Below are just a few symptoms that may reveal that you have spyware operating on your computer.

 

Sluggish computer: If you've noticed that your PC has had a serious drop in its responsiveness lately, it could mean that spyware is draining its computing power.

 

New "favorites": Spyware will often add "favorites" of its own to your browser's favorites' folder. If you notice an unusual number of new favorites and are not sure how they got there, spyware may be to blame.

 

Fishy pop-up ads: Pop-up ads from spyware software are designed to look like they've been served up by the legitimate Web site you're visiting. As a result, you may not recognize them as a symptom of infection. There's no way to be sure, but if the contents of the ads seem strange -- or if you're getting pop-up ads when you're not even surfing the Internet -- it's very likely that they are being served up by spyware software.

 

Change of your default home page: One of the oldest spyware tricks is to automatically change your Web browser's default or start-up home page. This is the Web page that appears when you start your browser or click the "home" button.

 

Unauthorized 1-900 number charges: If your phone bill charges you for 1-900 phone calls you didn't make, you may have fallen victim to a particularly devious form of spyware. These programs will hang-up your normal Internet connection and instruct your computer to dial a 1-900 number -- silently.

 

If you are experiencing any of these symptoms you may have Spyware installed on your computer. If so please read my essay "Spyware Protection" to learn what you can do about Spyware.

One phenomenon that has become quite obvious from the vast numbers of virus victims over the last year is that people click first and ask questions later. Maybe we're inspired by the false belief that firewalls, antivirus software, and anti-spyware programs protect us from all viruses, worms, and intrusive programs. But even the best of these shields can't always protect you from your biggest security threat: yourself.

 

Curiosity killed the cat, and sometimes it ropes us into launching viruses, gobbling spam, installing browser-disabling add-ons, or even forking over credit card numbers and passwords. You're probably smarter than that, but I'll bet you have a credulous friend or relative who needs a wake-up call. Visit the following link to discover what they--and you--can do to avoid the latest "social engineering" tricks:

 

http://www.pcworld.com/howto/article/0,aid,116586,tk,wb071204x,00.asp

 

From the August 2004 issue of PC World magazine

By Scott Spanbauer

In the course of a busy day, you may write a check at the grocery store, charge tickets to a ball game, rent a car, mail your tax returns, change service providers for your cell phone, or apply for a credit card. Chances are you don't give these everyday transactions a second thought. But an identity thief does.

 

Identity theft is a serious crime. People whose identities have been stolen can spend months or years and thousands of dollars cleaning up the mess the thieves have made of a good name and credit record. In the meantime, victims of identity theft may lose job opportunities, be refused loans for education, housing, or cars, and even get arrested for crimes they didn't commit. Humiliation, anger, and frustration are among the feelings victims experience as they navigate the process of rescuing their identity.

 

If you’ve not yet been a victim of identity theft, the Federal Trade Commission says there are ways to reduce your chances:

 

1. Your Social Security number is the holy grail for identity thieves. Armed with that information they can access a treasure trove of details about your life. Don’t carry your Social Security card in your wallet and be extremely careful about giving out the number. (Please don’t ask me why so many health insurance companies and unions insist upon using your Social Security number as your member I.D. It’s stupid and dangerous.)

 

2. Never divulge personal information over the phone to someone you haven’t called.

 

3. Try to carry just two credit cards and make sure you have the numbers written down in a safe place in case they’re lost. If you limit the number of credit cards in your wallet, you limit the amount of damage a thief can do.

 

4. If, like most people, you still use the postal service to pay your bills, don’t leave them in your mailbox at the end of your driveway and flip up the red flag. You’re just alerting an ID thief that there is potentially important information inside. Betsy Broder, the attorney who oversees the FTC’s identity theft program, says she never puts her bills anywhere but “in that blue box on the corner.” In other words, deposit your payments directly into a U.S. Postal Service box.

 

5. Get a shredder. Use it on any documents you’re discarding before you toss them into the trash. This includes old tax returns, monthly credit card statements, bank statements, checks, pay stubs, letters from the government, and medical bills that have accounts such as your Social Security number on them. In short, any piece of paper you no longer need that contains personal information.

 

6. Save a tree (potentially a forest) and stop those pre-approved credit card and home equity applications you get in the mail. They’re another gold mine for the ID thief. Contact the Consumer Data Industry Association either via their toll-free number (888-567-8688) or by visiting http://www.optoutprescreen.com/ . That’s what I did. The online approach allows you to stop these solicitations for two years or permanently . If you change your mind, you can opt back in at any time.

 

One piece of advice: You can either submit your request to be taken off these lists for pre-approved credit accounts online — which costs $5.00 — or print the form and mail it in — which costs 37 cents.

 

The above website also has links to the Direct Marketing Association (search). On this Web site you can register to be removed from other types of mail and telephone solicitations for a maximum of 5 years.

