Home Donate Archives About Us Contests Links
Resources Subscriptions News, Sports, Weather and Lotteries Webfeeds
We had nine lucky prize winners in our first-anniversary giveaway who won nine different prizes. Check out the contests page for all the juicy details on what you missed.
We're running a slightly different format these days. Rather than publish a longer newsletter on a set weekly schedule, we're sending shorter newsletters on an irregular basis these days. Hope you enjoy!
You too can receive these newsletters in your e-mail. All you need to do is enter your e-mail address in the form in the top, right-hand corner of any page on the site and click the "GO!" button. So sign up now, eh!
If you have a suggestion for an article, factoid, joke, statistic or anything else for the newsletter, please send it to our researcher. Any comments about this Web site can be directed to the webmaster.
Covering Your Computing Assets.
December 7, 2001.
[Craig] Below is a reprise of an article I have written and rewritten several times over the years. I have updated it again, and present it to you below in the hope that you will learn something new from it. Please, feel free to forward it to your friends.
Covering Your Computing Assets
By Craig Hartnett (firstname.lastname@example.org)
I love you. I was considering sending today's newsletter out with this subject line. How about, "Join the crew" or "Virus Alert!" or even "Get rich quick!"? More recently you might have been flattered to receive a message asking for your learned advice: "I send you this file in order to have your advice". Sound familiar? If you have an e-mail account, then these probably sound all too familiar. Today I'm going to address four areas surrounding electronic mail communications: hoaxes (virus and otherwise), chain letters, unsolicited commercial e-mail (more affectionately known as "spam"), and "netiquette".
First, let's define the scope of this article, as well as a few terms. It's not my goal to impart to you the total knowledge required to be the system administrator of a mail server (the computers that hum in the background of the Internet sending and receiving e-mail). All I would like to do is, hopefully, open your eyes to a bigger picture, and arm you with some knowledge so that you can make intelligent decisions when it comes to your e-mail (and covering your assets). Some terms you will need to know are as follows:
Virus: A program or script that, when executed, will carry out (usually undesirable) actions on your computer. Commonly feared consequences are formatted hard drives and loss of stored data by other means. There are many kinds of programs that can do nasty things a virus is just one particular type of "malicious code". Others you may have heard about are called vandals, Trojan horses and worms. For computer geeks there are subtle, but important, differences between different types of "malicious code". For the rest of us, the term "virus" is what we usually use to describe them all.
Spam: Unsolicited commercial e-mail (UCE) or unsolicited bulk e-mail (UBE). Junk e-mail. The Internet equivalent of flyers, and letters from Ed McMahon in your mail box. Believe it or not, spam actually costs you money. Ask your ISP or server administrator.
Signature: A block of text created by a user, automatically appended to the end of every e-mail message sent by that user. This is usually identifying information such as name, company name, Web site address, e-mail address, phone number, fax number, postal address, and/or any other information the sender deems pertinent. Some e-mail programs allow you to select from a number of different, user-created signatures before sending your message. Services like Hotmail also allow you to create a signature.
Netiquette: A combination of the words "net" and "etiquette", this term is used to describe the etiquette to be followed when relating to others via electronic means. Much of humanity's etiquette has been around for hundreds of generations, and so is second nature to us. However, electronic communication has only been around for a very brief moment in our history, and so many people are unaware of the nuances of netiquette. Here's an example: did you know that WRITING EVERYTHING IN CAPITAL LETTERS LIKE THIS is considered very rude? Why? Because, according to the rules of netiquette, capital letters indicate that you are SHOUTING. This may be appropriate under some circumstances, but not usually.
Now that we have the formalities out of the way, let's launch into hoaxes. The most common hoaxes that I receive concern virii (according to my Latin schooling, that's the plural for "virus"). The problem with almost all virus alerts that I receive, is that they are hoaxes. If you ever heard the story of the boy who cried "Wolf!", you'll realise that forwarding all of these virus hoaxes causes the real warnings to go undetected or unheeded. Here's how to recognize a hoax, without the necessity to have any technical knowledge at all:
So what do you do if you really want to find out for sure whether or not a warning you just received is a hoax? Good question, and a responsible course of action before forwarding any virus alert. One good place to start is "HoaxBusters", a Web site run by the "Computer Incident Advisory Capability" of the United States Department of Energy. They document all of the hoaxes that come to their attention, which is probably all of them. You might also want to check any of the other resources that are available, links to which are found at the end of this article. They include sites where you can find information on real virii, and how you can protect yourself or recover from them. If the warning you've received doesn't check-out, please don't forward the warning. Just delete it and pass a copy of this message onto the person who, probably unwittingly, sent you the hoax.
Some notes on computer virii: It used to be axiomatic that simply reading an e-mail message could not do any harm to your computer. Older virii relied on human ignorance, needing the person receiving it to run an executable program or script that came attached to an e-mail message before any harm could be done to the data on the computer. Such programs cannot and will not run by themselves. However, although this style of transmission is "older", it is still widely used. If you get an attachment from a source that you do not know or do not completely trust, check it with a virus scanning program. If you don't have such a program, get one, install it, and keep it updated. Otherwise delete the attachment without clicking on it or doing anything else to it.
