[Originally Appeared in New Orleans Beat Street magazine, March 2004]
Like most computer professionals, I’m spending inordinate amounts of time mopping up viruses, worms, dialers, browser “enhancements” and other malware that accumulate on my colleagues’ systems. Malware, that’s geek speak for noxious, undesirable programs. These things grow more pervasive and pernicious each season, and they’re sapping productivity everywhere you turn.
Users who are lax about things, through naiveté or sloppiness, get hurt the worst, and cause the most problems for others. It’s time to all of us to clean up our acts, for the sake of self-defense and social courtesy. And so we present Beat Street’s ten-point program for safe and sensible computing. The next time someone tells you they clicked on an email and everything blew up, you can staple this column to their forehead.
1) Watch Out for Attachments – Attachments are files included with email messages; one clicks on an attachment to save or open the file. DO NOT click on any attachments you aren’t expecting, or attachments from people who are unknown to you. We’ve seen lots fake admin messages and bounced email notifications recently; again, don’t open those attachments, just delete the messages. Even your friends can inadvertently pass along worms or viruses, so be conscious, and cautious, with every email attachment.
2) Use the Current Operating System – If you’re not already on Windows XP you should be, if only because it crashes less than its predecessors. Mac users should likewise stay current; OS X “Panther” has been practically trouble-free for us.
Moreover, you must download and install every Critical Update and Service Pack for your operating system. Windows XP’s default behavior will alert you when updates are available; you should always take them, because they’re bug fixes and security patches. If you’re not sure whether your system is current: Click on the Start menu, open the Programs menu then select Windows Update, it’ll scan your system and tell you what you need. [OR just click here for the update service.] We take all Critical Updates, Service Packs and Driver Updates, but we pick and choose among the non-critical Windows updates.
3) Use Anti-Virus Software – This is a must. Repeat: You MUST use anti-virus software. Norton and McAfee are the big names, but we’re pushing Grisoft AVG 6.0 free version, available at www.grisoft.com. Although a bit bland cosmetically, and slightly less user-friendly than its more famous competitors, AVG is just as effective. It scans incoming email, attachments and downloads, alerts you if it detects anything, is regularly updated, and did I mention that it’s FREE!?!? Whatever anti-virus software you choose, make sure to always have the latest version of the software AND the latest virus description file (or “profile”). Same goes for your anti-spyware software:
4) Scan for Spyware – The terms “spyware” and “adware” refer to bits of commercial code that track your web surfing behavior, and/or advertise to you. Some are fairly innocuous, others totally adverse. High-profile spyware pushers include DoubleClick, Gator, Bonzi Buddy, and Altnet.
Spyware is invasive, annoying, and takes up precious computing power. We use a free program called Lavasoft Ad-Aware, obtained from www.lavasoft.de (that’s dot-DE, they’re in Germany). Ad-Aware will identify, quarantine, and delete all manner of cookies, trackers, data miners and other sleazy tidbits. Run Ad-Aware at least once a month, or whenever the pop-ups crop up.
Several well-known P2P file-sharing applications depend on spyware for their revenue, they get paid each time they plant the stuff on a new system. If P2P’s your thing, use Kazaa Lite/K++, Shareaza, or another spyware-free client. If you surf porn sites, you’re certain to have accumulated some spyware. If the computer keeps trying to dial the Czech republic, then you’ve definitely been seeded, but seriously, anyone who surfs the Web is vulnerable.
5) Run the Disk Cleanup – Worms and viruses often infect the Temporary Internet Files, or “cache.” Flush the cache, and reclaim space from other unnecessary files with the Windows Disk Cleanup utility. It’s under the Start menu > Programs > Accessories > System Tools > Disk Cleanup. While you’re at it, run the Disk Defragmenter utility, also located in the System Tools. It can speed up disk access.
6) Disable Windows Messenger Service – Pop-ups with the words "Messenger Service" in the title bar exploit a feature of the Windows operating system called the Messenger Service. Not to be confused with MSN Messenger, Messenger Service is a somewhat vestigial, rudimentary messaging system. It wasn’t used much until spammers got hold of it. If you’re seeing messages such as “your computer is at risk, you’re exposed to the entire network” while your Web browser is closed, it’s probably Messenger Service spam.
To turn off the Messenger Service, go into the Start menu > Control Panel
> Administrative Tools > Services. In the Services dialog, scroll down
until you find the word “Messenger.” Click with the left mouse button
on the word “Messenger,” so that it highlights, then click with
the right mouse button and select Properties. In the Properties dialog click
on the Stop button. Then select Disable from the Startup Type pull-down menu.
Click OK to exit the dialog. Messenger Service cannot be disabled in Windows
98 and ME, all the more reason to upgrade to XP.
7) Use a Firewall – Think of the firewall as another
line of defense. It can alert you when a rogue program tries to access the net.
One may actually catch a worm or virus in action, as it reports back to its
master or tries to spread itself to other computers, if you pay attention to
your firewall’s messages. Firewalls cease to be effective if you blindly
okay every alert. Allow frequently used programs to access the network, but
challenge unknown programs for your own safety. Firewalls can also shield against
attacks that may come from outside, such as hacker probes. There are a lot of
firewalls out there, we’ve been using Zone Alarm lately, but don’t
have a strong preference.
8) Download Cautiously – There is no evidence that anyone has ever put a virus or worm inside an MP3 file, a digital video file, or a graphic image. Things just don’t work that way. But be super-careful of executable code, meaning programs that can be run on your computer. If some worm (or email) can convince you to accept and run a program, they can take over your computer and do just about anything. Don’t download or open any programs, specifically any .exe files, unless you’re absolutely sure about them. While audio/video files aren’t the problem, be alert for files with bogus extensions, for example .exe files with .mp3 or .mpg added to the file name. Which leads to the next item:
9) Watch Out For Spoofs – A “spoof” is someone or something masquerading as something else. While not a virus per se, spoofing is a type of anti-social Internet behavior that can accompany criminal activity. The trend in spoofing is fake security alerts, emails that say your account will be terminated unless you confirm your username and password immediately. Anyone with a PayPal or eBay account is a potential target for this scam; we’ve seen very convincing emails that use actual artwork and web pages from the companies.
We know of one local individual, an intelligent guy, who fell for the ruse.
His lucrative eBay business (with a 97% customer satisfaction rating) was taken
over by scam artists, who duped him out of his password through an email spoof.
They ran fraudulent auctions through his account, now eBay won’t let him
sell anymore, customers are furious, and he’s still sorting things out.
Don’t ever give sensitive passwords to anybody, and stay aware and critical
about where you’re entering them. Ask yourself: Is this really the log
in page? If you’re unsure, contact the company in question, email abuse@companyname.com
and service@companyname.com to report suspicious activity.
10) Accept the Inevitable – Even the best of us stub
our toes on the Internet now and again, no one’s immune from it. Despite
your best efforts, it’s very likely that you will catch viruses or worms,
get hacked, receive billions of spam emails, and encounter other new and exciting
digital maladies in the course of your computing life. Assume it will happen,
not if, but when. Make it a habit to back up your data –
so when catastrophe strikes, you won’t lose all your work. When something
does go wrong, take comfort in knowing that it’s probably fixable, and
can happen to anyone.
Oh, and one more thing, when you get email from people in Nigeria asking for help with large cash transfers, don’t give them your bank account number.
He’s an author, entrepreneur, gear queer, and bon vivant; it’s
Mister America to you, tough guy.