Canadian flag.  

Canadian flag. Click here to get to the home page. Maple leaf bullet. Home Maple leaf bullet. Donate Maple leaf bullet. Archives Maple leaf bullet. About Us Maple leaf bullet. Search Maple leaf bullet. Free E-mail Maple leaf bullet. Contests Maple leaf bullet. Links Maple leaf bullet.
Maple leaf bullet. Resources Maple leaf bullet. Maps Maple leaf bullet. Subscriptions Maple leaf bullet. News, Sports, Weather and Lotteries Maple leaf bullet. Webfeeds Maple leaf bullet.

Please help keep going.  The Libera Manifesto. ... More Canadian trivia than you can shake a hockey stick at!
  Maple leaf bullet. Contests

We had nine lucky prize winners in our first-anniversary giveaway who won nine different prizes. Check out the contests page for all the juicy details on what you missed.

Maple leaf bullet. Next issue

We're running a slightly different format these days. Rather than publish a longer newsletter on a set weekly schedule, we're sending shorter newsletters on an irregular basis these days. Hope you enjoy!

Maple leaf bullet. Subscriptions

You too can receive these newsletters in your e-mail. All you need to do is enter your e-mail address in the form in the top, right-hand corner of any page on the site and click the "GO!" button. So sign up now, eh!

Maple leaf bullet. Suggestions

If you have a suggestion for an article, factoid, joke, statistic or anything else for the newsletter, please send it to our researcher. Any comments about this Web site can be directed to the webmaster.

Click here for more results.

Covering Your Computing Assets.

December 7, 2001.

[Craig] Below is a reprise of an article I have written and rewritten several times over the years. I have updated it again, and present it to you below in the hope that you will learn something new from it. Please, feel free to forward it to your friends.


Covering Your Computing Assets
By Craig Hartnett (

I love you. I was considering sending today's newsletter out with this subject line. How about, "Join the crew" or "Virus Alert!" or even "Get rich quick!"? More recently you might have been flattered to receive a message asking for your learned advice: "I send you this file in order to have your advice". Sound familiar? If you have an e-mail account, then these probably sound all too familiar. Today I'm going to address four areas surrounding electronic mail communications: hoaxes (virus and otherwise), chain letters, unsolicited commercial e-mail (more affectionately known as "spam"), and "netiquette".

First, let's define the scope of this article, as well as a few terms. It's not my goal to impart to you the total knowledge required to be the system administrator of a mail server (the computers that hum in the background of the Internet sending and receiving e-mail). All I would like to do is, hopefully, open your eyes to a bigger picture, and arm you with some knowledge so that you can make intelligent decisions when it comes to your e-mail (and covering your assets). Some terms you will need to know are as follows:

Virus: A program or script that, when executed, will carry out (usually undesirable) actions on your computer. Commonly feared consequences are formatted hard drives and loss of stored data by other means. There are many kinds of programs that can do nasty things — a virus is just one particular type of "malicious code". Others you may have heard about are called vandals, Trojan horses and worms. For computer geeks there are subtle, but important, differences between different types of "malicious code". For the rest of us, the term "virus" is what we usually use to describe them all.

Spam: Unsolicited commercial e-mail (UCE) or unsolicited bulk e-mail (UBE). Junk e-mail. The Internet equivalent of flyers, and letters from Ed McMahon in your mail box. Believe it or not, spam actually costs you money. Ask your ISP or server administrator.

Signature: A block of text created by a user, automatically appended to the end of every e-mail message sent by that user. This is usually identifying information such as name, company name, Web site address, e-mail address, phone number, fax number, postal address, and/or any other information the sender deems pertinent. Some e-mail programs allow you to select from a number of different, user-created signatures before sending your message. Services like Hotmail also allow you to create a signature.