 

7. Check your credit report at least once a year. The Fair and Accurate Credit Transactions Act (FACT) signed into law late last year gives you the right to request an annual copy of your credit report for free . To prevent the three credit reporting agencies from being overwhelmed, this is being phased in gradually starting with folks who live on the west coast. By Sept. 1, it will be nationwide.

 

Of course, if you are turned down for credit for any reason, you’re entitled to a copy of your report no matter where you live. But even if you have to pay for a copy of your credit report before then it can pay off. For instance, if you are planning to move or buy a house or a car in the next six months, it’s critical that you clear up any black marks on your credit history before you apply for a mortgage or try to get the utilities turned on.

 

By the way, beware of pop-up ads and internet-based companies that offer to get you a “free” copy of your credit report. Read the fine print. You could be signing up for other services you don’t need or it could be a way to lure you into giving out your personal information.

 

8. Don’t leave bills, brokerage statements, and other papers lying around within easy reach of anyone visiting your home.

 

9. Don’t respond to emails asking you for sensitive information. Government agencies and legitimate businesses don’t operate this way. Financial companies such as Citigroup have been the target of spammers who send “urgent!” emails instructing people to click on an imbedded internet link. When they do, they find themselves at an official-looking site, complete with the company’s logo, that instructs them to fill out the “secure” questionnaire. This technique is known as “phishing.” Don’t take the bait.

 

For more ways to protect yourself from identity theft, check out the FTC’s Web site: http://www.consumer.gov/idtheft

 Is it safe to use an "unsubscribe" link to stop getting e-mail from a particular sender? Or will clicking the link just get you more spam?

 

One firm's executives have studied this question extensively — and the answer they found is very likely to surprise you. Lashback has tested 27,719 separate unsubscribe links that were included in various e-mails the company has processed. The resulting statistics appear prominently on the firm's home page: only 484 (1.7%) are "abused links" that will send you more spam if you enter your e-mail address. Another 2,712 (9.8%) are "dishonored" links, which appear to function but don't actually accomplish anything, good or bad.

 

Your task as a computer user is to avoid the 1.7% of unsubscribe links that are in fact operated by spawn of the Devil. Some helpful hints are:

 

• Do unsubscribe from any ordinary, authentic e-mail newsletter that you may once have subscribed to but now no longer want;

• Don't bother unsubscribing from spam messages, just delete them, because in almost every case the unsub link won't work — there's simply no good way to get off a spam list; and

• If you can't tell whether the message in front of you is a respectable e-mail newsletter or spam, go ahead and click its unsub link. Your company's blockade of the 1% that are bogus will protect you from making an error.

 

So why do you need a firewall if your virus protection is up to date. The analogy I wish to use is that of pirates and privateers. Imagine that your computer is a ship on the ocean called the Internet. There are many other ships on this ocean, most of them friendly, some indifferent, and a few malevolent. Those in the malevolent category are pirates and privateers. Pirates directly attack your ship to destroy, loot, and/or sink it, which is equivalent to a virus attacks on your computer. Privateers sneak onto your ship to take control of it and use it for their purposes, which is what a computer firewall attempts to prevent.

 

You need to install, learn and use both your virus and firewall protection software to protect your ship on the ocean of the Internet. Also, just as you need to keep your virus protection software up-to-date to prevent a pirate attack on your ship, so you need to keep you firewall software up-to-date to prevent a privateer takeover of your ship. Please review my “The Security Blues” essay for more information on this subject.

Phishing attacks involve the mass distribution of 'spoofed' e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies. These fraudulent messages are designed to fool the recipients into divulging personal authentication data such as account usernames and passwords, credit card numbers, social security numbers, etc. Because these emails look “official”, up to 20% of recipients may respond to them, resulting in financial losses, identity theft, and other fraudulent activity.

 

You may have already received a message from us alerting you to these scams. Unfortunately, these crimes are STILL common -- and require your vigilance. Here are some tips to help you protect yourself:

 

********** BASIC TIPS **********

 

1. NEVER send your password, credit card number, secret word, or PIN in an email.

 

2. When you receive an email that directs you to a Web page asking for your personal information, please USE CAUTION. The email may direct you to a Web site that looks like it's from a legitimate company with which you do business, but in reality the site has been created by a criminal to steal your personal information. Furthermore, a link may show one Web address -- but direct you to another. You should always type the Web address directly into the address bar rather than clicking the link.

 

3. If you think you have already submitted sensitive information in response to a fraudulent email, please contact your bank and/or credit card company immediately.

