, it may overwhelm
desirable email, but it is not dangerous.
One large subset of SPAM is unsolicited commercial email, and that
class is also referred to as UCE.
SPAM is generally received from email addresses that you've never
heard of, but may appear to come from your friends, as SPAMmers
often spoof the "From" address on their outgoing email, to be
another address from their list of email addresses to SPAM, or
sometimes it might appear to be from your own email address..
In fact, except for UCE, SPAM seldom appears to come from the
person that actually generated it, and is often from a
non-existent, or one-time use, email address.
Malware or Badware: Viruses, Worms, Trojans, Bots, and Spyware
Malware and badware are two names that seem to be used to refer
to the whole class of programs that do bad things on or to your computer.
Another definition is a program that performs operations
on your computer that are unsolicited and unwanted. Note that
viruses often travel via email, and may often get caught in
anti-SPAM defenses, but they are distinct from SPAM in that they
may also be destructive. Security people will make
distinctions between viruses, worms, trojans, bots, and spyware,
but for the average person, they can all be considered bad, and
there are enough of them around that if
you do connect your computer to the internet, you must have your
defenses ready, or you probably will get infected.
The only reason to separate them into categories is that there
are different defenses for different types of malware. Anti-virus
software generally detects and removes viruses, worms, trojans, and
bots, but not spyware. Anti-spyware programs concentrate on that
area, and are not nearly as mature as anti-virus programs, in that
they don't catch nearly as high a percentage of spyware, compared
to the anti-virus programs catching nearly 100% of all known viruses.
For this reason, many people recommend the use of multiple different
Hoaxes and Social Engineering
An unsolicited message, even if it seems to be fully
self-consistent, should be independently verified before it is
believed, even if it comes from a good friend--because your good
friend may have been duped.
Social engineering is a technique used to dupe the user into
thinking that something is legitimate when it really isn't.
Both SPAM and viruses have sometimes used social engineering as a
technique for achieving their goals. An offer to give away
something for free may be an attempt to collect email addresses,
not just yours, but also those of your friends. Instructions
claiming to protect you from something are just as likely to be an
attempt to convince you to do something inappropriate, or to raise
unfounded fears. The more urgency found in a message, the
more likely it is to be a hoax. If a message suggests
forwarding something "to all your friends" that is a dead giveaway
that it is probably a hoax.
There have been a variety of hoax emails that sound plausible,
heart-wrenching, or warning of particular dangers to avoid.
If they were legitimate, most of them would also be published by
other means. Regardless of how plausible, heart-wrenching, or
dangerous sounding, most such messages are not founded on
facts. Independently verify the information before acting on
Be especially careful of messages that contain instructions for
doing something that you wouldn't have thought to do on your own,
particularly if it involves destructive behavior such as deleting
computer files. Again, independent verification is the
Types of defenses
Defending against incoming SPAM
The delete key is your friend, with SPAM email. Anything you
don't expect, just delete it. If it appears to come from a
good friend, but doesn't sound like them, and has a strange
attachment or link that your email program doesn't automatically display,
just delete it.
Some SPAM email comes complete with a link to "click here to be
removed from our mailing list". Generally it is not a good
idea to click on such links. The links may, in fact, take you
to a page of advertising, or something more offensive. The
link may actually infect your computer with some virus, should this
SPAM be generated by a virus. If the SPAM comes from a
legitimate company, and you might have accidentally signed up for
some of their mailings, it might be OK to "click here and be
removed", as suggested. However, clicking such links from
unknown companies may just verify that your email address is a
valid address, and even if that company sends you nothing more,
they might sell your address to other SPAMmers.
There are programs you can buy, and systems installed by ISPs, that
use educated guesses (heuristics) to detect SPAM. These
systems seldom catch all the SPAM, and occasionally mis-identify
legitimate messages from your friends as being SPAM. Because
of the latter problem, you wind up having to go through all the
SPAM messages anyway, looking for legitimate messages. The best of these
is the proprietary system used by Google for gmail and other Google-hosted
private domains, and is the service used by NevCal email. The next best,
SpamAssassin, is pretty good, but does not catch all SPAM. It is available
for use on private domains hosted elsewhere, or for personal use on client
There is another technique, called whitelists, that classify
messages based on who the sender is. You give it a list of
all your known correspondents, and it blocks all the rest.