Netiquette: A combination of the words "net" and "etiquette", this term is used to describe the etiquette to be followed when relating to others via electronic means. Much of humanity's etiquette has been around for hundreds of generations, and so is second nature to us. However, electronic communication has only been around for a very brief moment in our history, and so many people are unaware of the nuances of netiquette. Here's an example: did you know that WRITING EVERYTHING IN CAPITAL LETTERS LIKE THIS is considered very rude? Why? Because, according to the rules of netiquette, capital letters indicate that you are SHOUTING. This may be appropriate under some circumstances, but not usually.

Now that we have the formalities out of the way, let's launch into hoaxes. The most common hoaxes that I receive concern virii (according to my Latin schooling, that's the plural for "virus"). The problem with almost all virus alerts that I receive, is that they are hoaxes. If you ever heard the story of the boy who cried "Wolf!", you'll realise that forwarding all of these virus hoaxes causes the real warnings to go undetected or unheeded. Here's how to recognize a hoax, without the necessity to have any technical knowledge at all:
  • They have wild, panicky language.
  • They refer to someone (usually a big software or anti-virus company) having released news about a virus "yesterday" or "this morning". "'Yesterday' from when?" is the question you need to ask yourself — there is no date referred to in the "warning" e-mail.
  • They urge you to pass this on to all your friends as soon as possible.
  • They don't provide any references or links to Web sites of recognized anti-virus authorities or software vendors where you can confirm the existence of the particular threat referred to in the message. If they do, the links are dead or, in one case, point to an unrelated press release on the Web site of a major company mentioned in the "warning" e-mail.
  • They tell you that there is "no cure" for this particular virus. The truth is that most virii are discovered, reported to anti-virus software vendors, and "cures" written within days, usually before the virus has spread to any appreciable extent.
One of the best virus hoaxes of recent months was the one that told you that you might find a malicious file on your computer. The hoax told you where to look and the name of the file. Sure enough, there it was... on every single post-Windows '95 computer. It was a file that was an essential part of the operating system, yet many people blindly deleted this file. Who says hackers have to be clever at writing virus code? All they need to do is ask you to do the dirty work for them! (Reminds me of the joke about the Newfie virus.)

So what do you do if you really want to find out for sure whether or not a warning you just received is a hoax? Good question, and a responsible course of action before forwarding any virus alert. One good place to start is "HoaxBusters", a Web site run by the "Computer Incident Advisory Capability" of the United States Department of Energy. They document all of the hoaxes that come to their attention, which is probably all of them. You might also want to check any of the other resources that are available, links to which are found at the end of this article. They include sites where you can find information on real virii, and how you can protect yourself or recover from them. If the warning you've received doesn't check-out, please don't forward the warning. Just delete it and pass a copy of this message onto the person who, probably unwittingly, sent you the hoax.

Some notes on computer virii: It used to be axiomatic that simply reading an e-mail message could not do any harm to your computer. Older virii relied on human ignorance, needing the person receiving it to run an executable program or script that came attached to an e-mail message before any harm could be done to the data on the computer. Such programs cannot and will not run by themselves. However, although this style of transmission is "older", it is still widely used. If you get an attachment from a source that you do not know or do not completely trust, check it with a virus scanning program. If you don't have such a program, get one, install it, and keep it updated. Otherwise delete the attachment without clicking on it or doing anything else to it.

A common ruse used to get you to open an attachment these days is to name it something that looks familiar. We're all used to receiving pictures from family and friends and, even if you don't know exactly what it means, you're probably used to seeing file names like suzy.jpg or bob.gif. The (usually) three letters after the dot are called the file extension, and (in Windows anyway) they determine what program is used to open the file. As of today, virus writers have not figured out how to use .jpg and .gif files to transport virii. However, they often send files named something like SUZY.JPG.vbs (note the use of upper- and lower-case letters.). If you're not paying attention, you'll think it's just a .jpg picture of Suzy and click on it. What you didn't notice is the .vbs file extension hiding in lower-case letters. This is the real file extension and, in this case, VBS stands for visual basic script, a script written in a programming language called visual basic that will execute the virus and infect your computer. Sorry, no picture of Suzy included.

