How To Minimize Spam and Malware

How To Minimize Spam and Malware

If you're inundated with unwanted e-mail, your natural inclination is to fight back. Surely there must be someone to whom you can complain, right?

Yes, But Not By Replying

Given the free-for-all nature of the Internet, it should come as no surprise that no uniform laws govern unsolicited commercial e-mail. Depending on where you live, you might be able to file a lawsuit against the sender and even have a reasonable chance of succeeding—if you can identify the sender, that is. For an excellent overview of current anti-spam statutes in the United State, Europe, and around the world, visit David E. Sorkin's Spam Laws site at

If you live in the United States, or if the spam appears to have originated in the United States, you can send it to the U.S. Federal Trade Commission. According to the FTC's Web site, the agency "invite[s] consumers and Internet Service Providers to forward UCE to an e-mail box at ... [T]he UCE mailbox receives an average of 10,000 new pieces of UCE every day, seven days a week. The Commission has responded to fraudulent UCE with a vigorous law enforcement program." You'll have the best chance of getting results if the spam in question is a come-on to a scam that has the potential to defraud investors or consumers.

The online SpamCop service specializes in helping Internet users track down the source of spam and then file complaints. You can use the reporting system for free or pay a small fee to remove banner ads and streamline the complaint process. The organization, run by Julian Haight, also offers low-cost filtered e-mail accounts and comprehensive filtering options for corporate clients.

Whatever you do, don't try to fight back by spamming the spammers! The urge to flood an inconsiderate e-mail marketer with hundreds or thousands of reply messages can be overwhelming, but the consequences can be dire. You could be inadvertently accused of spamming yourself, and the IP address of your mail server could land in one of the Internet's "black hole" lists, which block suspected spammers from sending mail to subscribing servers.


Identifying Malicious Software

How do you know when your computer has been invaded by hostile software? The worst way to find out is to receive a frantic message from a friend or business associate complaining that they've just received an e-mail message with an infected attachment from your computer. In the case of a Trojan horse program or a virus that disguises its source, however, you might not have such a clear-cut indicator. In those cases, you must be alert for changes in the behavior of your computer that could indicate the presence of a virus or a Trojan horse program.

Don't Be Fooled By Forged Addresses

If someone complains that you've sent them a virus, you should always take the report seriously, but don't assume that it's accurate. Virus writers can and do craft their code so that it forges the source of infected e-mail messages. Some versions of the Klez virus, for instance, which first appeared in early 2002, search for e-mail addresses in the Windows Address Book, the ICQ database, and local files on the infected computer. The virus randomly selects one of the addresses it finds to use as the From address on messages it sends to other potential victims. Anyone who receives a copy of this virus and doesn't know how it works will logically (and incorrectly) assume that the apparent sender's computer is infected.

The tendency of computers to do strange things for no apparent reason can complicate this task. Performance problems, system lockups, and odd error messages are far more likely to be caused by a buggy program or device driver than by a virus. Nevertheless, any time you observe any of the following symptoms, you should take steps to check for the presence of a rogue program:

Unexpected disk access
By their nature, Trojan horse programs access hard disk files when the local user is doing nothing. However, many legitimate programs, including several components of Windows, also access the hard disk in the background. In some cases—for example, when the Windows Indexing Service is building its catalog of files for a drive—this activity can take a long, long time. If you notice sudden bursts of disk activity, try to trace the responsible application.

Sudden system slowdowns
A virus or a Trojan horse program can sap system resources and make other activities painfully slow. Unfortunately, so can a wide variety of system configuration problems. If you notice performance problems, try to rule out the presence of a virus as one of the first steps in your troubleshooting process.

Unexpected network traffic
Many forms of hostile software attempt to hijack your network connection—to spread virus code to other computers, for instance, or to use a Trojan horse program's file-transfer and keyboard logging capabilities to steal information. Unfortunately, a blinking red light on your network adapter is not a surefire sign of a malicious program at work; an increasing number of programs, including antivirus packages, include features that assume you have an always-on Internet connection and check for updates at regular intervals.

If you see unexplained network traffic, try to identify its source

Changes in the size or name of program files. Viruses and worms spread by infecting other files. If you notice a change in the size or name of an executable file, the alteration could be a sign that the file has been infected (or that the original file has been deleted and replaced with an infected file). Although you aren't likely to notice this type of change by simply looking through file listings, some antivirus and firewall programs will alert you when they detect changes that resemble virus activity.