This technique ensures that you don't miss legitimate messages from
your known correspondents, but makes it harder to establish
correspondence with someone new. If you expect new
correspondents from time to time, or even known correspondents that
change their email addresses, you still have to go through the
blocked messages looking for legitimate ones. I prefer this
sort of technique, because established communications with known
friends, which might be expected to have a reasonable response
time, never gets blocked. And new correspondents don't
generally expect immediate replies. When Google-hosted email
cannot be used, I
which uses a whitelist technique together with some extremely
sophisticated heuristics, to separate mail into 3 categories: from friends,
highly likely to be SPAM, and unknown. I used it prior to
switching to Google-hosting for my email, and it is very
effective. After switching to Google, it became redundant,
so I no longer use it.
Whether using "heuristic" SPAM identification, or a "whitelist"
technique, it is certainly easier to spot the few legitimate
messages among the morass of unwanted messages, from the sender and
subject line, than it is to have a jumbled mix of messages appear
in your inbox.
Another technique that can be handy is to separate personal email
from other email. One email address, used only for
communication with friends, and another email address, used for all
other sorts of communication, can allow you to deal with personal,
important email separately from the deluge of SPAM that is more
likely to come to an address used for other activities. A third
email address comes in handy if you subscribe to mailing lists.
I use a large number of email addresses to divide and pre-sort
my email into various categories.
For Instant Messenger, the various client programs support a number
of techniques for limiting your contacts to a known list of
In general, it is good not to enter your personal email address or
your instant messaging IDs into any of the following places.
Anti-SPAM techniques often also catch the messages of mass-mailing
viruses. So it doesn't pay to be too curious about the
contents of unsolicited messages.
- public directories
- personal web sites (because they can be viewed by
- mailing lists
- responses to requests for an email address as a login ID from
commercial web sites (especially those without privacy policies
that indicate they will not use them for other purposes)
- USENET news group postings (these get archived on web sites,
and are often "harvested" by SPAMmers)
If the volume of SPAM becomes burdensome, even with whatever
techniques you or your ISP might use to control it, consider
changing your email address. If you change your personal
email address, be sure to send out your new address from your old
address, and keep both addresses for a month or so, to catch the
stragglers. The best technique is to send the change of
address from your old address, to your new address, and use the BCC
(Blind Carbon Copy) feature to address the message to your
friends. Some ISPs limit the number of BCC recipients, so you
may need to divide your list up into several emails. An
alternate technique is to send the change of address from your old
address, and address it individually to each of your friends.
This takes a bit longer, but is more likely to get through.
Anti-malware defense techniques
An anti-virus solution has many pieces: I list them in order of
effectiveness. For recommendations on firewall and anti-virus
software, see Glenn's free
- Run a firewall. Even the Windows XP/Vista/7 firewall is better
- Avoid using MS Outlook, Outlook Express, and Internet
Explorer. The alternative software may not be bug free, but
the bugs are much less likely to be exploited. There are free
alternatives for both email and web browsing. For
recommendations on alternative software, see Glenn's free internet
- Delete suspicious email; do not open attachments or click links unless the
message clearly sounds like the person that sent it, contains a
clear, cohesive explanation of what the attachment or link is, and
preferably only if you were expecting that person to send you an
attachment or link at this time. If there is _any_ doubt about the
authenticity of an attachment or link, an extra email to the sender should
be sent to confirm why an attachment or link was sent, and what it
is. When opening attachments, first save them as files, then
scan them with your anti-virus, and then, finally, consider opening
them. If you cannot contact the sender, consider waiting 2
weeks, updating your anti-virus software, and then scanning the
attachment, before opening it. This increases the chances
that your anti-virus program will have been updated to deal with
the new virus threat, if the attachment is, in fact, a
- Run anti-virus software of some sort, preferably
one that automatically updates daily or more often, or update it at least once a week,
everytime you hear someone talking about a virus, and everytime you
receieve a suspicious looking email.
- Run anti-spyware software at least once a month, updating it
each time you do a scan.
- In Windows Explorer, under Tools/ Folder Options, in the View tab,
check all the boxes that say "Display..." and uncheck all
the boxes that say "Hide...". Visible information is always better than
hidden information, and you might even learn more about your computer.
- Apply the Windows Update patches, either automatically on Win2K, WinXP,
WinVista, and Win7 or manually on older versions of Windows.
Use common sense. Independently verify the content of
unsolicited messages. Do not resend messages that you haven't
independently verified. Lack of verification is not an
indication that something is true. A statement that in the message
that states that it has been verified is not independent
There are a variety of web sites that keep track of various hoaxes
that are floating around. A few of them are listed
below. Another technique that can be very effective for
hoaxes is to go to Google and
paste in a sentence of text from the hoax message, and see what
comes up. Generally lots of anti-hoax web sites will come up
in the list of hits.
Snopes About Urban Legends