Home -> NYACC Lecture 
  

NYACC Lecture

Background information and Links

www.michaelhorowitz.com/nyacc.html

 

Topics: Defensive Email | Spyware | Background Information 

When: Thursday November 13, 2003. At NYU, in the Main Building. 7:00PM. Room 520. 

The list of topics: 

Spyware are little programs surreptitiously placed on your computer either when you install new software or when you visit a web site. Spyware is silently active in the background, and it sends reports to an agency that collects data about where you roam the web or where you shop. There are free and effective programs that will block and delete Spyware. 


 Defensive Email      Top

How email is sent (opens in new page) 

A sample error message when the outgoing email server computer has a problem sending an email message: 

**********************************************
** THIS IS A WARNING MESSAGE ONLY           **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE   **
**********************************************
The original message was received at Wed, 19 Nov 2003 13:42:35 -0500 (EST)
  from smtp99.mindspring.net [204.69.203.226]
----- The following addresses had transient non-fatal errors -----
  <brooklyn@att.net>
----- Transcript of session follows -----
  <brooklyn@att.net>... Deferred: Connection timed out with gateway1.att.net.
  Warning: message still undelivered after 4 hours
  Will keep trying until message is 3 days old
Reporting-MTA: dns; fallback02.mail4.earthlink.net
Arrival-Date: Wed, 19 Nov 2003 13:42:35 -0500 (EST)
Final-Recipient: RFC822; brooklyn@att.net
Action: delayed  Status: 4.4.1
Last-Attempt-Date: Wed, 19 Nov 2003 18:01:08 -0500 (EST)
Will-Retry-Until:  Sat, 22 Nov 2003 13:42:35 -0500 (EST)

Send secure email attachments with either  iOpus Secure Email Attachments (SEA) or File Vault. Both are free.

Hoaxes. If you think an email message might be a hoax, check these web sites: 
   Symantec Hoaxes  McAfee Hoaxes  HoaxBusters  Vmyths   Snopes  urbanlegends.com

A sample hoax: 

From: "PayPal.com" 
Subject: IMPORTANT tfnbilur
Dear PayPal member,
We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.
To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.
IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore.
Thank you for using PayPal.

To turn off the preview pane in:

If Outlook is not showing you attachments try Ken Slovak's ATTOPT utility

Outlook Express 6 SP1 blocks you from seeing suspect files attached to email messages. To make it show you all attached files. Click Tools -> Options -> Security Tab and uncheck the box that says "Do not allow attachments to be saved or opened that could potentially be a virus". For more on this, including a list of the suspect file types, see: support.microsoft.com/default.aspx?scid=kb;[LN];291369 and support.microsoft.com/default.aspx?scid=kb;[LN];291387.  

To read messages in Plain Text format: 

Use Care When Reading Email with Attachments from CERT

Mossberg's Mailbox by Walter Mossberg in the Wall Street Journal November 13, 2003. A reader asks: Do you have a good recommendation for a spam blocker?. Part of the answer: "..the best I've found is Matador, by MailFrontier". 
  
Click for full size image in new windowYou can download the free version of MailWasher or buy MailWasher Pro.

For a screen shot of MailWasher in action, click the picture at the right. It will open in a new window. If you are using IE6, expand the picture to regular size. 

See a video about MailWasher from CNet (only for broadband users). A radio interview with Nick Bolton, the man behind MailWasher.

Suggested configuration options for MailWasher: 

  • Turn OFF: check the origin of email again DNS spam blacklist servers, Launch email application after processing and
      Perform default mail check on start-up. Also don't bother bouncing rejected messages. 
  • Turn ON: Play sound when new mail arrives, Perform default mail check every X minutes (number up to you) 
  • If you get a lot of junk email, use the Friends list in MailWasher and tell it not to display messages from your friends. They will be left untouched on the email server, will be downloaded by your email program and won't clutter up the display of junk messages. 
  • You can adjust the columns displayed to your liking. I prefer displaying these columns in this sequence:
      Delete, Bounce, To, Subject, From, Size, Attachments

Detecting SPAM and fraud. To get a feel for both, see this list of messages you would prefer to delete (picture opens in new window). Another SPAM sample

SpamBayes home page. (Alternate Link)

SpamBayes, a free, Open Source spam blocker, does a superb job Sept. 21, 2003 By Al Fasoldt 

SpamBayes knows spam By Jon Udell May 16, 2003 InfoWorld magazine. A must read. Ella ($30 from openfieldsoftware.com) functions much the same. It learns from examples of mail you've already received and supports a category between spam and not spam. 

