Taking Back The Internet: Spam, Security and Viruses

It seems that more and more the Internet is becoming overrun with garbage. Between spam, self-replicating popunder ads that bring up more popup ads, web bugs, viruses, and security holes, it sometimes feels like a battle every time you use your computer. Surely there must be something you can do to stop this? There certainly is.


The World Wide Web

First of all, never click on a popup ad even if it looks like something you might like. If less people click on popup ads, less advertisers will be inclined to pay for popup/popunder advertising.

You can also use software like McAfee Internet Essentials to block viruses, hacker attacks, popup/popunder ads, web bugs and malicious scripts. It works quite well but it takes several days of regular use to get it configured the way you want it. Even then it can be somewhat annoying from time to time, but it will stop all of the nasty things it says it will.

Of course one sure way to stop popup/popunder ads forever (and the even more annoying popup flash movies that you cannot close, which appear most notoriously on msn.com and askmen.com) is to use a web browser other than Internet Explorer. Some alternatives are Opera, which I highly recommend; and Mozilla, which is the clean, open-source version of Netscape (I don’t recommend the “Real” Netscape because it has spyware built in, thanks to AOL). They do not block popups natively, but you can easily disable popups in the settings dialogue.

Email

The no reponse deal goes for spam email as well — never respond to junk email. Don’t click on the links, don’t even open the email if you already know it is junk. Many spammers will put content in their email that will let them know that you’ve opened and seen the email, thereby informing them that your email address is good; if possible you want them to think that you don’t exist. If you’re using Linux, use KMail (part of KDE) to send the spammer a bounce message; I believe you can do the same thing with Eudora in Windows. Sometimes that will get you removed from the spam list. Alternatively you can set up a free account with SpamCop, a service that reports spammers to their ISPs, who will in turn ban the spammer from their service. It is an established, effective, and widely recognized anti-spam tool. When a spammer sends you his tripe, you copy the email source code into a new email and send it to a special SpamCop address. SpamCop traces the spam and sends you an email to finish the reporting process. Click the link in that email and you can see where the spam came from and report the spammer instantly.

There are many online services that filter email for you, weeding out what it thinks is spam. Sometimes “good” emails don’t get through and sometimes spam does, and those are the occasional downsides. These services are paid — they don’t cost much, but unless you’re in a small business environment where spam is a serious problem, I don’t recommend the paid filtering service. McAfee also has a SpamKiller software package that filters incoming email. This works much like the online service does except it filters the email after it has already been downloaded to your machine. Whether it is worth the money or not is up to you.

Email programs like Outlook XP, KMail, Eudora, and Evolution all have built-in block lists that you can use to automatically delete mail sent from spammer addresses. The trouble with that is, rarely does a spammer use the same address more than once — often they will use other people’s addresses in the “Sent” field of the email (sometimes your own email address) or use a false address. If you notice that spam is rolling in from the same address, add it to the block list or create a rule for it and you’ll never have to see it in your inbox again.

The worst of the worst: direct IP advertising

There are some unfortunate souls in this world who get popup ads when they are not using a web browser. The ads just mysteriously appear and often try to sell anti-spam and anti-popup services and software. This can’t happen on a Linux machine, but Windows users are quite susceptible to their attacks.

The most common type of direct IP ad is through the Windows Messenger service. You’ll know that it is to blame if the popup’s titlebar says “Messenger Service.” To turn it off in Windows 2000 or XP, go to Control Panel -> Administrative Tools -> Services and then right-click on Messenger and click Properties and finally click the STOP button to get rid of this useless Windows feature. There are several programs for sale on the Internet to block these IP ads — don’t pay for them, just disable the service and you’ll be fine. You’re not missing anything by turning it off.

Perhaps a more comprehensive way to keep yourself safe from direct IP ads and hacker attacks is a firewall program like McAfee Firewall; BlackICE; ZoneAlarm or Norton Personal Firewall. All of them are sufficient for keeping out unwanted intrusions.

Viruses

When I was a full-time technician, nearly every customer who walked in the door with a nonfunctional machine thought that the cause was a virus. My guess is that since viruses are so often reported in the media and reaffirmed through “VIRUS WARNING” emails, people figure that it is a common computer problem. The first thing you should know is that viruses are not a common cause of computer malfunction and are virtually never a cause of hardware failure.