A computer virus cannot cause your computer to melt-down, explode or kill you, all of which have been claimed possible by various hoaxers. Contrary to folklore, no computer virus can harm you. Unless, of course, it's your job to keep them at bay, and your boss smacks you for failing, or you happen to receive a virus capable of operating the robotic, miniature Canadarm attached to your computer, which then bops you on the head.

Please keep in mind too, that technology is constantly changing. Weaknesses have been discovered in some popular e-mail programs that can be exploited. However, the usual result seems to be a little inconvenience rather than massive amounts of lost data. The lessons to be learned in most cases are two-fold: stick to plain text e-mail, and consider buying (yes, buying) a good, supported e-mail program. I will elaborate on these two points near the end of this article in my "Ten Commandments of Safe Computing".

Fixes for the various attacks have been made available by the program vendors. Get them, keep the programs up-to-date, and back-up your data. Assume your friends and business associates do likewise, to the extent that you don't flood them with virus warnings. However, be suspicious of any attachments you receive, especially (yes, especially) from people you know. If you keep up-to-date with your anti-virus software and software patches from the vendors of the other software you use, then you have little to worry about. Only pass on virus alerts that are timely and which you have personally verified with a reliable source, usually a software vendor such as Microsoft, or a well known and respected virus lab (two of which are listed below).

Another note on attachments. Considering the virii that appear every day and they ways in which they re-transmit themselves, it is rude in the extreme to send someone an attachment without a note in the body of the e-mail message explaining what the attachment is. While a personal note does not guarantee the file is safe to open, it goes a long way to satisfying the recipient that it was personally sent to him or her by a human, not by a self-replicating virus.

There are other hoaxes, of course: ones that either tug at your wallet or your heart, or both. These need no technical explanations from me, just the use of a little of your common sense. If you find your common sense being tested (as I do on occasion), check the Canadian Consumer Information Gateway Web site for information on pyramids, ponzi schemes and the like.

Chain letters — it seems people either love them or hate them. Put me down in the latter (and, I believe, much larger) group. I love to get jokes from friends, but I get very irritated by chain letters. Let's face it — I don't have the e-mail addresses of ten people I want to annoy, so I guess I'm just a loser because I'm not going to forward this message within 90 seconds of receiving it. Some chain letters straddle the line between hoaxes and chain letters, offering you financial reward for following the "simple" directions. Don't bite — hit the delete button instead of the forward button. Trust me — there will be more good karma in the universe for you if you don't forward it, and the people you used to send them too will like you a whole lot more. By the way, messages that refer to "e-mail tracking programs", or dying children in hospital whose last wish is that you get sucked into their chain letter, are certain hoaxes, chain letters, or both.

Forwarding chain letters and hoaxes leads nicely into spam. Ever wonder how spammers get your e-mail address? One way is when a message that has been forwarded countless times reaches a spammer. Spammers love people who don't delete the header and signature information from the body of messages that they forward. These messages are a gold mine of e-mail addresses.

Here's a simple procedure that will hide all of the recipients with most, if not all e-mail programs and services (including programs like Eudora or Outlook, and services like Hotmail): put all recipients in the "Bcc" (blind carbon copy) field, not the "Cc" or "To" fields. If you have to put something in the "To" field, put your own e-mail address, or a fake address that you know does not work.

Another way your address makes it onto the mailing lists of spammers is if you post messages in newsgroups or on Web message boards using your real e-mail address. This is a difficult situation because you probably actually want people to e-mail you, otherwise you wouldn't be participating in such forums. One way to defeat the automatic collection of e-mail addresses from these places is to use an e-mail address that (technically speaking) does not exist, but can be interpreted and corrected by a human. Some people have taken to inserting strings of letters into their e-mail address like "NOSPAM" or "DELETE_THIS". So, if your e-mail address is, you might use bob@smith.comDELETE_THIS. Obviously that's a bad e-mail address — a relatively stupid program designed to "harvest" e-mail addresses won't know how to fix it, but a real human sending a message only to you will know to delete the "DELETE_THIS" part of the address to get your real e-mail address.

