Specialized Computing Blog

Spam e-mails are known to be the modern day version of junk mails. Usually e-mails from individuals or companies advertising their product or services, they are relatively harmless.

However, the increasing use of networks have made spammers smarter. With losses of about $20 billion in productivity and expenses, several IT companies saw the increasing demand for spam solutions.

Here are some of the features that could be helpful in choosing the “ideal” spam filtering subscription.

There are two important things to look for in evaluating a particular spam filtering subscription. This would be – accuracy and false-positive rating. Accuracy refers to the percentage of legitimate e-mails that make it to the user’s inbox after being filtered. The accuracy of several spam filtering subscriptions are tested by “passing through” thousands of e-mails. Some of these e-mails are legitimate while some are spam. The satisfactory rating for accuracy is 80% though some subscriptions have ratings as high as 98%.

False-positive rating refers to the percentage of legitimate e-mails that have been wrongly identified as spam. The satisfactory rating for a false-positive is 1%.

Usually, spam filter providers use quarantine features in order to avoid important e-mails from being disposed. The user may then sort the important e-mails from the spam. Different computer publications such as PCWorld and PCMagazine offers reports on the accuracy and false-positive ratings of different spam filtering subscriptions.

Most internet service providers (ISP) and e-mail programs such as MSN Hotmail, Microsoft Outlook and Yahoo! Mail provide a certain type of spam solution. If looking for a separate spam filter, try to know first if it works with several e-mail programs. A particular spam filter may work with Microsoft Outlook but not with Mozilla’s Thunderbird.

The cost of spam-filtering subscriptions has to be gauged with the services it provides. A certain subscription may be expensive but may be worth paying for with its features, speed and control. Sometimes choosing a lower cost provider may mean paying more due to lost time and frustration from poor output performance.

A good spam filter should fit the specific needs of the subscriber. It should allow a great deal of control by offering a wide range of flexibility in configuration according to his/her policies. It would also be helpful if it provides automatic updates.

These are the main things to consider in fighting spam. Depending on the complexity of your situation more time could be spent in evaluating and comparing your options.

When you are surfing through the web you generally see some pages that are not displayed properly, the frames become all mixed up and the content become unreadable. Many surfers think that it is a problem of coding and the blame incompetent coders. Actually, if you feel better placing blame, it belongs with the greedy program distributors like Microsoft and Sun Systems which turned the great educational idea of Tim Berners-Lee into a competition area and a complex language not having a standard form.

Tim Berners-Lee is the inventor of the Web. In 1989, Tim was working in a computing services section of CERN when he came up with the concept (web); at the time he had no idea that it would be implemented on such an enormous scale. Particle physics research often involves collaboration among institutes from all over the world. Tim had the idea of enabling researchers from remote sites in the world to organize and pool together information. But far from simply making available a large number of research documents as files that could be downloaded to individual computers; he suggested that you could actually link the text in the files themselves.

In other words, there could be cross-references from one research paper to another. This would mean that while reading one research paper, you could quickly display part of another paper that holds directly relevant text or diagrams. Documentation of a scientific and mathematical nature would thus be represented as a ‘web’ of information held in electronic form on computers across the world. This, Tim thought, could be done by using some form of hypertext, some way of linking documents together by using buttons on the screen, which you simply clicked on to jump from one paper to another.

Tim’s simple but effective idea turned out to be the greatest communication device of humanity even if it was not supported by big companies and manufacturers. For instance, Hewlett-Packard, in common with many other large computer companies, was quite unconvinced that the Internet would be a success; indeed, the need for a global hypertext system simply passed them by. For many large corporations, the question of whether or not any money could be made from the Web was unclear from the outset.

Later, especially after Mosaic, the first web browser was released; the competition between the companies became more obvious. The later version of Mosaic in competition with the Microsoft Internet Explorer added new features to the HTML language like n-compass and active-x controls respectively. Meanwhile, the World Wide Web Consortium was formed to fulfill the potential of the Web through the development of open standards. They had a strong interest in HTML. Just as an orchestra insisting on the best musicians, the consortium recruited many of the best-known names in the Web community headed up by Tim Berners-Lee. During 1995, all kinds of new HTML tags emerged. Some, like the BGCOLOR attribute of the BODY element and FONT FACE, which control stylistic aspects of a document, found themselves in the black books of the academic engineering community. “You’re not supposed to be able to do things like that in HTML,” they would protest. In the end, the technology of web was for the pure purpose of science and technology. It was not supposed to turn into a multimedia “tool”. It was their belief that such things as text color, background texture, font size and font face were definitely outside the scope of a language when their only intent was to specify how a document would be organized.

