Computer Security Question for Gregg

Gregg,
I've been gone a few days, and had a buddy check my mail and junk. He (I) received several mails in my Bulk box stating one my e-mails was being cancelled. He opened one, to see what was up, and it contained a questionnaire, so he deleted it.

All of the notices look as though they are from one of my mail carriers, but are in the Bulk folder. My carrier writes me in my In folder. I have contacted my carrier several times and get standard form notes reference viruses etc..., but nothing concerning my service. My service seems to work fine even though I get daily notices.

Do plishers use valid carrier ID's? If I'm getting bogus mail, I imagine several others are also receiving similar notices. I doubt they realize this could be a way to access pass codes and other data. I'm sure I'm not the only idiot with computers. Could you advise ways to verify whether the carrier originated the mail, or if there is a way to determine if it is bogus?

I have read all the carrier data on the subject, and write to question authenticity, but still get form notes saying to ignore suspicious mail. Do carriers send to the Bulk folder? I always get my carrier notices through my In folder.

I'm sure your answer will help others (?) with like problems.
Thanks

 

No matter how helpful, somebody (NOT you!) will get their knickers in a twist over it.

 

Same

If it weren't so late, I'd edit-out the question. I know it's stupid, but I don't know a lot of computer pros. I don't mind admitting my ignorance. My time limit was up. I tried to edit a post, after about eleven minutes, followed the directions and felt like a real jerk when I questioned the process.

Just disregard the question, please! Or delete it if you are a moderator.
Thanks

 

There are no stupid questions. Don't worry about it.

The latest craze in phishing is to for phishers to send emails to you seemingly from your Internet Service Provider (ISP) in which you are asked to read some information in an attachment; or which contains an HTML-based (as opposed to a plain-text-based) email message... and, in either case, some kind of virus or trojan is contained therein.

If you open them, the virus or trojan will get planted on your machine.

If you know how to read the header of an email, you can quickly see that these kinds of messages are not, in fact, from your ISP. They just need to be deleted (or left in the bulk folder, if that's where they, gratefully, end-up all by themselves; and then delete them therefrom as you do the rest of your bulk mail folder's contents).

An emailer can't send to any of a recipient's folders. As long as you've not set up any filters yourself which place certain kinds of incoming messages into certain folders upon arrival, all incoming email arrives in your inbox. If it ends-up in the bulk folder of your web-based email interface, then it's because your web-based email provider (or your ISP, if that's who it is) has created a filter rule which put it there. Most of the phishing emails pretending to be from ISPs are known to the ISPs very early in their lifetimes and so they end-up in your bulk folder of your web-based email interface... where they belong. If your email interface is not web-based (i.e., if it's an email client on your machine, like Outlook, or Outlook Express or Eudora, etc.), then folders and filter rules are entirely up to you. Your ISP or email service provider has nothing to do with that.

EDIT: See the words in bold, added later, in the immediately preceding paragraph.

One thing you need to do is make sure your anti-virus software is working and, most importantly, is up to date; and another thing you need to make sure if is that you're running some kind of good anti-spyware package... and that it, too, is always up to date.

You also need to be running a firewall. If you're using a dial-up connection, a firewall's not quite as necessary as it is when you're constantly connected via a DSL connection, or a cable modem connection, or a fractional T1 or whatever high-speed connection (other than dial-up) you're using. If you're constantly-connected (or, at least, if your computer is connected pretty much any time it's one, as is the case with DSL and cable modems and other such connections), then you most definitely need to be using a firewall.

Fortunately, in the case of all three of these types of software, there are some very good products -- in the case of spyware, one of them being best-of-breed -- that are completely free for personal use on a home machine. If you need to know where to find what I consider to be the best ones, just let me know.

I hope that helped... or did I miss a salient issue somewhere along the line? If so, just let me know.

