Today, e-mail is the primary means of business and
personal communications for millions of people. Billions of messages are
transmitted back and forth across the Internet on a daily basis.E-mail is one
of the most common tasks performed with a computer.With the capability to
deliver messages almost instantly anywhere around the globe, it provides speed
and efficiency that can’t be matched by regular postal mail service.
Unfortunately, as efficient as it is at delivering legitimate messages,
electronic mail is also quite efficient at distributing malicious software and
filling e-mail inboxes with unsolicited junk mail.The information in this
article will help you use e-mail productively and safely.
Opening Attachments
When the Internet exploded in the early 1990s and e-mail
became a mainstream
form of communication, file attachments soon emerged as a standard part of many messages as well. For personal e-mail, users found it a quick and simple way to share pictures of grandchildren with parents across the country or the world. For businesses it became a competitive advantage to be able to send a business proposal or the latest financial figures as a document or spreadsheet file attachment to an e-mail. It is an unfortunate fact when it comes to malware and malicious computer activity that often what was intended as a feature can also be exploited and used against you. If a file attachment can be sent with a program you can click to execute and perform some function, there is nothing stopping a malicious developer from creating one that executes and performs a malicious function.
form of communication, file attachments soon emerged as a standard part of many messages as well. For personal e-mail, users found it a quick and simple way to share pictures of grandchildren with parents across the country or the world. For businesses it became a competitive advantage to be able to send a business proposal or the latest financial figures as a document or spreadsheet file attachment to an e-mail. It is an unfortunate fact when it comes to malware and malicious computer activity that often what was intended as a feature can also be exploited and used against you. If a file attachment can be sent with a program you can click to execute and perform some function, there is nothing stopping a malicious developer from creating one that executes and performs a malicious function.
Although antivirus software is continually updated to
detect these new threats as they are created, it is still a reactive form of
defense. Malware still gets past antivirus software and entices users to
execute infected file attachments before the antivirus software is updated.To
prevent these infections and to try to ensure that users do not even have an
opportunity to execute malicious attachments, administrators filter certain
attachment types regardless of whether they actually contained malicious code
or not. This is one of the most prevalent methods for proactively protecting
the network from potentially malicious executable file attachments, or file
attachments that will run a program or perform commands if they are opened. As
the list of blocked file types grows, malware developers simply find some other
executable file types to spread malware and the cycle continues.
Blocking file attachments that are known to be executable and therefore may pose a risk from a security perspective is a move in the right direction, but it too is somewhat reactive. Although it is more proactive to block a given file attachment type by default, most administrators and mail filters don’t add a file type to the list of blocked types until after it has been used by some malware. In my opinion, all file attachments should be blocked by default and then the administrator or user should have to designate which types they will allow rather than the other way around.
Web-Based versus POP3 E-mail
Most home users use either a POP3 (Post Office Protocol)
e-mail account or Webbased e-mail such as Hotmail or Yahoo.With some ISPs you
have the option of doing either. Each type of e-mail has its advantages and
security concerns. One of the biggest issues with Web-based e-mail is that it
bypasses many security measures designed for e-mail. Corporate networks often
have antivirus scanners at the e-mail server level designed to catch and block
any malicious e-mail before it can get to the end user.There are also typically
filters that block file attachments thatmay contain malicious code as well.
When e-mail comes through the Web rather than through the pre-defined channels
for e-mail, these security measures are useless. Accessing personal e-mail at
all, or at least accessing personal e-mail via the Web on your employer’s
network is an activity that should be governed by some sort of policy or
procedure.You should check to make sure you aren’t violating any rules by doing
so.
On a positive note, the larger providers of Web-based
e-mail; namely,Yahoo and Hotmail, now provide virus protection on their e-mail.
It does not replace the need to run antivirus software on your own computer
since e-mail is only one means of spreading malware, but it at least
significantly reduces the risk of receiving an infected file attachment through
Web-based e-mail.