While the W3 Consortium was working on already the HTML 3, the web design was benefiting the competition between the Netscape and IE. Even for the good intentions of the consortium, the big corporations insisted on creating their own derivatives for HTML. This was creating many compatibility problems. Finally, following the success of the November, 1995 meeting, the World Wide Web Consortium formed the HTML Editorial Review Board to help with the standardization process. This board consisted of representatives from IBM, Microsoft, Netscape, Novell, Softquad and the W3 Consortium, and did its business via telephone conference and email exchanges, meeting approximately once every three months. Its aim was to collaborate and agree upon a common standard for HTML, thus putting an end to the era when browsers each implemented a different subset of the language. The bad fairy of incompatibility was to be banished from the HTML kingdom forever, or one could hope so, perhaps.

The incompatibility was not banished but was at least minimized. However, HTML kept on growing and the last versions like the dynamic HTML, like HTML 4.0 brought new colors and usages for this language. Especially after the edition of style sheets, it became extremely difficult to standardize the view of a web page depending on the browser you use.

As you can see, HTML was written for the pure purpose of information sharing but turned into a mass communication mechanism. It was supposed to be an organizational language, and yet became multi-media source where you can edit the layout and add images, sound and many other multimedia files. We can blame the evolution process of this language for the non-standardized nature of it.

What is “Phishing”?

Phishing is the process where an attempt is made to fraudulently extract sensitive information from someone, such as credit card details, user name and password, using electronic communication.

Users are often deceived by Instant messaging or an email which directs them to a false website, where they are asked for sensitive information. These requests often come from popular websites like Facebook, MySpace, eBay, Yahoo, etc.

Another part of this fraudulent process is achieved by “keylogging”. This is where keystrokes and mouse operations are recorded, and screen shots are captured enabling access to the Protected Storage Area in Windows where Internet Explorer stores passwords. According to the Anti-Phishing Working Group, the number of keylogger programmes has more than doubled in one year to 180.

Stolen Data

Security researchers are concerned that identity thieves and hackers are not just using keyloggers to steal sensitive information but the information captured in this way is often placed on unprotected FTP sites where it is available to anyone who encounters it. These servers are packed with stolen information from all over the world and in many languages. The information held includes Hotmail, Yahoo and other email account information, IP addresses, other usernames and passwords, etc. Criminals use complex methods to sift through the data to find what they are looking for.

Despite the obvious dangers many people neglect PC security and use their PC without anti-virus protection or spam blockers. If your PC is unprotected, criminals can use unknown programmes on your PC to contact the web. Therefore, it is essential that your firewall is capable of protecting your PC from this type of danger – not all built-in firewalls do. You should re-use your passwords but avoid using the same password and username at different sites. You should also note the following safeguards.

- Don’t react to urgent or excitable requests for personal information. Remember that banks do not ask for password details via email.

- Don’t click on embedded links – type the website address directly into the web browser. Contact your bank if you are suspicious.

- Note that e-commerce companies usually personalize their emails. Always check the website address line to verify.

- Criminals are now replicating the “http://” that appears when you are on a secure server. They are also duplicating the yellow lock that appears at the bottom of the page which contains the security certificate number for the site. If you get a message saying that the security certificate number does not match the site address you should close your browser.

- Install a web browser toolbar that identifies and protects you from known phishing websites.

- Report all phishing attempts as soon as possible.

Wireless networks are becoming more and more popular, and for good reason. Especially if you have broadband Internet access, a wireless router can give you instant communication with the world that is worthy of the science fiction I grew up reading!

The idea of reading email while lounging by the pool, text or instant messaging while doing the laundry, or lounging in the Jacuzzi listening to your MP3 collection is appealing to us all.

Unfortunately, many, or even most, wireless units don’t come with security features already functioning. This may not seem like a big issue to someone who is simply setting up a home network, but there are a number of potential problems you should consider.