Paul Graham has been leading the effort on Bayesian algorithm antispam solutions. He has published two articles on the subject: A Plan for Spam and Better Bayesian Filtering
   
The Outlook Express 6 status bar indicates if it is in online or offline mode.
To switch, just double click on this section of the status bar.

Phishing with Citibank and PayPal from Woody's Windows Watch newsletter, September 8, 2003. Also read Avoiding Swen about a virus sent as an email message from Microsoft. September 19, 2003. 

Some Internet service providers scan incoming email for viruses including AOL, Microsoft Network, Comcast, Covad and RoadRunner. Other ISPs are preparing to offer this service including Cox Communications, EarthLink and BellSouth. See Preventive Medicine For E-Mail in The Washington Post August 28, 2003 and a related story Looking out for users from the Baltimore Sun August 14, 2003. 

Amazon lawsuits target e-mail 'spoof' tactics By Jon Swartz, USA TODAY. Don't trust the From address of any email message. 

Blocked outlook express attachments Not being able to open blocked outlook express attachments is a common support issue for users of Outlook Express. From updatexp.com.  

Messenger Service Spam - End It Now from updatexp.com. 

Microsoft Knowledge Base Article - 330904 Messenger Service Window That Contains an Internet Advertisement Appears from Microsoft. 

"Phishing" Is Foul on the Net About fraudulent email messages. Business Week magazine October 21, 2003

Outsmart Scammers Don't let phishers reel you in with counterfeit e-mail and sites. PCWorld.com October 20, 2003

Another eBay scam fishes for bank details ZDNet Australia October 6, 2003

When crooks go a-phishing, don't bite ZDNet. September 29, 2003

Worm Wears A Patch For Disguise The Washington Post September 21, 2003

How to Tell If a Microsoft Security-Related Message Is Genuine from Microsoft September 19, 2003

About web bugs in HTML email messages. The Internet Tourbus. Patrick Crispen. May 1, 2003.

Using Virus Protection Features in Outlook Express 6 from Microsoft 

Email filtering in Outlook Express 6 BlackViper.com. Last Update November 9, 2003 

Perhaps the best way to avoid SPAM is to keep your email address off all web sites, chat rooms, bulletin boards and Usenet. When it has to appear on a web site, the following simple JavaScript script can be used to obscure it from automated programs that "harvest" email addresses. To see it in action, was generated by this script. Hiveware offers an online enkoder that will generate very obscure JavaScripts to do the same thing. 

<script language=javascript>
<!--
var lt = "a message";         //link text
var var1 = "mail";
var var2 = "to:";
var leftpart = "%20groucho"; //your userid preceded by a space
var dn = "marxbrothers";     //domain name
var hlq = ".com";            //high level qualifier
document.write("Send me <a h" + "ref=" + var1 + var2 + leftpart + "@" + dn + hlq + ">" + lt + "</a>")
//-->
</script>
 

Spyware     Top

Heart of Darkness, on a Desktop About programs running on people's computers that they did not know were there. Spyware, Adware and viruses. The New York Times By Katie Hafner September 4, 2003

Escape the Spyware Nightmare How to get rid of Spyware and Adware. PC Magazine July 23, 2003

Pestscan offers free online Spyware detection. So too does Doxdesk (alternate link at Aumha.org). Pestscan was disappointing the one time I tried it. It downloaded multiple ActiveX controls all of which were signed incorrectly. It found one "pest" but the link for more information failed. 

Ad-aware v6 from Lavasoft is a free Spyware detection program

Spybot - Search & Destroy by PepiMK Software is also a free Spyware detection program


Background Information     Top

Security Begins at Home Stephen Manes in the September 15, 2003 issue of Forbes magazine. An excellent article.

Where Do We Go from Here? by Dan Gillmor August 31, 2003. About the sorry state of computing: viruses, spam, ISPs, Microsoft and more. 

Protect Your PC! by Ed Bott. September 1, 2003. 

Cybersecurity and You: Five Tips Every Consumer Should Know from The Washington Post May 16, 2003

I maintain a links page from my Defensive Computing class (over 120K) with links to articles on many subjects, including those discussed tonite.

Tightening The Security Screws In Windows By Larry Seltzer August 21, 2003 

The Microsoft web site has two portal pages on security. One seems to be for home users, the other, from Technet, is for techies.

Protect your PC from Microsoft: 
 For End Users www.microsoft.com/protect 
 For IT Professionals www.microsoft.com/technet/security/tips/pcprotec.asp 
 


  Back to Home Page Last Updated: November 19, 2003