Your Computer Is Active For No Apparent Reason

When you're trying to figure out which application is responsible for a sudden burst of disk or CPU activity, your first stop should be the Processes list in Windows Task Manager. Press Ctrl+Shift+Esc and then click the Processes tab to display a list of all currently active processes, as shown in Figure 9-1.
The CPU column shows what percentage of your CPU is in use by each process; by default, it's updated every second. To see which processes are hogging your computer, click the CPU heading twice to sort in descending order. Scroll to the top of the list and watch the display; processes that are currently active will float to the top of the list.

If your computer is behaving strangely and you suspect a virus, look for unexplained entries in this list

If you can't identify an entry in the list of processes, don't assume that it's a hostile program. A much more likely explanation is that the process is a module from a program you installed. To identify the mystery process, make a note of its name as it appears in the Processes list and then use the Windows Search utility to find that executable file. Right-click the file icon, choose Properties, and look for details of the program, typically found on a Version tab. (If the process is listed as svchost.exe, the responsible program is running as a Windows service;
type tasklist /svc at a command prompt to see the full list

The most reliable way to identify a virus, of course, is by scanning your system with an up-to-date antivirus program. This procedure will reliably detect any virus whose characteristics are included in the program's signature files. Virus scanning is not foolproof, however. Be aware of two potential problems:

1. Undetected viruses
The process of creating virus signatures is reactive. After a new virus appears in the wild, software developers must pick it apart, analyze its behavior, add its characteristics to the signature file for their antivirus program, and make the new signature file available. Even if your antivirus program is configured to check for updates regularly, you could be unprotected from a new virus for a short period of time. This lapse in coverage can be extremely damaging in the crucial first few days of a widespread virus attack.

Because new viruses can crop up at any time, you should never rely on antivirus software alone to protect you from potential threats. To add multiple layers of protection, you should block executable e-mail attachments and be sure to install all security updates promptly.

2. False positives
In some relatively rare circumstances, an antivirus scan can incorrectly alert you that a program file is infected with a virus when in fact the file is perfectly safe. False positives can usually be attributed to one of two problems: a signature file that contains an erroneous definition of a specific virus; or a heuristic scan that detects the activity of a legitimate program, such as an installer or disk utility, and flags it as a possible virus.

Whenever your antivirus software sounds an alarm, you should take it seriously, but you should also consider the possibility that it might not be the real thing. How can you tell a false positive from an actual virus? Start by looking at the alert itself. If it suggests that a heuristic scan is responsible for the alarm, you know that the suspicious behavior doesn't match any known virus in the program's signature file. If the alert includes the name of the suspected virus, head for the antivirus software maker's Web site and try to find additional identifying characteristics of that virus to confirm whether it's actually present on your system. If you can't find a definitive answer, send the suspect file to your antivirus software vendor and ask them to confirm whether it's truly infected or a false positive.

If you suspect that your computer has been infected with a virus, avoid using it to browse the Internet or send e-mail. If you are indeed infected, you risk spreading the virus far and wide by remaining connected to the Internet. In fact, because so many modern viruses can spread over network shares, a sensible precaution is to unplug the network cable temporarily, until you can be certain that your computer is clean or that you've contained the infection. Find another computer, one you're certain is free of any tainted code, to research the symptoms you're experiencing; and use that clean computer to download any needed cleanup instructions or tools.

The Internet is a rich source of complete and accurate information about viruses, worms, and other hostile software. Unfortunately, a random search of the Internet for information about the term "computer viruses" will also turn up a long list of links to sites that are incomplete, out-of-date, or run by scam artists. We strongly recommend that you start your search for definitive information with the vendor that supplies your antivirus software, because that company is most likely to have information and step-by-step instructions that are directly applicable to your system configuration. Virtually every major company that produces antivirus software offers a searchable Web-based list of viruses; we've included links to these invaluable information sources in the next section. In addition, we suggest bookmarking these two independent sites, which offer up-to-date, unbiased information about currently active viruses:

CERT Coordination Center Computer Virus Resources


Choosing an Antivirus Program

The only computer that's absolutely safe from hostile software is one that's been unplugged and locked away. For everyone else, the risks of computer viruses are too great to ignore. Given the pandemic nature of viruses and worms, and their astonishing ability to reproduce, the conclusion is clear: No serious Windows user can afford to be without effective antivirus protection.