The most serious problem is the increase in identity theft. If your network is unsecured, the personal data on your wireless electronic equipment is also unsecured. The order you just placed for a book at Amazon may have given your contact and payment information to an unscrupulous hacker!

Nearly every town in which “WiFi” is common will have “War Drivers” and “War Chalkers” at work. These are people who walk or drive around town with wireless equipment, searching for unsecured networks. The “Chalkers” then live up their name, marking curbs and other public items with chalk so that others can more easily find and exploit your network.

Not all “War Drivers” are hackers, of course. Many just want to use your network for free, but the risk is high if you don’t learn how to protect yourself. You can usually find quite a bit of free information as to how to secure your network at the website of your router’s manufacturer, or by doing a search in a search engine for a phrase like “secure home wireless.”

Beyond the truly malicious, there are also your neighbors who may find your network by accident and enjoy nosing into your activities and using your Internet access at will, slowing down your network speed in the process.

Even many businesses use cheap, home-use quality equipment for their company networks. With the poor security often found on small business networks, anyone with a basic knowledge of wireless can access sensitive company and customer data.

If you are unable to secure your network yourself, there are many service companies who will do it for you. A search of your local yellow pages or an inquiry at your neighborhood computer store should yield professional help and get your private data private again.

Who, exactly, stands behind that website on your screen? Does that web page really belong to the company it claims to represent?

A handy little applet, known as a “Whois,” can tell you who is behind a web page before you make that final click or download that free offer.

What is a Whois?

A Whois is a software utility, or applet, that looks up information about individual websites. A Whois will reveal whatever information is currently available for any website.

A Whois will find the Domain Name and the IP Address so you will at least know the identity of the registered owner of the domain (website).

The exception is when an owner of a website lists it as “private.” In that case, the only information available is whether the website really exists.

How much, or how little, information available for a Whois query depends on what the owner of the Domain Name decides to make public. Thankfully, most serious businesses provide ample information.

Companies usually want to make it easy for customers to get in touch; they list every possible way to reach them. They list telephone and fax numbers, physical (street) and postal addresses, and of course email contacts, in order to attract prospective customers.

A personal website owner, though, might be wiser to list only the minimum required data, or even register as “private.” That way, she could avoid attracting unwanted sales pitches, spammers, or perhaps even worse.

Someone with a day job would not be at home during office hours, anyway. As well, who needs strangers from distant time zones phoning in the middle of the night? So he may not list his phone number.

How does a Whois work?

Not all Whois applications search ALL domains. Each Domain Registrar is responsible for maintaining a Whois over those domains (websites) registered with him. When the internet was in its infancy, each Whois was designated to search only one type of domain; there was one Whois for “.COM”, another for “.ORG”, and so on.

Even today, many Whois utilities are still dedicated to one domain type or to one Registrar (the agency where you have registered your Domain Name). To facilitate searching, we now have publicly accessible Whois software that can search all Domain Registrars plus all Hosting Servers for any type of domain.

We will consider two categories of Whois software:

a) Free Whois software

b) Affordable, commercial Whois software that you pay to use

Which type Whois is best for me?

Naturally, that depends on how you are going to use a Whois, something you will only know after having tried a few different Whois services.

While learning how to use a Whois, the free ones are easy on your pocketbook and deliver results that are just as accurate as any other model. They all search the same data bases, after all!

When using a free, no-frills, Whois you may have to Cut-and-Paste the URL (web address) from your browser address bar to the Whois search box manually.

The free Whois will then probably present the information in a more primitive format — that is, in a long text-based list of line after line of data. This requires more work, as it is more difficult to glean the information that you need.

For infrequent use, a free Whois will do. It makes sense to start with free software until you know enough to decide whether to spend money on an easier program. It is quite likely that you may never need to buy a Whois program at all.

If you decide to buy faster, easier commercial Whois software, it can be had for $25 or so.

Any commercial program should install an icon in your browser toolbar so all you need do is click on the icon. Then the application reads the URL of the website currently in your browser window and looks it up automatically. No Cut-and-Paste contortions.

Finally, it should open a new, graphical “results” window where it displays the information in a neat, perceptible manner. You get all the data without the clutter of a text-based display.

What can a Whois tell you about a website?

