Imagine if you will, a spy, assigned to you personally. He watches your every move. Takes notes of everything you do. Then he uses your own telephone to call back to base and report his findings. A sinister fantasy perhaps, but this is what is happening to millions of internet users every day. It happens to them because they have unwittingly downloaded and installed spyware on their computer.

Trouble in Paradise

Many of the &lquo;free&rquo; programmes we download actually make us pay in ways that don’t involve our wallets. They include components that watch what we do online – spyware. The sites we visit say a lot about the type of people we are, and this information can be sold to marketing companies. This may not seem to be problematic. But it is and I’ll tell you why – programmes running out of sight, sending information back to base slow down both your computer and your internet connection.

Browser Hijack

In addition to watching you, some of these components will download adverts and pop-up windows. They hijack your browser and take you places you didn’t want to go. You see this all the time in internet cafes in Arusha. Search for something, and ads start to appear. New windows you didn’t ask for. There are even spyware components which will replace adverts on web pages you are viewing with their own. This is like spam, but not in your email.

Buried in Fine Print

When you install software there is often a screen showing a long and complicated contract. In order to install the software you have to agree to the contract. Who among us actually reads these long and boring tracts before clicking Agree? Hidden inside the contract you may find agreement gives permission to monitor your online behaviour and send this information back to base. This means your computer’s resources and your bandwidth will be used by the company that gave you the software. Seem like a fair deal? So why hide it deep within lengthy small print? In reality these components are snuck onto peoples’ computers without their knowledge. An underhand business technique, I am sure you will agree. If they said upfront this would happen, would you still install the software? More worrying is that software you have actually paid for can also include spyware.

Spotting the Double Agent

How can you tell if programmes you have installed include spyware? The first thing you might notice is a new icon at the very bottom right of your screen, next to the time. Common pieces of spyware, DateManager, and its partner PrecisionTime, appear here. If you have either of these on your computer, chances are you never asked for them, and they don’t do anything useful for you. They are part of GAIN (Gator Advertising & Information Network), whose software downloads adverts and reports on your activities online.

It is often hard to tell if your computer has been infiltrated – most software is designed to remain hidden. Often removing the software that installed the spyware will leave the spyware in place and active. So how do you get rid of it?

Counter Espionage

Some people have become very angry about these questionable practices. Some of them have developed software, similar to anti-virus software, which detects and removes this type of nuisance, as well as some others. One such programme
is Ad-Aware, which is free to download, and easy to use. The default settings will remove most sneaky stuff. Like anti-virus software, updates are available, and should be checked for regularly.

Running Ad-Aware on even a newly purchased computer can turn up as many as 90 suspect components! If you run an internet caf� you will doubtless find even more on your machines, as your customers download to their hearts’ content.

Another useful utility is a personal firewall such as Zone Alarm. This allows you to take control of all communication between your computer and the internet. Zone Alarm will tell you which programmes are connecting to the internet. You can choose to block ones that look unfamiliar. Zone Alarm will also protect your computer from external intrusion – if someone tries to crack their way into your computer, Zone Alarm will let you know, and keep them out. It also offers protection against viruses that try to connect to the internet. Zone Alarm is available for free from Zone Labs’ web site.

Friendly alternatives

What all spyware has in common is that it installs alongside software you actually want. For example, popular music download programme Kazaa installs a whole suite of spyware. Thankfully, some clever users out there have created Kazaa Lite, a version that runs without the spyware (and includes some improvements too!) If you are suspicious that a piece of software will install spyware, search around the internet. Chances are there is a more honest alternative.

Interesting web sites

• www.lavasoft.de – provides Ad-Aware, a free programme for removing spyware
• www.grc.com – Steve Gibson started this battle against spyware. His site includes a lot of information about computer security in general – essential reading for the savvy internet user.
• www.kazaalite.nl – free music download software, and that really means free.
• www.zonelabs.com – producers of Zone Alarm, a great personal firewall.

