2006-09-20

Spam junk email

Freaking junk email, otherwise known as spam has been a growth industry from the early days of the internet.

How do these evil junk emailers get your email address?
* Your ISP might stupidly post a list of their clients' email addresses (yours) on a web page
* You sign up for any service on the net, and they request your email address as part of registration
* You give your details to a company like Telstra, for a product or service that they provide
* You post a message to a bulletin board or newsgroup using your real email address
* You have a web page and want to include information such as contact details, including your email address. The spammer has software that reads the pages on the internet and collects all the email addresses it find.

Damned annoying. My ISP gave me a free email account that I *NEVER* use or give out. I don't like being tied to an ISP address as it causes problems when I change ISPs. GMail, Yahoo, Hotmail all provide excellent services for free. Use them! These services even filter out the spam email quite nicely. Since I never use this account, or give the details to anyone, imagine my surprise when I accidentally logged in and found it full of junk mail. Since nobody had the details except for me and the ISP then I assume the ISP sold the details or they stupidly left them around somewhere.

I have a very old Yahoo email account that I freely give out when registering for anything and this account receives nearly 6000 spam messages a month. I have heard of worse, but I have not been truly prolific about spreading this address. Fortunately Yahoo provides some excellent spam filtering and this account is still usable.

Spam comes via the telephone too. I moved house and got a new land line telephone number. I had to give the number out to a couple companies to have the power connected, insurance, the bank. Then I started getting junk telephone calls the second day I had the number. They already knew my name. At least one of these "respected" companies (Telstra, Energex, WestPac) is selling my details. I know that Credit Card points collecting schemes like FlyBuys recently altered their privacy policy in order to "share" my information.

Sure, Australia might cause a lot of stress to the telemarketers, but then maybe they have that karma coming their way. Come on, I mean, if someone had Telemarketer written on their T-Shirt, would you really slow down your vehicle when you saw them cross the road?

The toughest is the web page deal. If you have a web page, you usually want to include your email address. Spammer programs just trawl the web and harvest these email addresses at will. What are the alternatives? Well have a nice email script program that has your web server send the email. This is awkward for the emailer as they no longer have a nice email program formatting the text and they don't have a record in their email software that the message was sent, or what they said.

CertainKey, known for their cryptographic code, have an idea of using graphics on your web page. In the top right corner of this article is an email address in wobbly script. This is actually an image of the text, not the actuall text of my email account. Spammers require the text to be on your web page, not a picture of the text. This should foil the spammers. You may have seen similar sorts of images on web based registration forms that ask you to register and enter the text in the image. This sorts out automated spamming software from real people quite well. The down side is that visually impaired people will still have problems and sending an email isn't as easy as a single click to collect the address.

When registering for a sight you might also consider using a very cool service such as mailinator which gives you a temporary email address for a short period of time.

For day to day use, I would highly recommend getting a free email account from GMail, Yahoo, or Hotmail. All of which provide excellent spam filtering. Only give out your ISP email address if the free email addresses are not accepted (happens occasionally).

Your email software may very well have spam filtering built in, and if it doesn't you should hunt around for alternative software that does. Your ISP should be filtering for spam, and it should be free (you hear that Telstra?!) If not then you should redirect email (which should also be free) to your yahoo or gmail account and let that account do the filtering.

Lastly, never ever buy anything advertised in spam. Never buy anything from a telemarketer or door to door salesman. They rely on 2% of the population using their services and this makes them rich. Just don't do it. Ever.

2006-09-01

Anti Virus Software

Photobucket - Video and Image HostingAnti virus software has been with us since the days of DOS. For the Microsoft Windows people the virus scanning software is pretty much essential for a multitude of reasons.

There has been a claim that at one stage the virus problem was solved. The operating system would make a check sum of every file, securely store this file, and check every program before you ran it to make sure that the file had not been altered. Not exactly sure how effective that method would be, but it certainly sounds like a start. A free community monitored net based registry might be a similar solution. The story continues that the anti virus software companies realised that it is far more profitable to sell subscriptions to a virus signature scanner rather than checksum protect existing software. Being a profit oriented business they went the signature route.

Now with holes appearing in things like the widely used WEP wireless security, RFID tags used in credit cards and passports, the easily crackable US electronic voting system, and CPU level virtualisation with the Blue Pill proof-of-concept undetectable virus, all indicate that security concerns aren't quite at the forefront of the closed source businesses on the hardware front as well as the software front.