 

Same

Thanks Gregg, I knew you would explain it in a manner I could understand. I have all the protective systems you mentioned, but would like your advice on specific programs, the ones you think are best. Along with my "paid-for" programs, I have Ad-Aware and Spy-Bot. Would like to keep as much trash as possible from infiltrating and mining (?) data. It's not as if anything is important, it's just the principle that it's my junk. The guys at the stores are useless. I could work there. And each has a different idea as to my needs. Usually walk out pissed and ready to buy a log. Then I'd have to find a native tutor to teach me "Log-talk". I'm good with an abacus, for storing information, but the neighbors get upset when I try smoke signals. I remember riding my bike 10 miles, to tell someone something unimportant, because it was more fun than a phone and more private.
-.-. .-.. .- -.--

 

AD-Aware and Spy-bot are IMHO the two best out there for spyware removal. I am quite fond of SpamBayes to take care of my Spam (works quite well too) and I just recently started using the free Version of AVG Virus on all but two or three of my computers in my house.

 

Same

Thanks MichaelR, I forgot to download AVG on my new computer. Now it's done been done. I hope I don't have so many raincoats that it slows things down. I have cable, but it seems to be slow today. Maybe it's normal, I don't know. I also have Microsoft and Avast. Had to stop the Avast firewall as it was interfering with everything. Seems like the rest work well together. If not, I'll just back-up a day.
Take Care

 

This thread was helpful to me as well. Thanks, guys. Glad the whingers didn't spot it.

 

Same

I'll think of some more simple-minded questions. They come to me easily. Go Figure?

 

Re: Same

MichaelR's got it right.

Spybot Search and Destroy is probably best, and Ad-Aware is right up there... both free. Windows 95 users (if any of you still exist out there) should use Spybot version 1.3 or lower. With either program, there is no system tray, constant-monitoring feature (unless, in the case of Ad-Aware, you pay for the not-for-free version). So you must keep it up to date, and run it weekly, or at least semi-monthly against your entire hard drive.

Another free anti-spyware product worth looking at is Spyware Blaster, which is quite different from either Spybot or Ad-Aware. Spyware Blaster is more of a browser innoculation sort of product. It knows what browser exploits are out there and "innoculates" the Windows registry against them. It doesn't run in the system tray, and you don't run it against your whole hard drive once a month, like you should your Spybot/Ad-Aware or your AVG type products. You just launch it, update it, then tell it to protect you against everything in its database. Then you close it. From that point on, any browser exploits it encounters which are in its database are not permitted to install themselves; or, if they are, they're not allowed to put the code into your registry that allows them to launch when next your machine is booted. Spyware Blaster keeps 'em from properly installing; and Spybot or Ad-Aware finds and deletes 'em when next you whole-disk-scan. It's a killer combination.

Spyware Blaster has a cousin called Spyware Guard that's also a "must have." It sits in the system tray and monitors your browser's default homepage. If any web site tries to forcibly make itself your browser's homepage, Spyware Guard pops-up a warning and lets you decide whether to allow the new web page to become your browser's default homepage, or to keep it the way it was.

AVG (free edition) is probably the best of the free anti-virus programs out there. You may need to register and get a serial number, but doing so is free. As with all anti-virus products, you must keep it up to date or it won't know about new viruses, trojans, worms, etc. Let it sit in the system tray and watch for anything incoming from web sites or email; but also manually scan your entire hard drive at least monthly... preferably twice monthly or, if you have the time and inclination, weekly. But no less often than monthly.

As for firewalls, there are several free ones out there and they're all pretty good, but when it comes right down to it, ZoneAlarm (free edition) is still best-of-breed among the free ones. While it may not have quite as many bells and whistles as some of the other free ones (and definitely not as many as its fee-based big brothers), it seems to stop more stuff -- including weird new stuff created since it was last updated -- than any of the others. It's simply a well-written, tight, pretty-darned-bug-free piece of software that's about as good as one can get for free. In the beginning you tell it to pop-up a dialog every time something tries to get in or out, and you allow all your various Internet programs (like Outlook/Outlook Express, Internet Explorer, the update routines for your spyware and anti-virus programs, etc.) to connect; but then you say "no" to pretty much everything else. After a while you'll have your computer trained to know what stuff to allow and what to deny, at which point you can configure it to stop alerting you altogether and to just sit there, in the background, doing its job.

