A change of pace. This is one of the things I do in my “other” life.
This blog is usually about politics, or something happening in Color Country. Today, however, I decided to allow a little cross over from my “other” life: Computer programmer and tech writer.
I’ve been online since way before the web. Back then, computer-to-computer communication was done with POTS* – plain old telephone service – and BBS’s – Bulletin Board Systems. I was an AOL subscriber when they had their own GUI because Microsoft Windows hadn’t quite caught on yet. And I can remember the very first network based virus being released “into the wild”. Back then, there was some disbelief that such a thing could be done. The virus was created in part just to prove that it could be done.
To my knowledge, I have had exactly one (1) virus infect any PC I owned. That was the infamous CodeRed virus back in 2001. I have always believed that it was a part a state-sponsored attack by China, partly in retaliation and partly just as an experiment to see if it would work. Just as America and France had to test atomic bombs in the South Pacific (and Israel had to test one in secret on a tiny remote island in the Indian Ocean**), you don’t really know if it’s going to work unless you try it. Google’s recent corporate struggle with China and web-based attacks there only makes me more confident that I was right.
Always use a good antivirus program. (My current favorite is Kaspersky. But I’m not a zealot about it.) Keep your firewall turned on. Pay attention to the popup windows. They are there to help you. But, actually, computer viruses are a lot like real, biological ones in many ways. In 2005, the “Bird Flu” from China threatened nations around the world. Massive government intervention was what stopped it. You wouldn’t have been very successful trying to protect yourself by yourself if governments hadn’t taken action. Computer viruses are like that. “Public health” programs, which are carried out at servers and web hosts, are the real solution. Your own personal antivirus program is OK. But it’s like personal handwashing or other personal hygene. Just washing your hands isn’t really going to protect you if there is an epidemic. Just like all the “anti-germ” stuff you can see for sale in grocery stores is mainly effective in generating profits for corporations and doesn’t actually do much good for you and me, anti-virus software is mainly good for the profits of companies like Symantec. And some “remedies” can really trip you up. You can buy “health food” that is actually dangerous (Ephedra, anyone?) and you can download “anti-virus software” that will mess up your PC big time.
So … If you’re up against the deep, funded research of a whole country like China, all bets are off. Fortunately, that’s not the kind of thing we have to worry about on a day-to-day basis. Most of the stuff that can get you into trouble is fairly easy to deflect. And, again, it’s just like avoiding being stupid in real life. If some guy who spoke broken English wanted to sell you “genuine diamonds” out of a suitcase, you wouldn’t believe him. It’s the same on the web.
Some scams, like Bernie Madoff’s, are harder to detect, but you can still do it. Here’s one that was in my email today. (Because of the work I do, I will normally receive three or four hundred emails a day.) It was supposedly from the “Windows Live Team” and they wanted me to “verify my account”. That’s a possibility in my case.
You can always look at the actual web address that any link in an email or web page will go to. (Use the “View Source” option or check the status line at the bottom of your browser when you hover your mouse over the link.) In this case, the link was a page at “atdmt.com”. You can use Google or Bing to quickly discover that this site tries to install software on your PC that, “monitors your Internet activity and gathers your personal information as you surf the web.” I’ve seen emails that are perfect copies of real emails sent out by real banks except for a single link that took you to a bogus site. Always check to see where the link is really taking you.
One important key behavior is to keep in mind the rule: “When I go to them, I know where I’m going. When they come to me, they could be coming from anywhere.” Email could be coming from anywhere. But if you go to a web site, you know where you’re going. Nobody is going to hijack bankofamerica.com. If you go there, it’s the real deal. But if you receive an email that is “from” Bank of America, it could actually be from anywhere. This is why big, important companies think nothing of sending a new password to your email address. They know it’s you because they are “going to you”.
Another rule is to use the web to check up on things. Use search engines to find information about links before going there. (I did that with atdmt.com.) And be aware of “country codes”. Many addresses end in a “country code” like “.tv” or “.pl”. (For example: http://evilhacker.tv) That’s Tuvalu (an island in the Pacific) and Poland. You can check these out at Wikipedia. (http://en.wikipedia.org/wiki/CcTLD). Ask yourself, why would someone be using that kind of address? But just like staying out of certain parts of town might be wise, staying out of certain parts of the world wide web is a good idea too. Here are the top five worst places according to the anti-virus company McAfee:
1. Cameroon (.cm)
2. PR of China (.cn)
3. Samoa (.ws)
4. Philippines (.ph)
5. Former Soviet Union (.su)
Being safe on the web isn’t rocket science. It’s mainly common sense.
