When considering the issue of spam, or junk email, business owners need to also consider ways to prevent spam starting, just as we would rather prevent a disease than treat one. Once your email address is validated out there in the world of spammers it is out of your control how far and wide your address is passed along.

One of the methods used by spammers is to check over the code in a web site looking for email addresses.

One of the design methods used to provide email contact from a web site is to provide the email address actually in the code as a link that will open up the visitors email program with a new email addressed and ready for a message.

Firstly we need to understand that ‘spammers’ are not individual people, they are computer programs. It would be virtually impossible for a person to sit at a computer and search the internet for email addresses, then send emails to those addresses one at a time.

The process involves a computer program, scanning web pages constantly, looking for patterns that look like email addresses and copying the information into a database that then generates the mass emails.

There are better methods available - providing email contact links from your web site using scripts, rather than holding the address on the page where any person or program can search and view the source code.

Some businesses use temporary email addresses from their web sites to try to help prevent spam as well. This can work, however it feels more professional to email someone at a ‘real address’ rather than somewhere like hotmail when making a business enquiry.

How many strategies do you have in place to both prevent and deal with the spam issue?

Spam would have to be one of the single most annoying computer phenomenon we battle with. Often you may wonder why does anyone bother doing it, doesn’t everyone just delete it? Well it may surprise you to know that it remains economically viable because there are no real operating costs apart from managing mailing lists, and it is very difficult to hold senders accountable. The sheer number of spam being sent out means that a very low response rate can net a healthy profit.

The costs really are borne by the public and more so by the internet service provider, due to loss of productivity time and fraud. ISP’s have spent a lot of money adding extra capacity to their services to help people cope with the deluge.

It is estimated that it costs internet users tens of billions of dollars each year.

Spam consumes computer and network resources, and time and attention to dismiss unwanted messages, let alone the costs associated with falling for a scheme initiated by spam!

If you receive spam it is important that you never click on any links in the email. If you do, you could be directed to a false website that contains some malware that could retrieve personal information, banking details and passwords from your computer, and cause your computer to begin sending out spam to others.

Spam blocking techniques fall in one of two broad areas – adding technology to the mail transfer agent or putting the blocking appliance between the transfer agent and the internet.

There are a host of add-ons that can be used with your mail program if it is not cleaning enough spam out on it’s own, that are usually simple to install and use.

The second option is more common for large companies as they can handle high volumes of messages and it requires hardware and an administrator to manage.

Imagine a world without email? I do know some people who don’t use email, but I don’t know anyone in business that doesn’t.

Whilst email has opened up a world of fast, cheap communication, it has also opened up a means of unwanted communications – SPAM. If you wondered where the name came from, think of Monty Python and that haunting song (yes truly!).

Spam would have to be one of the most annoying phenomenons we encounter online and mostly we can recognise it as soon as it arrives, but sometimes the subject lines are clever enough to fool us for a moment. Having said that, it is still a fact that people are drawn into schemes that are obviously too good to be true every day, so it shows that the numbers game spammers play does work.

One of the most important things you can do in relation to spam is NEVER reply to them – many people get fed up with spam and start to hit reply to ‘tell the spammer off, and teach them a lesson’. This is never gets to any person who reads it, let alone learns a lesson, but what it does do is flags your email as an active email account that will respond, and is sold on to other spammers – just the opposite of what you were thinking to achieve!

Another measure you should take is to use a spam filter. Most quality email programs have a spam filtering feature, that allows you to mark off emails you receive as being spam so you don’t receive them again. Good spam filters also ‘learn’ what spam ‘looks’ like – types of subject lines, places they come from, so that you can cut down on the amount you get.

More hints next week on ways to cut down on attracting spam to your email.

… not to be confused with pishing or fishing …

This is a criminally fraudulent process used to obtain information electronically such as passwords, credit card details or a persons identity.

Most commonly the phisher uses an email or instant message and tries to bait you with a legitimate sounding request they hope will ‘catch’ your information.

There are several basic techniques used:

• Fake links - if you don’t look closely you would not notice slight misspellings and think you are going to a real bank or similar site.
• Website forgery - it is frightening how advanced phishers are becoming with their deceptions
• Phone - receiving text messages claiming to be from a bank

There are technologies that can assist in protecting you from phishing attacks.

Mozilla Firefox for example has a lot of built in features to assist.

Google is now alerting you through Firefox of attack sites.

BUT

the main protection is for the internet user to BE AWARE of what they are doing and to understand a few important points.

• No bank will EVER email you about your account details
• No reputable business will EVER email you about your account details
• Phishing emails address you as ‘valued customer’ or such rather than with your own name
• Verify your account is a common phrase
• If you don’t respond in xx hours or days your account will be closed is a common phrase
• Asking you to click a link to confirm or access your account
• Often there are spelling or grammatical mistakes in the email

If you are not sure - contact the business by phone or by a contact you have for them, NEVER by replying or clicking on links in the email!