Among the free anti-virus and/or firewall programs out there, Avast has become a huge problem of late. It's no longer worth a damn, in my opinion. Its godawful, modern, obviously-created-by-a-gamer interface pretty much says it all. Stay away from it.

Most people working in any of the big name computer stores couldn't punch their way out of a technical paper sack. They're worse than nothing at all. Independent computer store employees, on the other hand -- especially the owners -- can be quite knowledgeable sometimes. Just depends.

I've been thrown out of many of the larger stores over time. I remember when EggHead software stores were common. Every single time I went in one, I'd overhear an employee misleading some poor, hapless customer. Sometimes, if it was bad enough, I'd break in, saying something like, "I'm sorry... I don't mean to interrupt, but I just can't stand it anymore. This, young man -- whose intentions, I'm sure, are good -- hasn't said one thing to you in the past five minutes that's true. You're being misled faster than you can say 'bits, bytes and baud rates.' Here... let me explain..." and while I was so doing, the young man would be getting his manager who, about a third of the the time, would ask me to leave. Most computer store employees are no different than Burger King or McDonalds employees, except they don't have to wear paper hats... and they know about as much about computers. Stay away.

I dunno if any of that actually helps, but I certainly hope so.

 

Thanks for all this great information Gregg!

And thanks Clay for asking the question!

 

Same

Thanks again Gregg, should I delete all of Avast? And rely on my Microsoft to do the job? Is it alright to download your suggestions without causing a problem with the MS stuff? You have to remember you are way beyond my level and I don't want to add/delete anything important. Stuff pops-up asking if I want to install a list of things I know nothing about. The Geek dude is waiting for me to call because I told him I give him my computer next time he showed-up. Hell, I've paid more for him to push buttons than the computer cost. I'm gradually learning, thanks to you and others, but I'm still a novice attempting to cause as little damage as possible. I don't know much, but I know more than several folks who have been at it longer than I. Can I download Blaster and Guard free or do I need to purchase them. I don't mind, if you recommend them. I just don't want any trash. Been there, done that and wasted a bundle. Also, is there a way to speed this thing up? It's has all the guts but seems slow with mail. Keeps all the junk out, but takes time to load In mail. And when I defrag it takes forever. Is that the way it;s supposed to work? Sorry to keep buggin ya, but a lot of folks have the same problems and don't want to show their ignorance. So I'll take point.
Zolas alyijd, u sparen mijn bacon

 

defragging always takes forever, and I personally quit defragging when I started using window's 2k and I at one point used 0&0 degfrag on my system but found it really didn't make much of a difference. I say that defragging on win2k and better machines probably only needs to be done once a year. I believe the other programs he mentioned are free but I am not sure.

The problem with MS firewall is it doesn't work as well as you would hope. It only blocks incoming and won't block outgoing. If you really feel you need a firewall, then use the free version of Zonealarm. I can't remember the rest of your questions and I have a firepit to construct so good night.

 

Re: Same

Yes, it's awful. And replace it with ZoneAlarm (free edition) to which I linked in my earlier post. Leave Microsoft firewall turned off.

Generally speaking, only one anti-virus program should be installed on a given machine at a time. And only one firewall. Only one anti-spyware product such as Spybot or Ad-Aware should be installed at a time, but either of those can co-exist with Spyware Blaster and Spyware Guard.

But it's really important -- and I can't stress this enough -- that all anti-virus software that you may now already have be completely de-installed and all traces of it removed before downloading and installing AVG AntiVirus.

Same for firewalls. The Microsoft firewall can be merely turned off and left on the system. But the Avast firewall -- and/or any others that you may happen to have installed -- all need to be completely de-installed and all traces thereof removed.

Doing the "all traces thereof removed" part would actually require, in order to do it completely properly, some manual system registry editing... but, ohgod, don't try that! Just be satisfied with complete de-installation, and leave well enough alone.

Yes. Just make sure that if you're running ZoneAlarm as your firewall, the Microsoft firewall is turned off. Actually, ZoneAlarm takes care of that on Windows XP during installation. Still, you should probably turn it off before installing ZoneAlarm. And before de-installing any of it, or installing anything new, remember to turn off the feature in Windows that lets you rollback to a previous state. If you don't know how to disable it, let me know.

