Security and Privacy Tips
in association with Yorkshire Free Humour

Part 2 A reader writes: "I just wanted to comment on your suggestion to delete e-mail attachments to avoid a virus. I don't download files in e-mail except under certain circumstances. I was nodding my head in agreement while reading your advice. Everyone thinks I'm paranoid since they all have antivirus programs running, so they think they can't send me anything infected. Well, my 'paranoia' paid off last month, because their scanners failed them." She continues, "One friend frantically called me to say that I should delete any recent e-mails from her because 'some virus got into (her) computer and got into the address book.' She unknowingly sent a virus to everyone she knows. Two days after that, another of my friends e-mailed me to tell me not to open any of her e-mails because of the same worm or virus, and I got another e-mail from someone with the same frantic message--warning me not to download anything she had sent. My computer is the only one not currently in the shop because the hard drive got wiped out, and it's only because I delete e-mails with attachments."

Part 3 Several other readers wrote in response to the previous tip of this title--with some interesting solutions for e-mailing files to people or for taking action when you receive e-mailed files from others. Here are some interesting excerpts from their messages: "If you want to e-mail attached files to friends and work colleagues, use a predetermined code word or phrase in the subject to alert the recipient that it's from you." "When I teach e-mail classes, I always advise people to send one e-mail advising that a second message is coming with an attachment, and also list the size of the attachment. That way, the recipient knows an attachment is on the way and knows exactly what the attachment is." "I propose that the next time they get an executable attachment from a friend or relative, they ask where the SENDER got the file from. I'm appalled at how many people will forward a file BEFORE they even open it up to see what it does or scan it for problems. Just because it comes from a person you trust doesn't mean it initiated with a person you trust." "It has gotten to the point lately that if I receive an attachment--even from somebody I know--I e-mail that person back asking them if he or she sent me that file. I do not open it or even scan it until I get a response back from the person who sent it."

A reader loses his Windows files A reader writes: "I faced a lot of trouble when suddenly all my Windows files were deleted. Every day I check my e-mail, and all the messages I received were in plain text format except for one that was basically an advertisement, in HTML format. After checking my e-mail, when I closed Outlook Express all the icons on my desktop disappeared. I restarted my PC and my PC started displaying error messages that files are missing or corrupted. When I checked my Windows directory, there were only nine files left. I was amazed, because I am using Scanner X and it checks all my e-mails when I receive them, so I do not understand how this happened." I'm sorry to hear this happened to you. There are vandal programs written to do things like that. While an e-mail message in plain text is safe, one in HTML (Web page style format) may not be, especially since you're running Outlook Express--hackers have exploited its vulnerabilities many times. Check with the vendor to see whether some virus that got past its scanner caused what happened to you.

Can you make Outlook Express safer to use? From a reader: "I've heard that viewing e-mail in the preview pane renders most scripting code and word macros unworkable, and is therefore safe for the recipient. Is that true?" I replied that if Outlook Express security is set to the default, you're not in control, but at the mercy of whatever e-mail others send you. To test that, I left the security levels to the defaults. Sure enough, I received a spam e-mail that attempted to start up Internet Explorer to load a Web page as soon as its title appeared in Outlook Express's Preview panel. Besides the rudeness of such an act, someone's e-mailed script had taken control of my computer from me! If reading that makes you nervous, remember that the security level of Outlook Express actually depends on what you set in Internet Explorer. I've set Outlook Express (under Tools, Options, Security) to the Restricted Sites Zone that Internet Explorer uses. Then, in Internet Explorer (Tools, Options, Security, Custom), I set every ActiveX option to Disable. For readers on a LAN, consult your administrator before changing settings.

MS Word macro viruses A macro is a series of instructions that can automate repetitive tasks. It can be a useful time saver. A macro virus is a specialised macro (or group of macros) that includes instructions necessary to enable the virus program to replicate and spread from user to user. Microsoft Word is the biggest (but not the only) target of virus writers because of its widespread use, and because its macros are created by WordBASIC, a program language that even allows the running of DOS commands. (Later versions of Word use a different--and more powerful--program language, VisualBASIC.) Other applications vulnerable to macro viruses include Excel 5.0+, Ami Pro, and so forth. In the business world, where Word documents containing macros are frequently shared, macro viruses have become a major problem. They inconvenience people by tampering with files and can interfere with the Save As function. Worse still, some vandals have created macro viruses that deliberately destroy data.

Never say you should have backed up yesterday For those who may have wondered, the answer is yes, a virus did infect my computer--in 1991. And though I've tested and analysed thousands of viruses since (only on computers reserved for that), I haven't had another virus problem. Nevertheless, I have advocated keeping current backups of essential files because disaster will strike eventually, even if the cause is not a virus, Trojan, worm, or other malware. Sure enough, it finally happened to me recently: a computer crash. One morning, my three-year-old computer was working fine, but then it froze. The technician told me later that the motherboard had failed, but the hard disk files remained intact. Since I had to replace the motherboard, I decided to have a 100MB backup drive installed so I could back up everything more easily. Ironically, something went wrong, and the technician phoned to tell me that I had somehow cross-linked 80MB of files (the system lists thousands of instances of two files as occupying the same area on the hard disk). Without backups, I'd have lost valuable business and tax records. If this has made you think about what you could lose, don't wait to back up your hard disk files until it's too late.

Henri Delger henri_delger@prodigy.net http://pages.prodigy.net/henri_delger/

¦ Your Internet Identity ¦ Web Trackers ¦ E-mail ¦ Snoopers ¦  ¦ Resources ¦