Keeping the lid on spam
By Kim Powell
Whether it is an offer for a fake Rolex, bogus tertiary qualification, cheap Viagra, or a message from the FBI or CIA, it seems that not everyone displays the same nous when dealing with email spam.
Earlier this year, it was reported that the Nigerian email scam is still a successful enterprise, with 25 Queenslanders handing over more than $7 million to the fraudsters in the past five years.
People working for companies with a dedicated IT department do not usually worry about spam: rather than treating it as a potential security threat most users just delete these annoying emails, safe in the knowledge (true or otherwise) that someone else is being paid to keep the computer safe. But who is looking after the 13.78 million home computers in Australia?
MacLeonard Starkey is a security analyst from AusCERT, a national computer emergency response team. He says people are also falling for emails purportedly from banks.
“The best way to deal with things like that is to contact your bank by phone using the number from the Yellow Pages rather than anything in the email,” Mr Starkey says.
“Never click on a link in a bank email, or from eBay or PayPal or indeed from anywhere that you’re not expecting an email from.”
He says the first thing to do when connecting to the internet is ensure the system has a personal firewall because, while Windows XP comes with this, previous versions do not.
A report on the AusCERT website, called Protecting your computer from malicious code contains information on where users can get free personal firewalls and anti-virus programs (www.auscert.org.au). Arguably, it does not really matter which anti-virus program is used, as long as it is set to update automatically, preferably on a daily basis but at least weekly. Another essential security tool is anti-spyware product.
“Now probably more important than all of those, with the exception of the personal firewall, is what the users actually do with the system and how they operate the system,” Mr Starkey says.
“The best thing for a user to do is create a separate account, which is a limited account not a computer administrator account, for use in browsing the internet. A lot of the malicious code and the viruses and the worms and things that are out there these days are specifically written to take advantage of the fact that most users operate as the administrator and [this malicious code] simply can’t install if the user is browsing the web or reading email as a lower-privileged user.”
Along with installing anti-virus programs that update automatically, users should ensure the system itself receives automatic updates.
“That’s absolutely critical,” he says.
“There’s a specific thing that you need to do as well for Windows to make sure that it is also set to get the latest patches when they’re released. It’s actually called Automatic Updates for Windows, you should get prompted to set that up when you first log onto your machine after you’ve bought it.”
For more information see www.microsoft.com/athome/security for step-by-step instructions.
What to watch out for
There are a number of ways to tell if your system has been compromised:
* The system gets very slow
* You start receiving pop-ups saying you need to download the latest version of a program
* You get a large amount of emails from people you’ve never sent email to
* You get notification from your anti-virus program.
[Wed 23/08/2006 02:59:16]
|