Always check that the padlock symbol appears when you are logged into any secure web site.

You can report the scam - if in Australia SCAM Watch have links to where you can make your report.

Wikipedia have a good article explaining phishing.

So at the end of the day, you must be vigilant about emails you receive and think before you click.  In some ways phishing is even more insidous than virus and other malware because they rely on YOU to participate.

There are software tools that assist you in maintaining your computer system no matter what kind of system you have and these are important and have their place.
However one thing I learned years ago, when living on a small farm was – vigilance against ticks is the only way to protect a young dog.  I could spend as much money as I liked on any number of chemicals, but nothing is 100% effective, and a single tick is now even more likely to kill a young dog.
The parallel I’m thinking of here is that too often people install antivirus software and then forget to be vigilant.

No antivirus or similar single product can ever give you 100% protection out there in the wild.

Malware attackers are relying on tricking people as anti-malware software becomes more sophisticated.
Phishing for example works mostly by tricking you into thinking that you are at a legitimate site.  The purpose of a phishing scam is to steal your identity – passwords, account details or credit card numbers.

Firefox (a web browser many people use instead of Internet Explorer) checks sites you are visiting against lists of known phishing and malware sites.  Google has also implemented a great tool for Firefox that alerts users that a site contains malware.

Even so, each person using the internet must stay vigilant.

People are busy, tired, distracted and under time pressures, and these factors often contribute to people clicking on links, opening attachments or clicking on OK when they should not have.
Microsoft Windows Vista has the best security to date of any Windows system, but if this decreases the vigilance of the user an attack is still going to happen with potentially catastrophic results.

I had an interesting experience last week.

I had a word document that I had created and had been working on for a week or two.

I converted it to a pdf and sent it to someone using windows for their opinion and they sent back some suggestions for changes which I did.

I then converted to pdf again and sent to my business partner and co-director of BITTS who is using a Mac Book Air with no windows install.

He responded that his antivirus software had alerted him that there was a trojan virus attached.

Well that sparked off having me researching more on virus infection and the Mac and as a result I downloaded and installed iAntiVirus and ClamXAv.

The first run - ClamXAv -  found some infected emails in my junk mailbox that I had not opened as Mail had sent them straight to Junk, and of course I emptied my junk mail immediately.  It found no other infection, certainly none in the pdf I had emailed out, nor the actual email sitting in sent items.

The second run - iAntiVirus - found no infections.

In the meantime Les had all sorts of odd little things happening on his Mac and finally his antivirus declared he was clean.

So without any infection found in the pdf document and no infections apparently having been active on my Mac I simply sent him the file again.

No response from his antivirus this time!

What happened?

I’ve no idea and that’s the truth.

Whatever it was, it was a windows virus and not something that could affect the Mac, and I will take the plunge and say that I suspect that my partners antivirus was giving a false report as it is too odd that with no infections here and no one else reporting an infected mail out from me, that it was something on my machine.

But it is a timely reminder for me who was writing a column about Mac maintenance and the need to avoid becoming complacent about virus.  It’s weird sometimes how things like this can happen in an ironic fashion.

I used to keep Norton AV for Mac, but I decided not to continue when payment time came around and happened not to have installed any of the free programs when this all happened.

The main issue Mac users have is that they can ‘get’ a virus on their computer, but it can’t wreak it’s havoc or damage there, but it may be able to pass itself on to windows people you communicate with.  Then of course it can wreak it’s havoc.

Another common thing I hear said is: but if companies like Symantec make antivirus for Mac then it must be true that they can get infected, everyone else is lying to trick me.

Really all we are doing when we pay money for these programs is filtering out Windows virus threats so we don’t pass them back - a windows virus CANNOT infect and do harm to your Mac!

Below are a few links for you to investigate and think about what steps you might take for your own Mac.

Mac World article on buying a Mac

Digital Trends excellent article

Mac World article on Parrellels (the feature that lets you simultaneously use Windows and Leopard)

Mac World article on Mac Antivirus

Nortons AV for Mac

Avast for Mac and PC

Tid bits article

I do hope all this helps to dispel some of the myths and assist you to choose what path you should take with your Mac

At the end of the day, no matter what software protection you have in place we have to rely on human beings to use the technology.

I like to call this the ‘warmware’.

As a business you can instigate all kinds of policies, procedures and protection software, but if people are interacting with all of this then there is always still a risk.

So how can we minimize this final risk factor?

TRAINING!!

So much of the time the problem is simply that people are ignorant of the risks they are taking.