Spyware is software or hardware installed on a computer without the user's knowledge which gathers information about that user for later retrieval by whomever  controls the spyware. Spyware can be broken down into two different categories,  surveillance spyware and advertising spyware. Surveillance software includes key  loggers, screen capture devices, and trojans. These would be used by corporations,  private detectives, law enforcement, intelligence agencies, suspicious spouses,  etc. Advertising spyware (Adware) is software that is installed alongside other software or via  activex controls on the internet, often without the user's knowledge, or without  full disclosure that it will be used for gathering personal information and/or  showing the user ads. Advertising spyware logs information about the user, possibly  including passwords, email addresses, web browsing history, online buying habits,  the computer's hardware and software configuration, the name, age, sex, etc of the  user.  As with spam, advertising spyware uses the CPU, RAM, and resources of the user's computer, making the user pay for the costs associated with operating it. It then  makes use of the user's bandwidth to connect to the internet and upload whatever  personal information it has gathered, and to download advertisements which it will  present to the user, either by way of pop up windows, or with the ad banners of  ad-supported software. All of this can be considered theft in the cases of  advertising spyware that installs without disclosure.  For an in-depth review of these issues please review my article "Spyware  Protection" that I have posted in the essay section of this blog.

Many of my clients are amazed about haw many people think they need to have various body parts enlarged, they suffer from numerous sexual dysfunctions, need to pump their bodies full of medicines and herbal concoctions, have excess monies that need to be expended on games of chance, and desire to see the human body in inartistic states of undress. Despite federal laws meant to reduce these e-mail messages the quantity of these messages is increasing. The reason for this is simple: the sponsors make money even with a very high rate of rejection. This is because the expense of sending these e-mails is very, very low, while even if less that one half of one percent respond the profit is very high. As the internet is international even if laws could restrict these messages, the message senders could move offshore to some third or fourth world nation and send these messages without much risk of facing these laws.

 

Not only do my clients suffer the aggravation of receiving these messages, but they must spend time weeding them out to get to the important e-mail messages. There are many other reasons why these types of e-mail are harmful to the internet as a whole, but that need not be discussed here. The important question is what can be done to reduce your burden? The answer is simple but involved - obtain, install, and use an anti-spam utility. The one I am using is I-Hate-Spam, but many others are also fine products. Most of these utilities review your e-mail before you see them, determine if it is spam, then move the spam to a separate e-mail folder or to the trash folder.

 

The problem is that this process is not 100% effective, and can incorrectly tag some good e-mail as spam (false positives). As much as these utilities try to thwart spam, the spam senders try to thwart the anti-spam utilities. This tug-of-war between the spammers and anti-spammers is the same between the virus writes and the anti-virus utilities. And just as you need to keep your anti-virus software up-to-date you need to keep your anti-spam software up-to-date. You also need to know how to utilize your anti-spam utility to its maximum effectiveness. Most anti-spam utilities allow you to "train" the utility as to which e-mail is good and which is probably spam. You should do this as well as review the configuration setting of your anti-spam to set them to your environment. You also need to get into the habit of review the spam messages to determine the false positives, and train your anti-spam to tag these e-mails.

As always the initial learning cure and training of the utility takes more time than if you manually deleted the spam messages. However, if you learn and use your anti-spam software you will save yourself much effort in the future. I currently receive about 200 e-mail messages a day. About 100 are valid (I'm on a lot of e-mail newsletter and alert lists), and the rest are spam. Of the spam all but five to ten are correctly identified as spam, and my false positives are about one per week. It takes me less than two minutes to review and delete my spam messages (simply by looking at the subject and sender of the e-mail). I save myself a lot of time and aggravation by utilizing my anti-spam utility to its greatest extent.

With all the computer security problems that occurred recently I have taken the time to ponder the whole problem. There are three basic issues that need to be addressed to help alleviate this problem. They are:

 

1. Microsoft Windows Vulnerabilities
2. Virus Protection
3. Firewall Protection

 

For an in-depth review of these issues please review my article "The Security Blues" that I have posted in the essay section of this blog.

 

So what is a small business to do about solving this problem. The first and foremost thing you can do is educate yourself and your employees about the problems, and the solutions that are implemented in your computer network. Training for your computer users on the proper use of the security solutions implemented in your computer environment is essential. You then need to regularly schedule updates to your Microsoft Windows software, Anti-Virus Definitions, and Firewall software. This schedule must keep in mind the costs of doing upgrade, this as well as the potential negative impacts of the changes that may occur as a result of the upgrades. You must also be prepared to implement an emergency reaction to a severe computer threat, to proactively prevent it from affecting your computer environment. All this must occur after a through audit of your current computer security environment is conducted, and the resolution of the computer security issues uncovered by the audit is implemented.

 

All of this takes time and money to implement, but consider the time and money that could be potentially lost if your computer environment is successfully attacked. Ask yourself if the cost of preventing the attack is worth the cost of recovering from an attack, and even if your business could survive a severe attack. Then take the actions necessary to protect your business and your computer environment.