MICRO CENTER: COMPUTERS & ELECTRONICS
In-store Clinics
Internet Pests and What You Can Do About Them

Lower your risk
• Operating System and Application Patches: The majority of Internet Pests work by exploiting known operating system and program bugs. Keeping your computer software up-to-date will prevent many of them from affecting your computer.
- Windows Update Site: http://windowsupdate.microsoft.com/
- Office Update Site: http://office.microsoft.com/en-us/officeupdate/default.aspx

• Use Non-Administrative Accounts for Day-to-Day Use: Internet pests are just computer programs. Computer programs can’t do more that what the person running them is allowed. Create and use a limited account for everyday use to minimize the possible damage if your computer does get infected.

• If you do get infected, try using Windows System Restore to roll back your computer settings to a point in time before the problem occurred. The sooner the better.

• Think before you act. Not everyone on the web has your best interest at heart.

Viruses and Worms
• Viruses are called such because they mimic biological viruses, taking over an organism to reproduce and spread. They require some sort of user intervention to function.

• Worms do not require any action on the part of the end-user to function. Just having a computer turned on and connected to the web is enough to get infected.

Both are self-replicating and typically carry some sort of ‘payload’. This payload could be anything from a joke or political statement to a program to delete files or damage your operating system. Newer bugs have become more sophisticated, using multiple methods to spread.

Solution
Use antivirus and firewall programs. Keep them updated. Use common sense when opening email attachments or running programs, especially those downloaded from untrusted sources. Never share the entire hard drive of a computer across your network. Other Resources:

• Symantec Virus Removal Tools (Note: this is not anti-virus): http://securityresponse.symantec.com/avcenter/tools.list.html

• McAfee Stinger Virus Removal Tool (Note: this is not anti-virus): http://us.mcafee.com/virusInfo/default.asp?id=vrt

• Zone Labs ZoneAlarm basic firewall: http://www.zonelabs.com/

Spyware, Adware and Malware
You are paying for that ‘free’ program.

• You pay for Adware by looking at their advertisements.

• You pay for Spyware with your privacy by allowing third parties to monitor your surfing habits.

• You pay for all of them by letting them bog down your computer; make it less reliable and less secure.

• Greedy Adware and Spyware companies have designed many variants to be difficult (if not impossible) to remove.

Solution
Use anti-Spyware programs. They function much like antivirus programs, using a signature list to detect Malware files and by observing program behavior. If someone offers you a ‘free’ program, to quote Nancy Reagan, ‘Just Say No’. Other resources:

• LavaSoft AdAwareSE: http://www.lavasoft.com/support/download/

• Spybot Search and Destroy: http://www.safer-networking.de/en/index.html

• Microsoft Anti-Spyware (beta): http://www.microsoft.com/athome/security/spyware/software/

Trojan Horse
Just like the mythical story about the siege of Troy, a Trojan Horse pretends to be one thing, but is actually another. Often you will encounter some useful program that has a malicious program secretly attached. Other times the malicious program is just given the name of some other legitimate file. They are often used to distribute Back Door programs and/or Bots. Back Doors, like Back Orifice or Sub7 can give control of your computer to a third party. Bots or Zombie programs allow a third party to use your computer to attack other systems or distribute Spam.

Solution
These programs will be detected by most Antivirus packages and their communications will be detected by third party firewalls.

Spam
Unsolicited bulk email is commonly referred to as Spam. Some of our customers report that they receive hundreds of these messages a day. Their businesses suffer because they can’t sort their legitimate messages from the junk.

How did they get my name?
Spammers will harvest address from Web sites, chat rooms, message boards, and almost anyplace on the net that contains a valid email address. Harvesting Web sites will request an email address to perform some seemingly useful function like an offer to email a funny picture to your friend. Some spyware will also report email addresses to its home server. Spam costs nearly nothing to send, since much of the cost is paid for by the receiver, so if only a few people out of several hundred thousand respond they can still make a profit. Most opt-out sections in Spam serve only to validate your address as being active.