———–
* POTS is an official acronym, by the way. One of the things I’ve always liked about technology – especially before the MBA’s moved in and took over – is that we have never taken ourselves too seriously. From Bill Gates telling 5,000 people in the audience that at Microsoft “we eat our own dog food” to Vinton Cerf wearing a tshirt proclaiming, “IP Everywhere!” we have always put having fun ahead of everything else. It’s the damn MBA’s who are ruining things.
**http://www.haaretz.com/hasen/spages/1104542.html
Thanks, Dan. I’ve written down pertinent parts of what you’ve written and I’ll see if I can use your tips to make certain an incoming email is something I should be opening. When I receive emails from sources I don’t recognize, I don’t open them. Because of this attitude of mine, it is possible that my bank or some other legitimate company would not be able to reach me because if I didn’t recognize them, I most likely wouldn’t open the email. I try to be very careful this way (thanks to your advice over the years).
The place I get frightened is when I receive emails from friends with things to open in the email. Can I use your tips to make certain I’m not going to be sorry if I open things sent to me by friends?
Good question.
You can use some of it. But email attachments are just files and the rules that you would apply to any files work there.
In general, never open an “executable” file. Back in DOS days, that was easy. Never open a .com, .bat, or .exe file that you weren’t sure about. Today, a lot more is “executable” so you can’t use a simple rule like that. But as a rule of thumb, graphics, avi files, mpg, .wmv and other media formats are OK. Other file types, such as .xls (Excel files) depend on what version of Excel you’re running and how your copy is configured.
It depends a lot on how your copy of Windows is set up to handle various types of files. It’s possible (not likely, but possible) to have a file type set up to immediately make your copy of Windows crash and burn. To check that, you can view (in Vista) the file type associations in Control Panel > Programs > Default Programs > Associate a file type or protocol with a program. This tells you what program (on your computer) will start when you open a file with a specific file type. You can then decide whether that program is OK to run.
All of the people who have Vista say Thank You for the information given in your last paragraph above.
As you know, I don’t have Vista. Do you still have Roxy’s computer so you can tell me how “To check that. . .”?
What are “rules that you would aply to any files” (first paragraph).
As you know, I know a few things about computers, but not much! But I want to do the best I can to keep my computer safe!
Help me read the fine print. Is the Chinese ma huang and the ephedrine found in our mountains the same thing? And as I read the fine print tea made from ephedrine is not harmful while health foods containing this ingredient are . Lena
good post Dan — thanks
Thanks back atcha, RP. At least somebody just thinks it was a good post the way it was written the first time.
… anyway …
No, I didn’t remember whether you had Vista or not. But in XP, file type associations are under the View menu in Windows Explorer. See …
http://antivirus.about.com/od/windowsbasics/l/blfileassoc.htm
Ephedrine isn’t uniformly harmful like, for example, arsenic is. But it can be very harmful to certain people. People with heart disease, for example. It is widely believed to have been a key cause of the death of Minnesota Vikings offensive tackle Korey Stringer and Steve Bechler, a pitcher for the Baltimore Orioles. (These people were adults who never stopped playing children’s ball games in the park so they can be assumed to be lacking in fundamental intelligence.)
But thanks for your question! I learned something. I have always thought that Brigham Tea was the same as Chinese ephedrine containing plants (such as ma huang) except that the amount in Brigham tea was much less. I have now learned that researchers have conclued that Brigham Tea really doesn’t have ephedrine in it after all.
I would be remiss if I didn’t remind people that the regulation of ephedrine is one (of the many, many) examples of gross hypocrisy committed by Utah’s own, Orrin Hatch.
According to Wikipedia:
“Senators Orrin Hatch and Tom Harkin, authors of the Dietary Supplements Health and Education Act, questioned the scientific basis for the FDA’s proposed labeling changes, arguing that the reported problems were insufficient to warrant regulatory action. At the time, Hatch’s son was working for a firm hired to lobby Congress and the FDA on behalf of ephedra manufacturers.”
Later, the FDA was ultimately successful in getting epherdrine containing supplements banned and, again according to Wikipedia:
“Senator Orrin Hatch, who in 1999 had helped block the FDA’s attempts to regulate ephedra, said in March 2003 that “it has been obvious to even the most casual observer that problems exist,” and called FDA regulation of ephedra ‘long overdue.’ Given Hatch’s prior defense of ephedra, Time described his statement as ‘a dazzling display of hypocrisy.’”
Ehhhhh … Time isn’t exposed to Hatch’s hypocrisy like those of us who see it all the time.
Lena, what’s that all about? This blog is about computer viruses. Are either Chinese ma huang or ephedrine a computer virus
– or did you mean to send this to Dan’s email and it ended up here on his blog?
I mentioned ephedra in the blog! Besides … comments often wander. Sometimes the crooked path is more interesting.