They're free.

Cool as they are, they're just anti-spyware "helper" products. If you could only have one of the four anti-spyware products I've talked about, download and use Spybot Search & Destroy.

The killer combination is Spybot Search & Destroy, and then Spyware Blaster and Spyware Guard. And, as always, remember to keep them all up-to-date.

If you have an anti-virus program running in your system tray; and if it's monitoring all incoming email, then that would slow it down. Scanning incoming email takes time... from one fourth longer to up to twice as long as it would if your anti-virus software were not automatically scanning all incoming email. If that's the only thing that seems slow to you, then it's probably the virus scanner doing its thing.

You really only need to defrag if you're using a version of Windows that sits atop DOS. Windows ME, 98, 95, 3.1, and lower, all sit atop DOS. DOS uses a highly inefficient disk allocation and access methodology which causes lots of fragmentation. Defragging with versions of Windows that sit atop DOS should happen maybe two to four times a year or so; and should always be done with Windows booted into "safe" mode so that terminate-and-stay-resident (TSR) programs don't fool the defragger into thinking that some other program is trying to access the hard drive (which makes the defragger think it needs to start all over again). If you're not defragging with Windows booted into "safe" mode, the repeated re-starts of the defragger could be what's making it take so godawfully long.

But even in "safe" mode, it can take a long time. An old 400 MHz machine running Windows 95/98 and with a mere 20 GB hard drive that's 70% (or more) full can take 24 hours or longer to defrag. Faster machines will defrag faster, of course, but their larger hard drives mean it will still take a long time (though probably more like all night and into the next morning, rather than 24 hours or longer).

Windows NT, 2000 and XP all use a completely different disk allocation and access methodology which makes defragging virtually unnecessary... at least not much more than annually... if even that.

With larger, faster machines and hard drives, defragging, no matter which operating system you have, generally produces only modest overall speed increases. It was a bigger deal with older, slower machines, but today it's not such a big deal. I know people who have never done it, and they're probably doing about as well as if they had. I wouldn't worry too much about defragging, just generally. I'm not saying never do it. Just concentrate more on keeping viruses, worms, trojans, and spyware off your machine.

 

Same

Gregg,
How do I turn-off the rollback thing? And I installed AVG before turning everything off

 

Re: Re: Same

Every day a school day here. Keep it coming.

 

Thank-ee!

Greg:

All of your suggestions and advice above are - to all of our DI/IT-newbies, even some seasoned users and pros like yours truly - pure gold! Note that I took a major leap of faith/trust and wrote "all of your suggestions," not "most ......"

They are very helpful, indeed, made even better by the light humor and funny anecdotes. Thank-ee.

Gentle advice: Watch out for some of those IT-store managers, though. You are not necessarily a threat to their profit margin, but more likely, to their "little knowledge" base. You know the saying: "a little (computer) knowledge is a dangerous thingy."


Thanks.

 

Same

One of you guys, please help! I think I have too many mail checkers (?) and would like to have just the one that comes with my server. It kept all the trash at bay. The time has tripled to download mail now, and being used to super-fast cable has become a habit, someone find some cans and string.
J u s t a p o k i n ' a l o n g

 

Part 1 of 2

Since this thread seems to be attracting onlookers, and is clearly becoming some kind of unofficial seminar of sorts, I'll first explain, briefly (yes, I actually can be brief) the rollback feature, why it can be a problem if not turned off when it needs to be, and how to do so...

The system rollback/restore feature on Windows XP (and, actually, on Windows ME, too... but we'll just concentrate on Windows XP here) securely stores system data that can then be used to "rollback" your system to a previous state. The use for this would be if your system has suddenly become squirrely for reasons you cannot fathom, and you'd like to roll it back to a prior state when it seemed to be working fine. Conceptually, it's like a backup of your system (but, really, only certain system files) that you can use to restore your system to they way it was back when the backup was made.

