CaveatAll information is provided in good faith, but I cannot accept any responsibility for any errors, omissions or deficiencies it might contain, or for the quality of the software or services provided by any site to which I have provided a link. I have not checked or used all the software or the suppliers and offer no personal endorsement of any product or service.

Phishing

"Phishing is as lucrative as it is prolific. According to the UK payments body, APACS, phishing scams and Trojan keystroke loggers were behind UK online bank fraud totalling £12m in 2004; while it has been estimated that nearly seven million phishing emails have been sent across the UK in one month alone".

Advice: Anti-Phishing Working Group


A few years ago virus were a minor annoyance - probably less of an annoyance than hoax warning messages.  But today the writers of computer viruses represent a threat that is real and has to be taken seriously.

Early viruses 'infected' a system area on floppy discs and spread when people shared discs.  Then came ones that spread by e-mail, for a long while they needed you to open an 'infected' file and used all sorts of trickery to get you to do that. Then came a few that only needed you to read an email without needing to open an attachment.  Now we have some that propagate over the internet without even using email.

These ones that don't need you to do anything exploit defects (euphemistically called security vulnerabilities) in Microsoft operating systems (so Apple users are far less at risk).  When these vulnerabilities are detected Microsoft develop and release an update (or 'patch') - but this is itself a double edged sword for it tells the virus writers about a vulnerability that they can seek to exploit before many people download the 'patch'.

But the majority of viruses are still ones that need to trick you into opening an attachment.

Today the advice for avoiding viruses has to be:

Security Updates

These are a 'must'.  In the 'start' menu you should have a 'windows update' link.  Use it while on-line and if you are offered security updates then have the system install them.  The system will also off you all sorts of other upgrades from other languages to new 'desktop themes' and even a new version of Internet Explorer.  Personally I take very few of these non-critical offerings.

Tests - how do I find out if I am at risk from hacking?

These are among the web sites who offer to remotely test your PC and report the adequacy of its protection.

Antivirus Software

If you have not got any anti-virus software on your PC it might be worthwhile looking to see what was supplied on the back-up installation discs that came with the PC when you bought it. I found that the disc that supported my PC's motherboard came complete with a copy of Trend's antivirus product - but while the PC's software was nominally "preloaded" by the manufacturer neither this nor a couple of other useful programs had been installed.

Here are a selection of links that I have come across, or had recommended to me, at some time in the past.

Free on-line virus scanners

Towards the end of this page are links to some other resources.

If you have a broadband connection (ie connected to the internet all the time) or connect via dial-up for extended periods then your exposure to non-email threats is greater.  So security updates are even more important, and you may wish to install a 'firewall'.

On-line checks

Most AntiVirus companies offer a free on-line virus scan.

Microsoft offer a servive they described thus ; "Get a free safety scan for your computer. It's like taking your PC in for a tune-up and oil change at the service station. Windows Live Safety Center is a free, Web-based service that gives you quick, on-demand PC health and security scans. It also has straightforward explanations about online threats and a vibrant online community where you can get answers to questions about your PC."  I've not used it myself so I would welcome any feedback.

Spotting Infected e-mails

Self spreading such as "I Love You", "Melissa" and "SirCam" have received a lot of publicity - yet they still propagate.

Most viruses (also called worms or trojans) will come to you as an email, possibly from someone you know (although they won't know they have sent it).  It will use some ploy to encourage you to open an attached file. It is the attached file that is the danger for it is not whatever the email claims it to be, but a copy of the virus program.

If you 'open' the attached file you actually execute the program which will send copies of the email (or a variation on the email) to everyone in your address book, and then probably go on to do some damage to the files on your hard disc, or perhaps set a time bomb to do damage later.

So how to recognise such an email?

  1. Most importantly, the attached file name will end in .bat, .com, .lnk, .pif, .scr, .vbs or .exe.


    It may masquerade as a benign file type by using two extensions, for example kornakova.jpg.exe which you might think is a picture (jpg) when it is actually the very last part of the file name (in this case exe) that indicates the type.
    Another twist to this masquerade is a file name that uses the .com extension in a name that appears to be an Internet link.  The first example I saw was an attached file called www.myparty.yahoo.com The problem  exists when this masquerade is an attached file, not a web link included in text.