We can’t do an awful lot about people who are deliberately wreaking havoc - the processes of risk reduction here are quite outside technology - these people need to be identified early and hopefully removed from a position of causing damage.

So back to my point - much of the time the problem is simply ignorance and you hear exclamations such as:

• I didn’t know that!
• I didn’t read that!
• I didn’t see it!
• I thought it meant something else!

I don’t mean any disrespect when I say that in my experience there are way too many people out there in the workplace using computers on a daily basis who have very little idea of what they are doing (so far as technology).

This is not a matter of smart or stupid, but purely a matter of lack of training!

In this context we are thinking about how to safely use the www with a windows computer when there is just so much malware out there. There are a huge number of contexts I could talk about here but I will try to keep myself contained to just the use of the www.

A good way to assess whether your staff could benefit from learning more about safe usage and smart practice out there in the www, and increase your office efficiency, is to have your staff complete a short skills survey on internet usage and threats to ascertain where knowledge gaps are and enable a customised training session to be designed to take your business where you need to get it to.

BITTS specialise in assisting you to assess your training needs and find solutions.

Once you have put defence systems in place and feel you have some strong walls up against malware threats you need to think about the human side of your technology.
How well does your staff understand risk behaviour online?
Certainly a good defence system will prevent some types of risk but care needs to be taken nevertheless.
Most workplaces have policies concerning staff internet usage, and the larger the organisation the more money that is spent on software to monitor that staff are adhering to policies.
This indicates that even with security of anti-virus, anti-malware and firewalls the human factor is still there.
Just as the software protection of your systems has various components, for the user, safe practice when using the web also has various components.

Scams on the web are still rife because it is just a numbers game – hit enough people with something and the small percentage that falls for it could be a huge number of people when you have the whole world to try for.
Recognising suspect pop up windows and knowing how to get rid of them without activating anything.
Giving out information to web sites that may be used by adware.
Using strong passwords and changing them regularly.
Understanding a secure site from one that is not secure and what information is OK to give out either to non-secure sites or emails.
Installing peer to peer software (which means you allow others to connect to your computer to take what you got from others)

The ever-changing nature of the Internet means that your business should continually monitor these threats and budget for staff training on how to be alert to anything suspicious that might confront them. The costs of training will most certainly out way the consequences of your business information falling into the wrong hands.

Malware is the collective term for any software that is designed to infiltrate or damage a computer without the users consent.

Of course the word has been put together from Malicious Software…
It covers a range of types of nasties
Most people think of nasties as the virus but there are now many types of malware and not all of them are viruses, and hence many smart people have more than one type of defence system on their computer.
Some of the types of malware out there are:

• viruses
• worms
• trojan horses
• rootkits
• spyware
• adware
• botnets
• keystroke loggers
• dialers

Quite a range indeed!

Wikipedia reports that as many as one in ten web pages may contain malware.

That’s a real concern if it is true - I often visit up to 40 web pages in a day - for example each week when I am preparing these newspaper columns and blog supplements. So I could be coming in contact with a good handful of malware sources.

(thank god I’ve got a MAC then she says relaxing in her chair again)

Microsoft actually have some good information on this, maybe they are finally taking notice that people are vulnerable?

The main rule for the Windows user is:

ALWAYS have Anti-virus software both installed and updated

ALWAYS have some Malware (at least spyware) software both installed and updated

ALWAYS have a fire wall operating

NEVER let your kids play on the net with your computer if you use it for any important business uses. (they will typically just say yes to anything that wants to install or download)

ALWAYS take care where you go on the net and particularly take care when responding to pop ups and message boxes when using the net.

Now that you have spent your precious time checking all your software licences and generally getting some computer housework done let’s think about the security of your system and how this is maintained.
Maintenance has two components – keeping security software updated and users understanding safe internet usage.
You may have all the best security protection running on your system, but if your staff don’t understand some basic principals they may still open the door to risks.
We have a range of threats to windows-based computer systems out there called ‘Malware’. Malicious software is any software that attempts to harm or compromise your computer system.
The range of malware and methods of infection are varied and sometimes people shy away from wanting to know about it, as it can seem overwhelming.
Every time we take a breath of air we are breathing in a host of microbes unawares and our bodies defence system screens what has entered and deals with any problems. There are many components to the defence system in the body such as nasal hair, skin, and white blood cells.
Computers need a defence system made up of various components too.
A strong defence system on your windows based PC is a necessity.
Most anti-virus packages today include defence against some types of malware, however having specific anit-spyware and adware software is still recommended. These packages offer protection by blocking and defending your system from some hidden dangers even if your staff try to access sites that are not safe.
Installing this software is not enough– the most important thing to remember is that you need it to be updated regularly and install any upgrades offered.
The final strength of your defence will come by having your staff trained in safe internet usage.