As if the disruption from Isabel wasn't enough, last week seemed to set a high water mark on malicious email. I received a number of calls from clients who received some of this trash - the smarter ones at least called first before doing what the email says to do. The less fortunate just went ahead and, like lemmings, walked over the cliff without a look back. The one about Microsoft updates or fixes for Windows seemed to be the winner - lots of people believed this was for real and went ahead to download the included "fix".
The idiots who send this stuff (or create viruses that send it) believe that the more professional they make it look, the better the odds that people will read and respond to it. And, in this case, they are spot on. All they have to do is fancy the email up with professional-looking graphics and design, and that alone seems to be enough to convince people that is it legitimate. Sometimes they even copy some graphics or even the entire actual web pages of legitimate companies to make it look real.
Another method used to make the email seem legitimate is to have it come from someone you know. But you need to realize that a virus in your friend's PC can easily create a bogus email and send it to you - even without your friend knowing.
There is just one very easy rule to keep in mind when dealing with this kind of email. It is a very simple rule, with no exceptions. It applies in all cases. Even so, clients of mine tend to make up their own rule, which is my rule with the addition of "… well, but in this case I think its real" and thereby fling wide open the doors to their PC.
The rule is: "All email dealing with viruses or virus threats or bugs or fixes is fake". Period. End of sentence. Throw it away. Emphasis on the word "all".
How can I so easily make this rule? Very simple. There is no legitimate company that uses UNSOLICITED email to disseminate this type of information. Microsoft doesn't. Symantec (Norton) doesn't. McAfee doesn't. And you shouldn't read it. Period.
Note the use of the word "unsolicited" in the last paragraph. Many of the companies involved in viruses, personal security, privacy, and other related issues offer periodic newsletters and email notifications of pending problems. But, you need to have previously signed up for them. I.e. if you sign up for the Norton virus bulletin, you would then reasonably expect bulletins from them. But it you didn't sign up and you get one, throw it away.
Even when I receive an email from someplace that I would trust, I never actually use a link embedded within the email. For example: if I receive an email from Symantec about a required updated to Norton Anti-Virus and there is a click in the email to get it, I never do that. Instead I go to the actual Symantec website by name and get it there. Of course, there is still a possibility that the Symantec URL had been hijacked, but you have to stop the paranoia somewhere!
So what should you do? That is also very simple.
1) Periodically check for Windows Updates. That is very easy. In pre-XP systems, click on Start and then Windows Update and follow directions. In XP, click on Start, then All Programs, then Windows Update. In general, I download and install all of the Critical Update, and most of the Windows Updates. I am a little more careful about Driver Updates, usually downloading one only if I am having trouble with that particular device.
2) Purchase a good Anti-Virus program. I recommend Norton Anti-Virus. Make sure you purchase a new update each year, not just a renewal. Make sure you have its automatic update (called Live Update for Norton) running so you get the latest anti-virus updates. Make sure that the virus scans occur each day.
3) See the email rule above.
That's it. You need do nothing more to be reasonably safe in this day and age. Of course, the war is ongoing, so things may change tomorrow.
(Bob Seidel is a local computer consultant in the Southport / Oak Island area. You can visit his website at www.bobseidel.com or e-mail him at bsc@bobseidel.com).