Full Service Computing and Networking for Small Business

Spam, Scams, and Evilware

Gone are the days when viruses and worms were written in their bedrooms by teenagers without girlfriends for the sheer joy of vandalism. Also gone are the days when installing one of the leading anti-virus programs was all you needed to defend against the work of those teenaged losers, few of whom had much programming talent. There’s money to be made over the Internet, and organized crime, freelance crooks, and unethical but legal scam artists all have the funds to hire skilled programmers. Several of the big names in defensive software have lost their edge, and the bad guys are ahead of even the better current defensive technology.

And Mac users are not immune. Windows is nowhere near as vulnerable to attack as it was years ago, and as Windows' security improved over the years the bad guys developed bigger guns, some of which have been used successfully against Macs. No operating system, not even Mac OS, is impenetrable. Last May there was a widespread attack on Macs, which Apple refused to acknowledge and ordered their support people not to help customers with until public outrage got too uncomfortable.

You’re not helpless, but you need careful behavior as much as you need defensive software.

Scareware / Rogue Anti-Virus

You have a virus!
You have spyware!
You have naughty pictures!
On your Mac!
Not!

One of the more insidious forms of evilware is rogue anti-virus software, often called scareware. Pop-ups blast you with notification that you have been infected with virus, spyware, or other evil software; or embarrassing content has been found on your computer; and click here to buy a clean-up program.

Not Windows, nor Mac OS, nor any legitimate anti-virus program will ever pop up such a message. No matter how legitimate it looks, don't fall sucker for it, and the sooner you can dismiss the warning the better.

Spam, Spam, Spam, Spam ...

Spammers only send what makes them money. There still are people who believe they can get 20% for helping the widow of an assassinated Nigerian prince spirit her late husband’s fortune out of the country. And people who believe they won Real Money in an overseas lottery. And people who believe nice Russian girls want to meet them. As long as suckers keep sending them free money, they’ll keep sending spam that asks for it.

Or click here or open this attachment for an amazing opportunity. Or to get a mis-delivered package from the Postal Service, FedEx, UPS, DHL, or other courier. Or purportedly from a real newspaper reporting the the pop tart du jour's latest indiscretions or another chemically enhanced ball player. They're all bogus, they're all illegal, and they'll all get you one way or another if you let them.

Also dangerous are "phishing" E-mails asking you to validate your bank / credit card / Facebook account's username and password. Don't! (See below for our article on phishing.)

Don't bother marking anything as spam and don't click any links, not even an unsubscribe link. Just delete it and move on.

Phishing and Spear Phishing

No bank, credit card company, the IRS, or other merchant or financial institution will ever send you a request to verify your account and password. This is called phishing. (We didn't make up the silly word.) Bad guys are quite skilled at impersonating legitimate web sites, which is actually very easy to do. With not much extra effort they can create targeted E-mail, called spear phishing, that gets lots of people to believe it's addressed directly to them: "Dear Springfield High School graduate:" "To All General M Employees:" "To Jacob's parents:"

Don't fall for it. Don't click the unsubscribe or any other link. Just delete it and be done with it.

Evilware

Whether you click a link or open an attachment in spam, visit a legitimate web site that has been compromised, visit a tacky web site, fall sucker for a fake anti-virus, click an ad from an evil outfit on a legitimate web page, or other, evil software can slip past your anti-virus software and get installed on your computer. There are many variations on that theme, but almost all of them are designed to take money that isn't theirs or to attack a person or company.

Anti-Virus

Back in the day one of the leading anti-virus programs was all you needed to protect against viruses and worms. Today you need a lean, mean program that can defend against many types of known attacks and against yet-to-be-seen attacks, known as Day 0 attacks.

There are good products available for free for home users and small businesses, and there are many products out there that you can purchase, some better than others, some with features you don't need, and several of the top defensive programs of yesteryear have lost their edge.

Safe Computing

The most important practice for safe computing is not to open any attachments or click any links in spam, pop-ups, or other attempts to trick you into running or installing software that misleads you into thinking you want it. Be very careful of ads you see, even on legitimate web sites. Also disable autorun, which might be able to run an evil program on a CD or USB flash drive without asking you.

After that, keep your software up to date, not only Microsoft, but also Apple and Adobe. Microsoft products are much improved safety-wise, but Adobe Reader (formerly called PDF Reader), Flash, iTunes, and QuickTime (used by iTunes) all get frequent security updates. Unfortunately, some of them include in their critical update list non-critical items, particularly new web browsers, that should not be installed by everyone.

For defense, a hardware firewall with NAT, which is built into most DSL, cable, and public Wi-Fi modems and routers, should be mandatory. Windows Firewall and other third party software firewalls enhance resistance to attack but are insufficient on their own. Also run a good anti-virus/anti-spyware program. We recommend against the two biggest names in the market.

©2005-2011 AES Systems Corp. | | 630-673-0184