Suppose you are searching the internet and you find an appealing site: “HONEST-SITE.COM”. First, you want to see who they really are. A Whois search usually tells you:

i) The true Domain Name, hopefully, HONEST-SITE.COM in this instance.

ii) The IP Address of the website, e.g., 123.45.0.234 (four groups of numbers from 0-255, separated from one another by periods (dots). Try typing those numbers into your browser address bar — it should bring up the same website again.

iii) Any other contact information available.
As well, you can expect to find information about who hosts the website (supplies the Web Server):

iv) The name of the Hosting Company (Domain Name Server or Web Server), e.g., “WORLDSBESTDOMAINSHOP.COM”

v) The IP Address of that Web Server, including contact email addresses and phone numbers

vi) The email addresses for their Administrator (ADMIN) and Webmaster (TECH).

A Whois reveals whatever information is available for any website, so you can see who stands behind it. And yes, as you have guessed by now, a Whois is a quick and ideal way to unmask faked (phishing) websites.

Online computer security is critical right from the moment you switch on your brand new computer. Here are 7 Simple Steps to Online Computer Security (Information Security online).

1. Install anti-virus and anti-spyware software.

Install Anti-virus and Anti-spyware software on your computer before you start surfing the first time. The difference between a computer virus and spyware is that – a virus is a malicious piece of computer code that can be implanted on any computer and it can result in destruction of the file systems of your computer and can be transferred from one computer to another and spread like the biological virus. A spyware is a program that collects information about you without your knowledge or consent. A spyware does not spread like a virus.

2. Keep your computer firewall ON all the time

Most anti-virus soft wares come with a firewall. If the operating system that you are using is Microsoft Windows XP Service Pack 2 (SP2) or Macintosh OS X, then it has an in-built firewall. Usually, the firewall is off when the computer is shipped to you, so make you read instructions on how to turn on the firewall. A firewall prevents direct communication between your computer and another computer (a hacker’s computer).

3. Turn on the automatic software updates feature

Turn on the automatic updates feature of your anti-virus, anti-spyware, OS, and firewall on and stay current. This is a good online computer security measure. It is important that you have the most current protection. Hackers search on the internet for computers that are either unprotected or don’t have the latest protection features. Hackers can hack into your computer and install software on your computer. This will enable them to steal login details of your online bank accounts, other membership sites like Ebay, Paypal etc. and also send Spam emails that appear to originate from your computer. Sending Spam emails that appear to originate from your email address can result in your account being revoked!

4. Store your computer information safely

Storing your computer information safely can help the technician who is fixing/ restoring your computer. For example, on Windows, Click Start and then choose Run. This will bring up small window wherein you need to type ‘msinfo32’ without the quotes. This will bring up a system window. On this widow, choose the file menu and then Export. Export your system information on to a CD. Similarly, for other operating systems, search on Google.com for information on storing the system information on a CD.

5. Backup important files

It is important to back up important files. Determine what you would do to restore your computer if it has been attacked. Pretend that your computer file system has been corrupted and then what steps would you take to restore. You will realize that having a backup can make things easy for you.

6. Use strong password authentication

When you signup for an online membership like online bank, , Paypal, Ebay etc., do not use weak passwords that can make it easy for people who know you or have your some information about, easy to hack. Using your significant other’s name, child’s name, pet’s name etc. are weak. Use something stronger like first letters of the address of the house where you were born concatenated to your birth year or something along those lines. It is best if the password is NOT some meaningful word!

7. Protect your personal information

If you are asked to give out personal information like phone number, address, SSN, identification numbers etc. on the internet, use more caution. Find out exactly why and how they will be used. If there is a link in your email that asks you to login by clicking on the link, then don’t! Usually genuine emails don’t ask you to login directly by clicking a link in the email. If you want to login to your membership accounts, always open a new browser and then type the URL of the website (to login to Paypal account, type paypal.com on the new browser instead of clicking on the link from an email that is asking you to login.).

If you are giving out credit card information, then the page that accepts credit card information must have secure encryption. The URL usually begins with https instead of the regular http. If you right click and select properties, the Connection section should read something like 128 bit encryption (High) and also must have 1024 bit exchange.

Following these 7 steps to online computer security can protect you and your computer from online attacks. Be sure to visit computer security groups in Yahoo (groups.yahoo.com) and Google (groups.google.com) for some free online computer security information.