Legitimate bulk email
Not all advertisements in your in-box are Spam. Legitimate bulk email is something you must request. It allows you to opt out. It is from reputable companies who won’t sell your email address. For example, sign up with Symantec and they will send you advanced warning of viruses and other threats, Microsoft will email free hints and tips and Micro Center offers discount coupons and free clinics to its subscribers.

Spam is not just from marketers trying to sell you something.
For example: Neiman Marcus doesn't sell cookie recipes, (pick one) Bill Gates, Disney, AOL, etc. won’t send you cash for forwarding an email and we have yet to conclusively document a case of good luck from forwarding a chain letter.

Solution
If your address does get harvested, you can use filtering software to reduce the amount of junk messages you have to wade through. Spam filters will use a variety of techniques to separate legitimate email from the junk. Many third party email clients and web based emails services now include spam filtering. Another solution is to use a throwaway email address for public forums, subscriptions and web services that require one. You could also try deliberately misspelling your address. So that joesmith@microcenter.com becomes. Joesmith(a)NOSPAM.microcenter.com

Limitations
Spammers have mortgages, car notes and (probably) drug habits to support. Filter too many of their messages and their income dries up. They WILL find ways around filtering software.

Social Engineering
Many of the above pests rely, at least partly, on social engineering to do their dirty work. Social engineering could be defined as ‘any attempt to make you do something you normally wouldn't.’ For example, most people wouldn't intentionally install a virus on their computer. But what if the virus was named “I love You!” and came as an e-mail attachment from their boss?

Solution
Think before you act. Cross-reference and verify anything that comes across the Internet, especially if it demands immediate attention. Red Flags: Have they contacted you? How do you know they are who they say they are? Are they requesting bank account numbers, social security numbers, pin numbers, account names and passwords? Never follow URL links embedded in emails, since what you see is often not where the links leads. Open a new browser window and type the URL manually.

Commercial Products
Anti-Virus
• eTrust EZ AntiVirus (Computer Associates)
• F-Secure Anti-Virus
• McAfee VirusScan
• Norton AntiVirus (Symantec)
• Norton Internet Security (Symantec)
• Panda Software Titanium Antivirus
• Trend Micro PC-cillin Internet Security
• Zone Alarm Internet Security Suite

Anti-Spyware
• eTrust Pest Patrol Anti-Spyware(CA)
• F-Secure Anti-Spyware
• McAfee Anti Spyware
• Trend Micro PC-cillin Internet Security
• Stompsoft Spyware X-terminator
• Avanquest SpyCatcher
• Webroot Spy Sweeper

Firewall
• eTrust EZ Firewall (Computer Associates)
• F-Secure Internet Security
• McAfee Personal Firewall Plus
• Norton Internet Security or Personal Firewall (Symantec)
• Panda Software Internet Security
• Trend Micro PC-cillin Internet Security
• Zone Alarm Pro or Internet Security Suite

Anti-Spam and Ad Blocking
• McAfee Spam Killer
• Norton AntiSpam
• Trend Micro PC-cillin Internet Security
• FBM Internet Privacy (ZeroAds, ZeroSpyware, ZeroSpam)
• Intermute AdSubtract Pro
• Panicware Pop-Up Stopper Professional

More Information
• CERT Coordination Center - http://www.cert.org/
• HackerWatch - http://www.hackerwatch.org/
• Microsoft Security Home Page - http://www.microsoft.com/security/
• Spyware Warrior - http://www.spywarewarrior.com/
• Symantec Security Response - http://www.symantec.com/avcenter/

Understanding Tech

Get In-store Clinic Update

Print this article

Shop Online

Send-To-A-
Friend

Your Name:

Your E-mail:

Your Friend's Name:

Your Friend's E-mail:

© Micro Electronics, Inc.