A common ruse used to get you to open an attachment these days is to name it something that looks familiar. We're all used to receiving pictures from family and friends and, even if you don't know exactly what it means, you're probably used to seeing file names like suzy.jpg or bob.gif. The (usually) three letters after the dot are called the file extension, and (in Windows anyway) they determine what program is used to open the file. As of today, virus writers have not figured out how to use .jpg and .gif files to transport virii. However, they often send files named something like SUZY.JPG.vbs (note the use of upper- and lower-case letters.). If you're not paying attention, you'll think it's just a .jpg picture of Suzy and click on it. What you didn't notice is the .vbs file extension hiding in lower-case letters. This is the real file extension and, in this case, VBS stands for visual basic script, a script written in a programming language called visual basic that will execute the virus and infect your computer. Sorry, no picture of Suzy included.
A computer virus cannot cause your computer to melt-down, explode or kill you, all of which have been claimed possible by various hoaxers. Contrary to folklore, no computer virus can harm you. Unless, of course, it's your job to keep them at bay, and your boss smacks you for failing, or you happen to receive a virus capable of operating the robotic, miniature Canadarm attached to your computer, which then bops you on the head.
Please keep in mind too, that technology is constantly changing. Weaknesses have been discovered in some popular e-mail programs that can be exploited. However, the usual result seems to be a little inconvenience rather than massive amounts of lost data. The lessons to be learned in most cases are two-fold: stick to plain text e-mail, and consider buying (yes, buying) a good, supported e-mail program. I will elaborate on these two points near the end of this article in my "Ten Commandments of Safe Computing".
Fixes for the various attacks have been made available by the program vendors. Get them, keep the programs up-to-date, and back-up your data. Assume your friends and business associates do likewise, to the extent that you don't flood them with virus warnings. However, be suspicious of any attachments you receive, especially (yes, especially) from people you know. If you keep up-to-date with your anti-virus software and software patches from the vendors of the other software you use, then you have little to worry about. Only pass on virus alerts that are timely and which you have personally verified with a reliable source, usually a software vendor such as Microsoft, or a well known and respected virus lab (two of which are listed below).
Another note on attachments. Considering the virii that appear every day and they ways in which they re-transmit themselves, it is rude in the extreme to send someone an attachment without a note in the body of the e-mail message explaining what the attachment is. While a personal note does not guarantee the file is safe to open, it goes a long way to satisfying the recipient that it was personally sent to him or her by a human, not by a self-replicating virus.
There are other hoaxes, of course: ones that either tug at your wallet or your heart, or both. These need no technical explanations from me, just the use of a little of your common sense. If you find your common sense being tested (as I do on occasion), check the Canadian Consumer Information Gateway Web site for information on pyramids, ponzi schemes and the like.
Chain letters it seems people either love them or hate them. Put me down in the latter (and, I believe, much larger) group. I love to get jokes from friends, but I get very irritated by chain letters. Let's face it I don't have the e-mail addresses of ten people I want to annoy, so I guess I'm just a loser because I'm not going to forward this message within 90 seconds of receiving it. Some chain letters straddle the line between hoaxes and chain letters, offering you financial reward for following the "simple" directions. Don't bite hit the delete button instead of the forward button. Trust me there will be more good karma in the universe for you if you don't forward it, and the people you used to send them too will like you a whole lot more. By the way, messages that refer to "e-mail tracking programs", or dying children in hospital whose last wish is that you get sucked into their chain letter, are certain hoaxes, chain letters, or both.
Forwarding chain letters and hoaxes leads nicely into spam. Ever wonder how spammers get your e-mail address? One way is when a message that has been forwarded countless times reaches a spammer. Spammers love people who don't delete the header and signature information from the body of messages that they forward. These messages are a gold mine of e-mail addresses.
Here's a simple procedure that will hide all of the recipients with most, if not all e-mail programs and services (including programs like Eudora or Outlook, and services like Hotmail): put all recipients in the "Bcc" (blind carbon copy) field, not the "Cc" or "To" fields. If you have to put something in the "To" field, put your own e-mail address, or a fake address that you know does not work.
Another way your address makes it onto the mailing lists of spammers is if you post messages in newsgroups or on Web message boards using your real e-mail address. This is a difficult situation because you probably actually want people to e-mail you, otherwise you wouldn't be participating in such forums. One way to defeat the automatic collection of e-mail addresses from these places is to use an e-mail address that (technically speaking) does not exist, but can be interpreted and corrected by a human. Some people have taken to inserting strings of letters into their e-mail address like "NOSPAM" or "DELETE_THIS". So, if your e-mail address is email@example.com, you might use firstname.lastname@example.orgDELETE_THIS. Obviously that's a bad e-mail address a relatively stupid program designed to "harvest" e-mail addresses won't know how to fix it, but a real human sending a message only to you will know to delete the "DELETE_THIS" part of the address to get your real e-mail address.