Increasingly sophisticated software, faster networks and online communication have brought many technological advances and benefits. However, with it have come increased security risks including many previously unknown ones as the bad guys harness this very same technology to further their evil ends.

Some of the more common threats and ways of overcoming them are:

Viruses – These are malicious software codes that cause undesirable effects on your computer. A virus is designed to spread itself without the knowledge of the computer user. A computer may become infected through downloads from the internet using CD’s or disks with infected programs or from other computers on the network. Another extremely common way viruses spread is through infected email attachments. Given the many modes of transmission viruses are clearly a threat online as well as offline. The old adage “Prevention is better than the cure” is particularly true in the case of computer viruses. You can save yourself a whole heap of trouble and countless hours of misery by avoiding infection in the first place rather than trying to repair the effects of viral infection. Some simple rules can help you achieve this:

1. Install a reliable and reputable anti virus software and run regular scans. Preferably have the scan run on boot up.

2. New computer viruses are created everyday. Ensure that your anti-virus software is kept up to date with the latest virus definitions.

3. Do not download software from questionable or unknown sources. Always scan software using your anti-virus software before executing or installing on your computer.

4. Do not open email attachments from unknown senders. It is best to use an anti-virus software that automatically scans your email and can warn you if any threats are detected.

Worms – These are a type of virus which replicates itself and takes control of computer resources. The main distinction between a worm and other viruses is that a worm does not necessarily have to live within a host program and can run itself.

Trojans – these are malicious programs that masquerade as something useful thereby enticing the computer user to execute them and unleash their nasty payload.

Spyware – these are programs usually installed secretly along with other software whose purpose is to capture information about the computer user, the computer installation and other sensitive information about computer usage. This information may then be transmitted to a third party either by email or through the software “calling home” to transmit information to a remote website. Depending on the nature of information collected and transmitted this could pose a serious security risk.

Adware – propagated in a manner similar to spyware, these programs serve to pop up advertisements on the user’s internet browser or desktop. These programs too may capture information about the user’s browsing or purchasing habits so that advertisements may be tailored to suit.

Keyloggers – These are programs that record keystrokes entered through the keyboard and then secretly transmit this information to a third party. Naturally this can expose passwords, credit card details and other important information.

Control of worms, trojans, keyloggers, spyware and adware is achieved using similar strategies to those adopted for viruses, namely using appropriate anti-virus software including spyware and adware scanners and avoiding executing programs obtained from unknown sources.

Hackers accessing and taking control of a computer is another serious risk especially today with the widespread use of “always on” broadband internet. Hackers may exploit vulnerabilities in legitimate software or use trojans or viruses they have implanted to gain control of a computer which they can then use for sending unsolicited commercial emails (spam) or for other illegal activities. The idea here is to shield the perpetrator from detection as the illegal activity appears to originate from the computer they have taken control of.

In order to minimize risk of hacking attacks it is important to ensure that software used including the operating system is kept up to date by installing all vendor supplied updates and upgrades especially critical and security related updates. An effective firewall is another vital defence against unauthorized access by third parties. A firewall could be installed on the modem used to connect to the internet or as a software program that runs on the computer. The firewall serves to control who and what programs are allowed to accept or make connections with the internet. A firewall can also be useful in detecting and controlling programs like keyloggers which attempt to call home.

Phishing is another security phenomenon that has seen an alarming increase in recent years. Criminals are employing increasingly convincing and sophisticated means of sending emails which appear to originate from legitimate websites. However, links in these emails actually lead to websites controlled by them where they can capture valuable personal information such as logins and passwords. This is commonly used to cheat unsuspecting users by tricking them into revealing online bank login details etc. The golden rule in dealing with phishing attempts is to treat all emails which request personal information with at least skepticism if not suspicion. Never click a link in an email and enter login information or other personal information as the ultimate destination of that link may be cleverly concealed. When logging into online banking sites for instance always type the address in the browsers address bar. It is also important to pay attention to security features on webpages where sensitive information is input. A webpage address that starts with https: and shows a padlock symbol is secure. This means that any information transmitted from that website is encrypted and is therefore not at risk if intercepted.

There are offline risks to your computer as well. For instance it is important to select strong passwords which cannot easily be guessed. Ideally they should be at least 8 characters long and not consist of a regular word or name and comprise a combination of numeric and non-numeric characters. The strongest password would serve no purpose however, if a hacker is able to get you to disclose it to him. It is important to always be on the look out for social engineering attempts which aim to get you to unknowingly or knowingly reveal sensitive information such as passwords.

