Spam and Virus Avoidance for Non-Geeks Norm Wallace, MCSE Owner, Kipper Consulting Co. info@kipperconsulting.com PA Recreation & Park Society 63 rd Annual State Conference TUES March 23, 2010 Keeping PA Green!
Ground Rules: 1. I do not have personal or financial interests in ANY of the products/services mentioned or discussed at today s presentation. 2. Session is meant as a level 100 Overview of terminology/technology/services. Worthy alternatives exist to those that I indicate. Let s talk geek at lunch if you want followup for YOUR situation.
Potential Problems: 1. I tend to speak fast. Complete presentation online at www.kipperconsulting.com under NEWS link 2. I LOVE this stuff. Keep me nontechnical. If I drift into Geek Speak let me KNOW! 3. DID I MENTION I LOVE THIS STUFF?
SPAM?..or why do I keep getting these things in my inbox? Unwanted Commercial Email (UCE) SPAM electronic junk mail: an unsolicited, often commercial, message transmitted through the Internet as a mass mailing to a large number of recipients send unwanted e-mail: to send an unsolicited e-mail message, often an advertisement, to many people [ Late 20th century. Probably from a sketch in the U.K. television comedy series Monty Python's Flying Circus in which all items on a menu contained Spam(tm) ] Synonyms: junk mail, unsolicited mail, junk, direct mail Content above provided by Encarta World English Dictionary[North American Edition
How Bad is it out there? 3 spam to every legit message, probably more http://www.intouchbroadcast.com/articles/7/1/the-email-landscape--legitimate-vs-spam- Email/Page1.html
Q. Why do people send SPAM? A. Because it works Conversion Rate for SPAM Sales: 1.5% of total SPAM messages Approx 1% traditional marketing methods. Retail Cost to SEND SPAM? Estimated at $80 per MILLION emails sent. Spamalytics: An Empirical Analysis of Spam Marketing Conversion http://www.cs.ucsd.edu/~savage/papers/ccs08conversion.pdf
What Can I do to Reduce the amount of SPAM I get? Upstream Filtering ISP email filtering before EMAIL arrives in your Inbox and/or MAIL PROVIDER (AOL, Yahoo, Hotmail, etc) Filtering prior to your inbox. Get to know your SPAM Control Toolset that is in use. Check your Spam filtering Level. Low? Too much spam inbound? High? Legitimate Things being stopped/placed in junk mail folder?
ISP Email Filtering- How do you get your email? Pop3? Exchange? Groupwise? Lotus Notes? WEBMAIL? Ask your I.T. Professional for assistance. Individual/Small Accounts? (Less than five total mailboxes? ) Postini (now Google Owned) $12/user per Year. Advantages:» Easy user interface» Power of Positini behind it Disadvantages:» Cost for small groups» Difficult to implement for end users without support» Needs MX records changed
Email Filtering- Larger Accounts (More than 5 users) Check with Internet Service Provider (ISP) or well known web based ISP s. - Domain Wide (all addresses not based on user count) Email scrub, plus Mailbagging (backup email holding) as low as $45/mo per domain.
Email Filtering- Client Based..or get rid of it now that it s here What Email client do you use? Outlook? Outlook Express? Thunderbird (mozilla)? Groupwise? Other? Filtering Software runs locally on your pc and attempts to sort out SPAM from Legit messages. Advantages: Cheaper Limited technical expertise needed Good solution for folks not already awash in spam Disadvantages: Less accurate. Annual Purchase to stay current Uses your Pc s Resources, can be a big hog.
Client Based Email Filtering software I hate spam / Sunbeltsoftware $30/yr Outlook express not supported. SpamBully / www.spambully.com $30/yr Supports older O/S and outlook Express Both Need Care and Feeding for success from you.
More ways to avoid Spam: No unsubscribe link following from questionable senders. Don t open it (embedded tracking beacon) The Delete key is your Friend Speak up!, involve your I.T. folks get one if you don t have one.. Don t sign up for free stuff, use throwaway email addresses.
Google Email (GMAIL) Fun: Each new newsletter, vendor, etc, create a new gmail address that is a variation on your existing address:
Whitelisting? Blacklisting? Greylisting/Silverlisting / Challenge- Response? Whilelist- Senders/domains always permitted Blacklisting- Senders/domains NEVER permitted Greylisting/Silverlisting/Challege- Response- Auto-emails NEW senders a challenge email and requires them to respond to it before permitting email to be received by you. (don t do it- it stinks, not as effective as you d think)
Don t YOU be a spammer, ok? Keep your Pc s windows updated. Scrape MALWARE from pc s as needed. www.malwarebytes.org and others No risky websites at business.. No youtube, Facebook, Twitter All have been targeted for exploits
How do you communicate with your constituents? Do you harvest email addresses on forms, registrations? Then what? Mailing lists? Who sends them? From where? Who manages the bounces? Double-opt in sign up process? (All best practices and law in some states) Never expose the whole lists addresses.. CC yourself with list. Personal Info on your users? New MA. Law in effect March 1 st - Fairly broad definitions of personal info, new technological safeguards needed (encryption, etc), additional security training for staff, Stiff penalties for failures
Your Email Campaigns- or don t be a spammer- Part2 Consider Freemium Professional Help: www.mailchimp.com 15% discount for not for profit plans
Malware- Web Browser Exploits Bigger threat than Virus Infection Currently. Internet Explorer Exploits Even Fully patched still vulnerable Use FIREFOX, Google Chrome or Safari (apple) as alternate browsers Drive- By downloads BOTNETS Criminal Enterprises
Common symptoms of Infection from Virus or Malware Here are a few primary indicators that your computer might be infected: Your computer runs more slowly than normal Your computer stops responding or locks up often Your computer crashes and restarts every few minutes Your computer restarts on its own and then fails to run normally Applications on your computer don't work correctly Disks or disk drives are inaccessible You can't print correctly You see unusual error messages You see distorted menus and dialog boxes
Keystroke Logger- ZEUS infection On line Banking? Allowing IE to store Passwords? Avoiding Password Changes? Easily Guessed passwords? Try passphrases instead: Toastandjam4, IdontLikeCats5, Datsit4Me999
On Line Fraud INCREASING!
Try to stay Updated on ALL Software The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week. The figures come from security research firm Secunia, which looked at data gathered from more than two million users of its free Personal Software Inspector tool. The PSI is designed to alert users about outdated and insecure software that may be running on their machines, and it is an excellent application that I have recommended on several occasions. Stefan Frei, Secunia s research analyst director, said the company found that about 50 percent of PSI users have more than 66 programs of installed. Those programs come from more than 22 vendors, so as a first order estimate the number of different vendors you have on your box is the number of different update mechanisms you have to master, Frei said. This is doomed to fail.