What do you do when you receive spam? The first thing you do not do is reply to it, or send a message to the supposed "removal requests" address. All this does is confirms for the spammer that he has a good e-mail address on his list. The second thing you do not do, is do business with the spammers. Don't reward them for sending you what amounts to postage-due messages. Beyond that it's a matter of personal preference, as well as philosophical debate, what you do next. For some time I used to diligently attempt to trace the origin of the spam and have various accounts used to send the spam shut down. However, the reality now is that the accounts used are throw-away accounts — the spammer never plans to use them again, as he knows they will be shut down. You're not interrupting his or her personal or business e-mail by having an account shut down. These days I am more apt to take a quick look at the message to see if there is any obvious way I can strike back, before I just hit the delete key.

What can you do to prevent spam from even getting to you if your address is already on spammers' mailing lists? More and more ISPs are offering mail filtering services that automatically filter the spam from your e-mail and forward you just the good stuff. The filters are not 100 percent effective but, in my experience, they are very close and a huge improvement in the situation. If your ISP doesn't offer this service, harass them until they do, find another ISP that does, or use a third-party solution. I have linked to a couple of third-party solutions at the end of this article. I use, and have been very happy with the results.

Finally, there's netiquette. Some of what I have already discussed with regard to what you should or shouldn't do in certain situations, is actually netiquette. It's good netiquette not to forward hoaxes and chain letters. It's good netiquette not to do business with spammers. It's good netiquette to put multiple recipients of a message in the "Bcc" field so that they are hidden from the other (and subsequent) recipients. It's good netiquette to clean up forwarded messages by removing header and signature information, as well as forwarding marks. It's good netiquette not to use all capital letters in your messages.

One of the things that you need to remember is that the intended recipient of a message (whether it be via e-mail, on a message board, or in some form of a chat or instant messaging situation) cannot see your facial expressions and body language. This can lead to misinterpretation of your remarks, causing offence, embarrassment, discomfort or any number of other unintended reactions. It's true that the same can be said for other forms of communication, such as a written letter. However, as I said earlier, since the written letter has been a form of communication for thousands of years, rules have evolved that have become almost second nature to many people, whether they be writing a formal business letter or a personal letter to a grandmother. Because a written letter takes more time and effort to prepare and send, the writer often spends a little extra time choosing the right words to ensure that what is understood by the reader is what is meant by the writer. Nowadays, in a society where instant gratification has come to be expected, people spend all of 30 seconds writing an e-mail message, which will be transmitted around the globe in milliseconds, and cause offence in record time.

What can you do to prevent this? Take a little extra time out of your busy life to put yourself in the reader's shoes, read your message, and see if it says what you mean. Adopt a consistent style in your writing, so that your correspondents know what to expect from you. This style need not be something formal set out by a rule book (although that's not a bad place to start) but can simply be something that you have developed through conscious effort that reflects your personality. In more personal communication, where you are more likely to do something like crack a joke and, unfortunately, where people are often more likely to take offence, you can use "smileys" — a combination of punctuation marks that, when used together, resemble a face turned on its side. Here are some examples: :) — a smile, :-) — a smile (nose included), ;) — a wink, :( — a sad face, :> — a grin. The possibilities are endless. There are also some abbreviations that you can use that symbolize actions. For example, if you tell a joke, you can follow it with "lol", which stands for "laughing out loud", so that the reader can almost picture you in his presence, telling the joke, and then laughing. While these can liven up personal e-mail and on-line chat, however, they are generally not used in more business-like communication, even by e-mail.