POP3 e-mail is the other standard primarily used by home
Internet users. Programs like Outlook Express, Eudora, and Netscape Mail are
typically used to download and view e-mail from a POP3 account. When you set up
the client software you have to supply information such as your username and
password and the incoming and outgoing mail servers so the software can
authenticate your account and send and receive e-mail. Rather than simply
viewing your e-mail on a Web page, the actual messages are transferred from the
e-mail server to your computer. Whether you use Web-based or POP3 e-mail, there
are security concerns you should be aware of. Sending an unencrypted e-mail is
the digital equivalent of writing your thoughts on a postcard.Would you write
your bank account number, social security number or other personal and
confidential information on a postcard to be seen by all as it passes from you
to its intended destination? If you wouldn’t share the information in public
you shouldn’t send it in an e-mail. E-mail is not inherently secure. It is
convenient and quick, but not secure.
Spoofed Addresses
One of the most confusing things about e-mail for many
users these days is spoofed e-mail addresses. Most people by now have
experienced receiving an e-mail infected with some type of malware that appears
to be from their cousins, best friends, or mothers. But when you contact those
people to ask them why they sent you the email or to let them know they are
distributing infected e-mail, you discover that they never actually sent you
the e-mail to begin with. Most users have also had the opposite experience as
well.You get the e-mail or phone call from your friends asking you why you sent
them an infected e-mail message. It is also very common to receive an
auto-reply from some mail server either letting you know that the e-mail you
sent contained a virus or worm or that the user you allegedly sent the e-mail
to does not exist. All of these are examples of spoofed IP addresses.
The primary thing you need to know when it comes to the source address of an e-mail is not to trust it. Almost every part of an e-mail header can be forged with enough knowledge; fields like the Sender or From e-mail address and the Reply-To e-mail address can be changed simply by typing in a new one with some e-mail applications.
The primary thing you need to know when it comes to the source address of an e-mail is not to trust it. Almost every part of an e-mail header can be forged with enough knowledge; fields like the Sender or From e-mail address and the Reply-To e-mail address can be changed simply by typing in a new one with some e-mail applications.
Exercise caution and an appropriate amount of common sense before choosing to open an e-mail message. Even if it appears to be from your brother, if the Subject of the message or the message itself seem suspicious or awkward it is better to err on the side of caution and simply delete it. When you receive a misguided response or auto-response to a message that spoofed your e-mail address you should simply delete those as well.
Spam
Virtually everybody with an e-mail account is accustomed
to receiving offers to refinance their home loan; purchase low-priced Vicodin,
Viagra, and other pharmaceuticals on the Internet; hook up with an alleged
blind date; and any number of other unsolicited commercial marketing.
Most corporations and many e-mail programs now have the capability to filter e-mail to try to block spam messages so that you aren’t bothered by them.There are also third-party programs you can use to block spam from getting into your computer. Personal computer security software products such as Norton Internet Security Suite or McAfee Internet Security Suite include spam as one of the threats that they protect against.
Most corporations and many e-mail programs now have the capability to filter e-mail to try to block spam messages so that you aren’t bothered by them.There are also third-party programs you can use to block spam from getting into your computer. Personal computer security software products such as Norton Internet Security Suite or McAfee Internet Security Suite include spam as one of the threats that they protect against.
Like most of the other security measures discussed, such as antivirus software and intrusion detection, the filters to block spam messages are also reactive to some degree. Many of the spam-filtering applications use a point system to determine whether a message is spam or not.They can block source e-mail or IP addresses known to distribute spam and can scan the subject and body of incoming e-mail messages and look for keywords like “Viagra” or “refinance” that tend to appear in spam e-mail messages.The more such keywords appear in a single message, the more likely it is spam and will therefore be blocked.
Spam filtering can still be somewhat messy, though. Legitimate
messages you may want to receive may get filtered or quarantined by your
spam-blocking software while some spam messages will still make it through.
Often you can help to “teach” the spam-filtering software by letting it know
when it has a false positive or false negative like this.
{ 0 comments... read them below or add one }
Post a Comment