Years ago there was a virus named Chernobyl which would overwrite the programmable memory that holds your BIOS (Basic Input/Output System) information with garbage. This would render the computer useless and the motherboard would have to be replaced. The virus only struck on the anniversary of the Chernobyl disaster, although some variants would work on other dates as well. I personally saw four computers that were affected by this in 1999 and have not heard of any problems since then. In any case, this is the only incidence I have ever heard of where a virus causes hardware to fail. It is conceivable that a virus could be written that stresses your hard drive in cruel and unusual ways, causing it to crash and lose your data, but I don’t think that’s a very likely scenario. Most viruses these days are email viruses; they only affect Windows users, and even more specifically most of them affect Outlook and Outlook Express users. So if you’re a Windows user and want to be safer right off the bat, get yourself a copy of Eudora or some other email program.

You can also get some antivirus software. The two most popular are Norton Antivirus and McAfee VirusScan, although there is a free antivirus program that has been gaining popularity for quite some time: Grisoft AVG Antivirus. All of them work well and are highly recommended. One thing I do not recommend is setting the software to scan the system at all times; while this is certainly the most secure antivirus protection, it also takes up a great deal of system resources. I suggest using the email virus filter only; run the full system scan once a month just to make sure nothing’s gotten through. If your system is acting strangely it might be a good idea to run a virus scan, but be warned that it can take quite a while to do a full system scan. In all the years I’ve been using computers I have only encountered two viruses on my personal systems: they were both email viruses and they were both caught by the email virus scanning program I had running at the time. Now that I’m on Linux I don’t worry about it — for now anyway.

Prevention

So how do you protect yourself against spam in the first place? First of all, never publish your email address anywhere on the world wide web! Don’t post it in message forums or on your homepage. Spammers use programs called spam spiders or spambots to scour the Internet for stray email addresses which it collects and adds to spam lists. If you need to put your email address on the web, sabotage it so that a bot won’t recognize it. You can add an extra space, replace the @ symbol with an AT, or use a hyperlink. In order to get the most anti-spam security out of your email hyperlinks, go here to encode your email address. One of the neatest anti-spam tactics I have seen was on a science fiction book club website; the webmaster put a note on his front page that said, “If you’re a spambot, take this email address so my email program knows what to delete: spambait@domain.com” where domain.com was his domain name. He had a program set up to delete all email that went to all of his domain email addresses if it was also sent to the spambait address. That allowed him to publish his email addresses safely on the website without being inundated with spam.

Whenever you register for any kind of online service or website, always make sure that you don’t accidentally agree to an “opt-in” program for spam. If you do accidentally let that pass, you can usually go to your preferences in your profile on that website and uncheck the opt-in boxes to stop the spam.

Never participate in the “win a million dollars if you take this survey” websites — they will spam you senseless.

If you get a notice from amazon.com or some other Internet store saying that they have “recently changed their privacy policy,” chances are they are going to be selling your email address to spammers, whom they refer to as “partners.” You can click the link they give you and read the lengthy legalese privacy policy, or you can do what I do — delete your account from the website or change the email address on file to a junk address. nojunk@nospam.com seems to work well for me.

Once again: never respond to spam. If it provides an opt-out link or address, do not use it — that will only let the spammers know that your email address is good. If the business seems like a reputable one, for instance if it’s Sears spamming you because you accidentally signed up for the opt-in program, then it’s generally safe to use the email’s remove instructions. Otherwise (especially if it’s a porn site spam) just delete the email. Speaking of porn spam: don’t open it; there will never be good porn in a spam mail and all you’ll be doing is setting yourself up for more spam.

What not to do

Now that we’ve covered what to do to fight back and prevent electronic garbage, let’s cover some common mistakes that people make when trying to combat it.

Never pass on “VIRUS WARNING” emails, and if you get one do not believe what it says. Most of the time they are hoaxes that try to get you to delete a file from your computer or avoid certain subject headings. If you’re concerned about a new virus, visit the McAfee Virus Information Center or Norton’s Security Response Site for up-to-the-minute data on viruses and security threats.

As I mentioned above, do not use the remove instructions in emails that look like scams — they’re already breaking the law by cheating people out of money, so what’s to stop them from complying with their commitment to opt-out upon request? The same with porn email: using the remove instructions is guaranteed to get you more spam. ESPECIALLY do not respond to the Nigerian bank scammers (you’ll know one when you see one) as they will keep your email address and bother you until you die or change your address.

Do not use the autopreview option in Outlook or Outlook Express to view junk email before you delete it — if there is a malicious script in the email it can harm your computer. It will also download pictures and HTML code from a remote site, thereby informing the spammer that your email address is valid. Again: just delete it or report it to SpamCop.

Follow the above advice and you can help make the Internet a more enjoyable place again, for you and for others.

Discuss this article or get technical support on our forum.

Copyright 2003 Jem Matzan. Verbatim copying and redistribution of this entire article are permitted without royalty in any medium provided this notice is preserved.

About the Author:

Leave A Reply

Your email address will not be published. Required fields are marked *