Originally published in Arusha Times 276

A powerful virus called Bugbear has been going around town. Powerful enough to infect the mighty servers of the Arusha Times.

Like viruses that attack humans, computer viruses copy themselves and spread. The recent growth of the internet has enabled viruses like Bugbear to reach around the world in a matter of hours, reaching even our “Geneva of Africa”. They are short programmes written by people who want to cause trouble.

How do you catch one?

To do damage a virus has to get onto your computer. Since we have become so reliant on email, this is the number one way for viruses to multiply. Most computer viruses are disguised as innocent looking email attachments – files and programmes attached to regular messages. When you open an infected attachment the virus strikes. Once on your computer they can start every time you switch it on, or run a particular programme.

Symptoms

Most viruses damage documents and programmes, possibly causing the loss of months of work and even stopping your computer from working altogether. This can cost you a great deal.

Some send your personal details and passwords to the virus’ writer. Bugbear even allows that person to use your computer to attack other computers, making you look guilty.

Viruses seek to spread themselves. They may send copies to every email address on your computer. Your friends may think you sent it to them deliberately.

How do they work?

Virus writers exploit small errors and oversights in software. Internet Explorer and Outlook Express are frequent targets. These programmes are closely linked with the internet, so are perfect for spreading the disease further.

Microsoft Word is also a target because it is very easy to write viruses that attack Word documents. That Word attachment you received could contain the Wazzu virus. This virus moves text around your documents and inserts the word “wazzu” at random. You might not notice until after you sent the document to a potential client who would rather not hear such language.

Almost every computer runs Windows, making it a prime target. An attack on Windows can affect everything on your computer.

Viruses such as Michelangelo lie dormant like a time bomb before carrying out their destructive tasks, in this case destroying programmes and documents every March 6th – Michelangelo’s birthday.

Psychological warfare

Some recent viruses have exploited human nature to aid their spread. We would all like to discover a secret admirer. The ILOVEYOU virus of 2000 played on this daydream. Victims received an email saying I love you. Please read the attached love letter. The irresistible attachment was in fact the virus, which sent copies of the email to every address in the victim’s address book. All of whom then thought the victim fancied them! A chain of lust!

A friend might send you a helpful looking email warning of a virus, telling you to delete certain ‘dangerous’ files and pass the message on. Your computer cannot work properly without these files! Such “viruses” infect YOUR MIND! Extremely clever and embarrassing when you find out what is really happening, and of course, you passed it on. A chain of shame!

Prevention is better than cure

This is a message to all the real men, and women, out there – it is your responsibility to protect yourself and others from viruses!

Microsoft constantly produces updates to fix the flaws in its software. Regularly visiting its update site and running the updates is one way of protecting yourself.

Another step is installing anti-virus software like Norton Anti-Virus or AVG. These compare everything you run with a list of known viruses. If they see something suspicious they will stop it and let you know. Anti-virus software must be updated regularly to be effective. New viruses are discovered daily!

Turn off the preview pane in Outlook (look in the View menu). It can activate viruses without you opening an attachment.

Use your head. When you receive an attachment, think before opening it – Were you expecting the attachment? Do you know the person who sent it? Does the subject line look suspicious? If alarms go off in your head do not open it. Contact the sender to confirm they sent it deliberately.

Stay informed. Subscribe to an email warnings service, such as the one provided by Sophos.

Never forward warnings about a virus to anyone without first checking a reputable anti-virus site – especially if they tell you to make changes to your computer.

Cures for sick computers

If you suspect your computer has been infected immediately disconnect it from the internet to halt the spread.

Scan your computer with anti-virus software – you have been keeping it up to date, haven’t you? You do have anti-virus software?

Use another computer to get advice from an anti-virus web site.

Use your computer safely and responsibly.