  2. The message may be a give-away to those who have their guard raised:
  3. Recent viruses are getting really quite devious in their attempts to get you to open the payload, so the message is not always a give-away.  I have received a few lately that masquaraded as a returned email sent to an invalid address.  It was hoped that I would open the attachment to see what duff email I had sent. The "bugbear" virus worm that started circulating about Sept 2002 mails random personal messages from your email files and attaches a payload that bears the name of a file in your personal filing area - though with the extra extension on the name.

It does no harm to always be suspicious of email attachments. If in any doubt don't open the attachment.
What else could you do?

Word, Excel and Powerpoint files can contain macro viruses so it is as well to also be cautions with these unless you are confident about the credentials of the sender. However since about 1997 these programmes have been reasonably robust against macros and warn you if a file contains macros (though it cannot tell you whether they are rogue macros or intended ones).

When you 'delete' an email it will almost certainly just be moved to the 'trash' folder.  To be certain of getting rid of rogue emails, go to the trash folder and delete the file again from there, then look for a command 'compact folders' or 'compact mailboxes' in the pull down menus and do that also (in Outlook Express it is under 'folders' in the 'file' menu).


Hoax Warnings

A hoax message has one objective - to get you to pass it on to everyone in your address book.

So perhaps the most tell-tale sign is that this request features promenantly in the message.  It will try to scare you by labouring the claim that whatever "virus" it is telling you about is the most destructive thing yet found.  It will claim superior credentials, for example purporting to quote the FBI or Microsoft.

A variation is a hoax that tells you to look in your Windows folder for a specific file name.  It tells you that if you find it then you have the virus, and you should delete the file and tell everyone in your address book because it will have been propagated to them.  You will, of course, find the file - it's a legitimate Windows system file, and deleting it is not a good idea!!  A recurring example tells you to delete "jdbgmgr.exe". This is what one anti-virus company have to say about it.

Please, do not forward virus "warnings" without checking them out first. Start by going to the "hoax" pages of any antivirus company.

Here is a selection of hoax-related links that I have come across, or had recommended to me, at some time in the past.

As well as malicious authors of viruses, there are also people out to make money though scams.  Here are some anti-scam sites I have been told about fraud.org, scam free zone, scam watch


Spy-ware

Ad-Aware and Spybot are two programs that seem to be favourably reported as tools to remove spy-ware. I have seen a suggestion that you run both!  
At www.trendmicro.com/spyware-scan is an on-line service to scan and remove spyware.

Passwords

Poor passwords will compromise your security.  There is some advice on good passwords here.


Firewalls 

Most firewall software for home users is available in free or trial versions.

Browser

For some years Microsoft Internet Explorer has been very nearly the only browser to be used - but now an increasing number of people are moving away from it.  The most likely reason for them doing so is concern over security.  Mozilla Firefox is arguably the most popular alternative and as discussed in this article Protecting Your Security and Privacy with Firefox  it is reported to offer many advantages.  Firefox is free and downloadable from www.mozilla.org


A new spam campaign claiming to be a postcard from a family member is weaving its way through the internet. When opened on an unprotected PC the 'postcard' unleashes a trojan viruses capable of stealing personal details from online bank transactions. The email does not contain the virus but a link to a supposed e-card that contains the virus.

"There's a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity," said one AV company's representative "If you receive an unexpected virtual postcard it may prove wise to simply delete it."

current virus status (from a third party)

Scams

"If it sounds too good to be true then it almost certainly is not true." A well worn cliché, but still people fall victim. The Nigerian money laundering scam is a classic, but it and variations on the theme keep coming along. If you have not seen it the message purports to be from someone (typically an official) who has (improperly) come by a lot of money and needs your help to get it out of the country - for which your will be rewarded handsomely. Once the perpetrator has ingratiated himself they will request money on some pretext before the funds can be released. Need I say more? They've been known to ask for more and more and bled vulnerable people dry. Oh, by the way helping to transfer money in the way suggested by the fraudster would be a criminal offence.

Guidance

Here is a page of guidance provided by somebody else