In the early days there pretty much was only one virus scanner, McAfee. These days there are a few dozen. The big mother of all scanners comes from the utility consuming company Symantec. In the early days, Symantec Anti Virus, aka Norton Anti Virus was quite good. Nowadays, Symantec is a piece of poop. Bloated resource hungry software that has every chance of kicking your machine over as it does of defending your computer from attacks. We have numerous complaints at work from users about their computer running slow, these are reasonably spec'd machines with 1.5GHz and 256Meg RAM. Basically these systems are just used for word processing and run quite slickly until the corporate edition of Symantec Anti Virus is installed, after which start up and shut down of applications and the operating system takes far too long. I regularly remove Symantec Anti Virus from the software from systems belonging to friends and relatives, replacing with a free software alternative. They are shocked at the speed increase and ask "Why?". My (possibly ill informed) answer is that Symantec is a company of profit oriented business people who have a passing knowledge of programming. They are more concerned about documenting for certification of their code rather than optimising it. They spend far too much money on suits to market their crap than they do on making their software work properly. This is the Microsoft model of software production.

One school of thought is that if you are going to make a new virus then you would make sure it got past the most popular virus scanners: McAfee and Symantec, so you are far better off installing a non-popular brand of scanner.

The question is: which software should you install? I'm glad you asked. There are a wide range of opinions. If you have huge amounts of RAM, the fastest CPU and don't care about the performance drop then Symantec isn't a completely terrible option. However there are many more alternatives out there that are definitely worth thinking about. Popular amongst the squeakers (adolescent computer nerds) is NOD32, it stands up to the big guys very well, regularly rates higher in detection, is exceedingly fast and is very frugal with computer resources. Kaspersky always rates very highly, regularly at the top in most tests. The free Anti Virus software don't always do so well but aren't the worst, except Avira AntiVir which sometimes rates with the big names.

ThePCSpy did an excellent article on what really slows windows down. Briefly, results were no real surprise.

Software that SLOWS your computer the most:
(1) Norton Internet Security 2006;
(2) McAfee VirusScan Enterprise 8;
(3) Norton Internet Security 2007;
(4) Trend Micro PC-cillin AV 2006;
(5) ZoneAlarm ISS;
(6) Norton Antivirus 2002

Free Anti Virus Software:
Avria AntiVir
Avast
AVG (AVG has some ethical issues, and not a very good performer)

Paid for Anti Virus Software:
Kaspersky
NOD32
Bit Defender
F-Prot
Norman (is not Norton)
Sophos

Reviews of Anti Virus Software:
Virus.gr
av-test.org
Consumer Reports
av-comparitives

Which brings me to the last bit of my discussion. A consumer group "Consumer Reports", who makes claims to be independent from business interests, and I have no reason to suspect otherwise, has taken it upon themselves to test a hand full of the various virus detecting software out there using methods that has the anti-virus companies up in arms. Apparently ConsumerReports created thousands of new computer viruses to see how the various anti-virus software handled detection of viruses that they did not have signatures for. Sounds perfectly reasonable to me. However, some software companies think otherwise. I would put these companies into the small minded, suit-oriented, lounge lizard type companies, but that is just my opinion (like everything here).

From Digg:
More than 100 security experts from companies like Microsoft and HP as well as anti-virus vendors F-Secure, Kaspersky, McAfee, Sophos, Symantec and Trend Micro signed their names to a declaration denouncing Consumer Reports' methods, stating that it is "not necessary and ... not useful to write computer viruses to learn how to protect against them.

Check out the comprehensive article on The Washington Post.

UPDATE: I had a virus infection which AVG totally ignored. Thankfully other people had different/better software (Sophos) and figured out that I was infected. So I bit the bullet and bought Kaspersky, which is still ranked as best by nearly all measures. Kaspersky found heaps of issues, going back to files that I have not touched for nearly 15 years. AVG never even blinked at these. I can't, in good conscience, recommend AVG anymore.

In the end, I think as long as you have some sort of Anti Virus on windows and you aren't monkeying around with dangerous software from disreputable sites, then you should be ok. The companies will probably also want you to buy other security packages like spyware filters, a firewall, antispam and/or email virus scanners (most virus scanners will scan email), and even parental control software (block naughty web sites). All worth your consideration to one extent or another, just remember that each extra software program will have to be active and running on your computer, using up RAM and CPU time. You don't want to make your computer so secure that it becomes too slow to be usable.

Kind of like the situation in the world, you have a government so concerned with security that they are prepared to sacrifice your freedom, making it very difficult to do anything just so you are more secure.

Or just get a Mac.