Personally, I hate the feature because rolling back is not really the right thing to do more often than most users realize; and once they learn of said feature, they tend to overuse it or, more accurately, misuse it. Also, the feature is so effective that it can backup copies of system files infected by viruses, trojans, worms and/or spyware (to which we will, hereinafter, for the sake of brevity, refer to, simply and collectively, as "exploits). This means that a machine which is relatively exploit-free but which, suddenly and inexplicably, becomes unstable can be rolled back to a more stable, but nevertheless exploit-rich state. It's a Microsoft attempt at idiot-proofing that's actually more dangerous than it's worth; and it's turned off, permanently, in all my machines... but that's just me.

Another reason I have it turned off on all my machines is because the rollback/restore feature often interferes with installation/de-installation programs/routines, and/or anti-spyware/anti-virus programs... among others. Because of this, if a given person insists on keeping the rollback/restore feature up and running, then it may have to be turned off before doing certain things... like, for example, de-installing/installing things, or doing a whole-system anti-virus or anti-spyware scan... just to name two.

• WARNING: Though I'm about to explain how to turn it off, the reader should be warned that doing so will remove all existing restore points; and you will not, therefore, be able to use the rollback/restore feature undo changes to your computer made while said feature was turned off. I'm not saying that changes made to your computer while the rollback/restore feature was turned off can't be undone at all. I'm simply saying that one can't use the rollback/restore feature to undo them. Any changes made to your computer can always be undone by one means or another. I'm just saying that if the rollback/restore feature is turned off when said changes are made, then the rollback/restore feature cannot be used to unmake said changes. The reader should also know that turning off the rollback/restore feature may make it impossible to rollback/restore, once it's turned back on, to anything other than the most recent prior state.
  
  When (and if) the rollback/restore feature is subsequently re-enabled, it will create new restore points and will continue to monitor changes to your system from that point forward. Personally, again I say, so what! I don't use/rely-on rollback/restore anyway, so I couldn't care less what happens to the restore points. But, then again, I know how to fix vitually anything that could happen to a given installation of Windows... so I have no hesitation to fly without the rollback/restore net. If you would rather have it running just to be safe, then fine. But for certain things, it really needs to be turned off now and then... and what I'm about to describe will tell you how to do it.
  
  For those who would like to learn about the rollback/restore feature straight from the horse's (Microsoft's) mouth, see this knowledgebase article. As you read it (that is, if you read it), keep in mind that Microsoft thinks it's a cool feature... while I do not. Therefore, the article is more positive about its value and utility than am I.

Turning-off the Windows XP
System Rollback/Restore Feature

The system rollback/restore feature (simply called the "System Restore" feature in Windows XP) is enabled by default on new Windows XP installations. If you've never turned it off before (or if no one has ever done it for you), then it's likely that it's now in the "on" state on your computer. To turn it off:

1. Left-single-click the "Start" button in the lower left corner of the screen.
   
2. Right-single-click My Computer. A menu list will pop-up. Select Properties. The multi-tabbed "System Properties" dialog will pop-up.
   
3. Select the "System Restore" tab.
   
4. Left-single-click on the little box to the left of "Turn off System Restore" to put a check-mark in it.
   
5. Click on the "OK" button near the bottom of the "System Properties" dialog; and answer "Yes" when prompted.

To turn the rollback/restore feature back on: Simply repeat the above steps, but in step #4, above, simply left-single-click on the little box to remove the check-mark.

First, if you don't have a "Download" folder right off the root of drive C:, then create one. Beneath it, as a sub-folder of "Download," create a folder called "Install." Beneath the "Install" folder, create a sub-folder called "Done."

Download all the software that I've prescribed which you intend to use into the "Download" folder.

Turn off the rollback/restore feature.

De-install AVG (yes, I know you just installed it, but de-install it).

De-install Avast.

De-install McAfee or Norton or any other anti-virus/anti-spyware/firewall software you may have on the system.

Turn off the Microsoft firewall.

Reboot your machine (make it a hard reboot, wherein it powers all the way off in a complete shutdown, and you have to manually restart it by pressing the power button on the computer's front panel).

Move (not copy, but move) the first thing you want to install from the "Download" folder into the "Install" folder. Let's say it's a program that's in a ZIP file called "antivirus_software_ver_7.zip". Move it from the "Download" folder into the "Install" folder.

Continued in next post...