As promised, here are my "Ten Commandments of Safe Computing". The points here are to remind people about some simple steps they can take to reduce the risk of exposure to threats from "malicious code" and the potential for a resulting loss of valuable data and profits, and how they can react to situations encountered in the on-line world. Here they are:
  1. Know your software: Read the documentation for your software, especially concerning security. Set you security settings on Web browsers to at least "medium", and on e-mail programs to "high".
  2. Update your software: Check the vendors' Web sites regularly for updates, especially security-related updates and patches.
  3. Install anti-virus software: As with all other software, check the vendor's Web site regularly and update it as frequently as the vendor suggests.
  4. Educate yourself: There are several good Web sites that are devoted to virus control and elimination, some of which offer timely e-mail updates and virus alerts. If they do provide such alerts, subscribe to them.
  5. Use plain-text e-mail: E-mail was only ever intended to communicate in words something concise and to the point. HTML formatted e-mail may look pretty, but hidden behind the HTML coding in more and more recent cases can be a threat to your computer and your valuable data.
  6. Pay for e-mail software: Spend the few extra dollars to buy a good, supported e-mail program. Unfortunately, many of the recent attacks we have seen via e-mail have all targeted a particular (or a very few particular) free e-mail programs. Because they are ubiquitous, and because this particular software vendor is an easy target, they invite the attention of hackers seeking to cause widespread damage and garner maximum publicity.
  7. Back-up your data: If all else fails, a recent back-up of your data can replace data corrupted or destroyed by a virus.
  8. Don't forward hoaxes and chain letters: By not forwarding these types of messages, you are contributing to the solution, not contributing to the problem.
  9. Don't encourage or do business with spammers: As you have seen, there are ways to prevent the e-mail addresses of your family, friends and colleagues falling into the hands of spammers. Don't reward spammers by buying their products or services.
  10. Obey the rules of "netiquette": Take a little time to ensure that what you have written is what you want your intended recipient to read.
A computer virus is a serious matter, and hoaxes and chain letters that ask for money are no better. It seems to make sense to pass along warning messages, and some chain letters are just fun, aren't they? As I have described, and I'm sure you'll now agree, neither of these statements are true.



On Sunday John will profile Emily Carr, tell you about Midland, and Mundy's Bay, Ontario, give you some cooking tips for turkey, deal with the effect of inflation on a Christmas carol, and will give you the lyrics for 21 more carols.


[Craig] That's it, that's all. I'm in a good mood today after receiving news yesterday that my company will have a nice new project to work on very soon. It sure beats the week I had last week!


Today's resources
Did you enjoy the read? Why not subscribe or donate?
NinerNet Communications
Maple leaf bullet. Your Account

Your e-mail address:

Maple leaf bullet. Free E-mail

E-mail Log-in:
New users
sign up!

Maple leaf bullet. Search

Site search currently unavailable. Sorry.


Maple leaf bullet. Credits

Writer and Researcher:
John MacDonald.
Technical and Editor:
Craig Hartnett.
Web Site Hosting and Design:
NinerNet Communications.

Please help keep going.

  Alberta flag.
British Columbia flag.
Manitoba flag.
New Brunswick flag.
Newfoundland flag.
Northwest Territories flag.
Nova Scotia flag.
Nunavut flag.
Ontario flag.
Prince Edward Island flag.
Quebec flag.
Saskatchewan flag.
Yukon Territory flag.
Spacer. Spacer. Spacer.
Home Please help keep going. Top
Maple leaf bullet. Home Maple leaf bullet. Donate Maple leaf bullet. Archives Maple leaf bullet. About Us Maple leaf bullet. Search Maple leaf bullet. Free E-mail Maple leaf bullet. Contests Maple leaf bullet. Links Maple leaf bullet.
Maple leaf bullet. Resources Maple leaf bullet. Maps Maple leaf bullet. Subscriptions Maple leaf bullet. News, Sports, Weather and Lotteries Maple leaf bullet. Webfeeds Maple leaf bullet.

This page (/friday/friday-2001-18-12-07.shtml) last updated 2005-02-21 01:04:22 UTC.
Copyright © 2000-2010 All rights reserved. Privacy Policy
Web site hosting and design by NinerNet Communications.