It's never too late to switch

Many new computers arrive with a bundle of software already installed. Often, this bundle includes security software such as an antivirus program. Is this "free" antivirus software really a good deal? Only if it suits your requirements and works comfortably with your other software.

I recommend Symantec Norton Internet Security or NIS; Anti-virus and Firewall

You can find an up-to-date list of certified software at


Protecting Your Computer from Hostile Software

Unfortunately, no one has yet designed a "silver bullet" that can protect your computer from all known threats. To effectively block the many varieties of malicious code that you're likely to encounter, you need to implement a comprehensive security program that consists of the following procedures:

Train every person who uses your computer or network At a minimum, family members and employees should know not to open unexpected attachments and not to execute software they download from the Internet until they have scanned it for viruses.

Install antivirus software and keep it updated Installing an antivirus program is a two-part process. The initial setup enables the antivirus scanning engine—the code that checks files for possible viruses. The most important part of the package is the database of virus definitions (sometimes called the signature file). After installing an antivirus package on a new computer, update it to the latest definitions immediately. If the program has an automatic update feature, configure it to install new updates at least weekly.

Keep your system up to date with the latest security patches The most destructive viruses work by exploiting known vulnerabilities in e-mail programs and Web browsers; on an unpatched system with outdated or defective antivirus software, one of these viruses can run automatically when you view a Web page or click on an e-mail message. To prevent this nightmare scenario, use Windows Update regularly and install security updates as soon as they're available. Security patches are especially crucial for computers running Internet services, such as a Web server or an FTP server.

Configure your computer to block potentially dangerous attachments that arrive via e-mail Many recent-vintage e-mail programs, including Outlook Express and Outlook, allow you to completely block some or all attachments that have the potential to harm your system.

Install a firewall program that can detect and block unsolicited outbound connections The rudimentary firewall built into Windows XP offers excellent protection against unwanted intruders, but it does nothing to detect programs that try to send data from your computer. A firewall program with two-way protection can alert you to Trojan horse programs and can also help you detect "spyware"—programs that surreptitiously connect to the Internet without your knowledge or approval. Firewalls also can offer protection against blended threats.

Back up your data regularly If, despite your best efforts, a virus or other hostile program manages to slip through your defenses and cause irreparable damage to your computer, you might be forced to reformat and start over. This process is never painless, but a good recent backup can greatly ease the sting.

Don't Rely On A Single Layer Of Protection

Protecting yourself from malware requires that you accept a few unpleasant truths: Antivirus software is not perfect. Even well-trained, experienced computer users (like you) can slip up. New vulnerabilities can result in attacks for which you're not prepared. A healthy respect for your enemy is important. If you think you can do without antivirus software because you're smarter than the cyber-hoodlums who write viruses and worms, you're practically daring them to take over your computer, and they have a better chance than you think of succeeding. To keep your computer safe from hostile software, it's important that you use more than one layer of protection and that you maintain constant vigilance against new threats.

Training Users to Avoid Viruses

Your first line of defense against any hostile software doesn't require any special hardware or software. The single most important precaution you can take is to train every user on your network (including yourself) to spot the warning signs of suspicious software. Make sure that every user understands the essential principles of safe computing. Print out a copy of these precepts (you can copy them from the electronic edition of this book, found on the companion CD) and post them near your computer:

Do not open any file attached to any e-mail message unless you know the sender and you are expecting the attachment. If you receive an attachment from an unknown sender, delete it immediately. Be suspicious of any attachment, even if it was apparently sent by a friend, relative, or business associate, and do not open the attachment unless you are absolutely certain that it is safe to do so.

Never attach a file to an e-mail message without including an explanation. At a minimum, you should explain what the attachment is and why you're sending it. Don't use generic text ("Hi, here's the attachment I promised!") that could just as easily have been generated by a mass-mailing virus. A personal note of a single sentence ("George, this is the list of vacation rentals I promised to send you when we spoke yesterday") can reassure a recipient that the attachment is legitimate.
Zip attachments for safety's sake

Also see:
How To Stay Secure On The Internet
Back To The Top

Bud's CDs FREE MP3s     Home