Interesting web sites

• www.grisoft.com – Grisoft produce AVG Anti-Virus, free anti-virus software with daily updates. Not as nice as a paid
  for version, but as effective, and the price is right!
• www.sophos.com – world class anti virus software designed for the corporate environment. The site is one of the best
  sources of information about viruses current and past, and warnings about the latest hoaxes. Also includes warnings by email.
• windowsupdate.microsoft.com – updates and security fixes for Microsoft products.

Originally published in Arusha Times 275

Spam is not just a tasty tinned meat product. It is also the term used by internet users for the annoying junk mail that you see every time you check your inbox. Spam senders use simple computer programmes to send the offending emails to millions of addresses. Experts estimate that by 2006 each user of the internet will receive 1,400 of them a year!

Also known as UCE (Unsolicited Commercial Email), spam has been estimated to represent 1 in 8 emails sent worldwide. A recent study by software manufacturer Symantec found that, out of 1,000 people surveyed, close to a quarter spent more
than 20 minutes every day dealing with spam. For those of us paying to use internet cafes to check our mail, deleting spam can become costly. A 2001 survey by the European Commission estimates that junk email costs internet users worldwide $8.8bn a year!

Meet the spammers

Spam comes in many forms. Most junk mail is for products offering increased virility, rapid weight loss, or enlargement of certain parts of the male anatomy. Such products are often highly suspect, possibly even dangerous. Unless you enjoy being relieved of your money these messages are best ignored.

Another familiar sight is email offering to let you see young women getting up to all sorts of mischief. If you like this sort of thing you are welcome to visit their sites, but be aware that at some point soon you will require a credit card to see the really juicy bits.

Some are simple get rich quick schemes, which will simply result in you becoming poorer, faster. At the top of the guilt list for this type of spam are Nigerian conmen who offer a share in vast sums of money that must be embezzled from the West African country – the so called 419 scam. This scam has actually resulted in a number of kidnappings and even murders. The American FBI collects details of these emails. Recently variations of these emails have started emanating from the Cote D’Ivoire and Democratic Republic of Congo. You would be wise not to correspond with such dodgy characters.

Coping with the deluge

There are a number of ways of reducing the burden. Most email providers have an option to filter junk mail. You should check that this is switched on. In Yahoo! Mail this is automatic. In Hotmail, you click on the Options tab, then on Junk Mail, and make sure that Junk Email Filter is switched on. Users of other email providers should check the help pages of their site. Unfortunately, no filtering system can ever guarantee a spam free life, and results vary wildly.

The next bet is to prevent your email address being added to the lists that spam senders use. Always be careful when you are asked to give your email address to enter a web site. Think – do I need to give them my real email address? If they will be sending you a password to enter the site, then obviously you will have to give it, but check for a box to tick saying you don’t want your address shared. If no password will be sent it is a good idea to give a false email address – e.g. mindyourown@business.com. Another option is starting a second email address, whilst keeping a private account for giving to family and friends. Since sites such as Hotmail and Yahoo! place no limit on how many accounts you can have, it costs nothing to take advantage of this.

A common piece of advice is never to click on “unsubscribe” or “remove me” links in junk emails. These could confirm to the sender that your email address is real and read by a human being. However, after extensive research, peacefire.org founder Bennett Haselton says, The risks of following the ‘unsubscribe’ instructions are miniscule, but the benefits are usually even more miniscule, so it’s still probably not a good idea.

Sadly, even opening spam can show spammers you exist. If you recognise spam delete it without opening it.

Following the above practices you should find that the amount of spam you receive is less than before, although if you are really suffering it may be best to set up a new address entirely.

At the end of the day there will still be some you will have to delete. No system is perfect.

Interesting web sites

• www.junkbusters.org – more advice on dealing with junk mail, and the SpamOff contract which might enable you to sue junk mailers for every shilling they have!
• spam.abuse.net – articles, the history of spam, tools and advice.
• thespamletters.com – one man’s often hilarious correspondence with spammers.

Originally published in Arusha Times 274