It's a good idea to check what programs run automatically at startup. Windows 98/Me systems can use MSConfig and Windows XP systems can use the services console to see what is running in the background. Unwanted programs can be detected and disabled. Any spyware can then be removed.
Avoiding spyware in the first place is the best defense. Use common sense in installing software. Check out any potential download with the spyware databases given in the references in the sidebar. Exercise caution when visiting strange Web sites.
Some references recommend disabling ActiveX entirely. While this will prevent many unwanted controls from installing, it will also break useful applications. Using the Firefox or other non-Microsoft browser is another recommendation for those who wish to avoid ActiveX problems. However, any commonly used browser is still susceptible to other types of script and the security settings for scripting should be consulted.
"Phishing" is a form of identity theft that used to be done over the telephone. Now, however, the crooks have gone high-tech and are using the Internet for their con games. Most commonly this consists of sending out emails purporting to be from a legitimate source such as a financial institution. Under some false pretense, such as the claim that your account needs verifying, an email will ask that you go to a Web site by clicking on a link in the email. When you go to the Web site, you are asked to "update" or "confirm" personal information such as account numbers and passwords. The Web sites may look just like a legitimate page but they are bogus sites designed to steal from your accounts. The link in the email may read like it leads to an authentic site but actually takes you to a fake page.
The first large-scale example of "phishing" was several years ago when many AOL users were tricked into divulging their passwords. Their accounts were then used for the scammer's purposes. Since then, many other institutions have been attacked. For example, in 2003 many people received emails supposedly from eBay claiming that the user’s account was about to be suspended unless they clicked on the provided link and updated their credit card information. The scammers use mass-mailing methods and many of the recipients did not even have an eBay account. However, all it takes is 1 or 2 per cent responses for the con to result in a nice haul.
Recently, banks have been a favorite target of "phishing". ISPs, banks, etc. do not ask for passwords and the like to be entered by email. Be suspicious of any email message that asks for personal information. Don't ever follow a link in an email that asks you to update or verify sensitive information. If you want to contact a company, go to their Web site by using a link from your records or telephone them.
The origin of using the name of the Hormel Company canned meat product for junk email is attributed to various sources, including Monty Python. Whatever the origin of the name, spam is a truly major email nuisance. The ease with which large electronic mailing lists can be set up and the essentially cost-free (to the mailer) process of email means that almost anyone can send out huge quantities of advertising or other messages. Around half of all email is estimated to be spam.
In theory the best defense against spam is stay off the mailing lists. So how do we get there in the first place? Unfortunately, it is almost impossible to keep your email address hidden from determined marketers. Once on a list for any reason, your address may be sold and resold many times until it is on dozens of lists. CDs with millions of email addresses are readily available for a few dollars. Any action that you take that might expose your email address on the Internet can end you up on spammer’s lists. Participation in chat rooms, newsgroup discussions, investment forums are all ways to get on lists. In a practice called “harvesting,” spammers use software called “spiders” to regularly comb the Internet for addresses. Also, many ISPs offer the option of being listed in a directory and these are fair game for advertisers.
Shopping on the Internet, signing up for newsletters, entering contests, registering to download software, or other activity requiring that you provide your email address can also get your name on lists. Although reputable merchants, newsletter writers, shareware sites, etc. will respect your privacy, some sites may feel free to sell your name to others. Always look for a statement of the policy on privacy before signing up for something.
Another method used by spammers is the “dictionary” attack. By combining all common words and names (with variations like joe1, joe2, joe3, etc.) with all the common providers such as AOL, Hotmail, MSN, Earthlink, computer programs can generate millions of possible email addresses. Many of these will be legitimate and the spammer doesn’t care about the ones that bounce. The cost of mailing to a lot of incorrect addresses is too small to be any deterrent. Thus some people advise using uncommon combinations of symbols for your email address.
Everyone should have several disposable junk email address that they use where public exposure is likely. One of the free services like Hotmail or My Yahoo serves admirably for this purpose. If an address starts to attract spam, it can just be discarded.
You can also “munge” your address in places like Newsgroups. To “Munge” is to add easily recognized extra characters to your address along with the accompanying phrase “remove xyz to obtain address”. Thus myname@myISP.com becomes myname@mynospamISP.com. The only trouble is that address harvesting software can be programmed to strip out obvious strings like nospam although many times they don't bother.
One method of dealing with spam is to block or filter mail from known spammers or that contain particular subjects or key words. This can be done either on your email program or with special software. The common email programs like Outlook Express allow for setting up rules that apply to categories like senders, subjects, and textual content. Check your particular email client for the details. For example, in Outlook Express go to the menu under Tools-Message Rules. The problem is that spammers keep changing or faking their ostensible names and addresses as well as using phony subjects. Personally, I have found that rules and filtering within my email program may keep out some spam but that it is only a partial answer to the problem. You can also install some extra software. There are a slew of utilities devoted to stopping spam. The best types of programs use a statistical technique known as Bayesian filtering. These programs set up filtering rules based on actual experience and "learn" how to improve filters from the email that you receive. See the sidebar for references on this technique and on various software programs.
Businesses and those who are big users of email will need some heavy-duty methods of filtering spam but average PC users who receive only a few emails each day can use a program like MailWasher Pro. Also, ISPs are getting better at filtering and may also provide some way for individual users to create filtering rules.
There are also services that will filter your mail. By collecting large databases of known spammers and using their client’s emails to keep up with the latest tricks and twists of the spammers, these services can be better at stopping spam than software located on your own computer. These services naturally slow down the processing of your mail since it has to go through their server. Several are listed in the sidebar.
Note that no matter whether you filter mail with software on your own computer or use an external service, some spam will get through and some legitimate mail will get blocked.
Although there are many ways to try to block spam from arriving in your mailbox by using software or filtering services, my experience is that spam has reached the point where one of the best defenses is to have more than one email address. You can reserve one address for friends and relatives and have a second throwaway address that is changed fairly regularly. This second address would be the one that is used whenever it might be subject to public exposure. Many ISPs allow for an account to have multiple mailboxes and one can be set aside for junk. If the volume builds up, the box can be discarded and replaced by a new one. Another route is to use one of the free Internet email services like Yahoo or Hotmail. Yet another approach is to use one of the services that provide email addresses with a limited lifetime. For example, SpamGourmet will give you addresses good for a certain number of uses only.
The last and perhaps best defense is common sense and the “delete” key. Don’t open obvious spam messages and be very careful about responding to “Remove me from this list” type of addresses. That may very well just get you on more lists. Also note that formatted spam may contain Web Bugs that tell the spammer if you have opened that mail.
REFERENCES
1. http://surfthenetsafely.com
2. http://www.pctools.com
3. http://bt.counterpane.com