What do you do when you receive spam? The first thing you do not do is reply to it, or send a message to the supposed "removal requests" address. All this does is confirms for the spammer that he has a good e-mail address on his list. The second thing you do not do, is do business with the spammers. Don't reward them for sending you what amounts to postage-due messages. Beyond that it's a matter of personal preference, as well as philosophical debate, what you do next. For some time I used to diligently attempt to trace the origin of the spam and have various accounts used to send the spam shut down. However, the reality now is that the accounts used are throw-away accounts the spammer never plans to use them again, as he knows they will be shut down. You're not interrupting his or her personal or business e-mail by having an account shut down. These days I am more apt to take a quick look at the message to see if there is any obvious way I can strike back, before I just hit the delete key.
What can you do to prevent spam from even getting to you if your address is already on spammers' mailing lists? More and more ISPs are offering mail filtering services that automatically filter the spam from your e-mail and forward you just the good stuff. The filters are not 100 percent effective but, in my experience, they are very close and a huge improvement in the situation. If your ISP doesn't offer this service, harass them until they do, find another ISP that does, or use a third-party solution. I have linked to a couple of third-party solutions at the end of this article. I use Despammed.com, and have been very happy with the results.
Finally, there's netiquette. Some of what I have already discussed with regard to what you should or shouldn't do in certain situations, is actually netiquette. It's good netiquette not to forward hoaxes and chain letters. It's good netiquette not to do business with spammers. It's good netiquette to put multiple recipients of a message in the "Bcc" field so that they are hidden from the other (and subsequent) recipients. It's good netiquette to clean up forwarded messages by removing header and signature information, as well as forwarding marks. It's good netiquette not to use all capital letters in your messages.
One of the things that you need to remember is that the intended recipient of a message (whether it be via e-mail, on a message board, or in some form of a chat or instant messaging situation) cannot see your facial expressions and body language. This can lead to misinterpretation of your remarks, causing offence, embarrassment, discomfort or any number of other unintended reactions. It's true that the same can be said for other forms of communication, such as a written letter. However, as I said earlier, since the written letter has been a form of communication for thousands of years, rules have evolved that have become almost second nature to many people, whether they be writing a formal business letter or a personal letter to a grandmother. Because a written letter takes more time and effort to prepare and send, the writer often spends a little extra time choosing the right words to ensure that what is understood by the reader is what is meant by the writer. Nowadays, in a society where instant gratification has come to be expected, people spend all of 30 seconds writing an e-mail message, which will be transmitted around the globe in milliseconds, and cause offence in record time.
What can you do to prevent this? Take a little extra time out of your busy life to put yourself in the reader's shoes, read your message, and see if it says what you mean. Adopt a consistent style in your writing, so that your correspondents know what to expect from you. This style need not be something formal set out by a rule book (although that's not a bad place to start) but can simply be something that you have developed through conscious effort that reflects your personality. In more personal communication, where you are more likely to do something like crack a joke and, unfortunately, where people are often more likely to take offence, you can use "smileys" a combination of punctuation marks that, when used together, resemble a face turned on its side. Here are some examples: :) a smile, :-) a smile (nose included), ;) a wink, :( a sad face, :> a grin. The possibilities are endless. There are also some abbreviations that you can use that symbolize actions. For example, if you tell a joke, you can follow it with "lol", which stands for "laughing out loud", so that the reader can almost picture you in his presence, telling the joke, and then laughing. While these can liven up personal e-mail and on-line chat, however, they are generally not used in more business-like communication, even by e-mail.
As promised, here are my "Ten Commandments of Safe Computing". The points here are to remind people about some simple steps they can take to reduce the risk of exposure to threats from "malicious code" and the potential for a resulting loss of valuable data and profits, and how they can react to situations encountered in the on-line world. Here they are:
== PREVIEW ==
On Sunday John will profile Emily Carr, tell you about Midland, and Mundy's Bay, Ontario, give you some cooking tips for turkey, deal with the effect of inflation on a Christmas carol, and will give you the lyrics for 21 more carols.
[Craig] That's it, that's all. I'm in a good mood today after receiving news yesterday that my company will have a nice new project to work on very soon. It sure beats the week I had last week!
== LINKS AND RESOURCES ==
Did you enjoy the read? Why not subscribe or donate?
Free email is no longer available.
Search currently unavailable. Sorry.
Writer and Researcher:
Technical and Editor:
Web Site Hosting and Design:
Home Donate Archives About Us Contests Links
Resources Subscriptions News, Sports, Weather and Lotteries Webfeeds
This page (/friday/friday-2001-18-12-07.shtml) last updated 2005-02-21 01:04:22 UTC.
Web site hosting and design by NinerNet Communications.