Needless to say physical security of your computer is also vital. The best antivirus software and firewall will not protect a laptop left in full view in an unlocked car! Maintenance and adequate care of hardware should not be neglected either. Regular backups stored in a location away from your principal computer and uninterruptable power supplies are good ideas to protect the integrity of your hardware and data stored thereon.

Perhaps the only way that comes close to completely eliminating every possible risk to your computer is to never turn it on and store it in a locked vault! However, even that may not work one hundred percent of the time. Nevertheless, it is possible to minimize your risk to an acceptable level by following common sense and adopting some of the simple rules discussed above.

These simple tips will help you stay virus and spyware free, even if you’re connected to the internet 24 hours a day.

1. Protect yourself

Good protection on the Internet these days consists of 3 components: anti-virus software, anti-spyware software and a firewall.

Good virus protection doesn’t need to cost you a fortune. You can get excellent free anti-virus software at www.grisoft.com. Even the professional version of their software is very affordable.

For spyware protection, go to www.lavasoft.de and download Ad-Aware SE Personal, also free. This will zap the most common spyware and adware found on the Internet.

As for a firewall, Windows XP ships with a decent enough firewall. Just make sure it is always enabled. Alternatively you can visit a site like www.download.com and search for Zone Alarm, which has an excellent free version.

The most important thing to keep in mind is that you need to keep your anti-virus software up to date. An anti-virus program that uses definitions that are months old is just about useless.

Update your anti-virus and anti-spyware software at least once a week.

2. Stop opening every attachment you receive.

Most of the devastating worms and viruses of recent times were distributed via email. These viruses feed on the curiosity and also the ignorance of a huge number of email users. People will get an email from fakename@weirdsuspiciousdomain and they’ll just open whatever file is attached to it.

If you don’t know the sender, don’t open the attachment – just delete it. It doesn’t matter if the subject promises you’ll see Britney Spears dancing nude on the kitchen table, just delete it.

If the email is from someone you know, always scan any attachments first before downloading or opening them.

If every email user in the world followed these simple guidelines the distribution of viruses via email will grind to a halt.

3. Stay clear of pornographic and illegal software sites

If you want to pick up viruses and spyware quickly, visit some pornographic web sites. One wrong click on a subtle little pop-up or security warning window (which you’ll run into often on these type of sites) and you’ll have infested yourself with trojan horses, spyware, dialers and other unfavorable software that could leave your computer wide open to further attacks.

The same goes for web sites distributing software, serial codes and cracks illegally (warez).

Simply put – keep out of the dark side of the web and the odds of keeping your computer clean shifts decidedly in your favor.

4. Watch out what you download

Spyware is embedded in a lot of software on the Internet – especially those related to ripping, converting and playing music and videos. That free MP3 player or DVD Ripper you just downloaded may have installed a bunch of harmful spyware without you even knowing about it.

5. Keep yourself informed

Major anti-virus software developers like Symantec and Grisoft updates their sites regularly with the latest virus alerts. Visit these sites frequently to keep yourself aware of what threats are doing the rounds and how to avoid them.

Using these simple and software I have kept my computer virus-free for the past 3 years. It’s not rocket science. Just stay alert, use some common sense and you too can stay bug free while still enjoying your Internet experience.

Somewhere out there in cyberspace are malicious vandals hard at work dreaming up new computer viruses. Eugene Kaspersky, (of Kaspersky Lab Virus Research), in a November 23, 2005 article posted in Security News, said, “The number of new viruses and Trojans is now increasing every day by a few hundred. (Our) virus lab receives between 200 and 300 new samples a day.” That is Not a misprint. He said 200-300 per DAY!

The worst ones we hear about. The large majority are quiet and anonymous like termites, often doing much damage before they are detected. Like human viruses, their effects run the spectrum from mostly benign to potentially fatal to their unwilling and unwitting hosts. Also as in human viruses, there are two different approaches to dealing with them: Prevention and Cure.

Preventing virus infection begins with guarding the portals of contact. Do not open suspicious e-mails or attachments without scanning them first. Most anti-virus programs have a right-click option to scan a selected file for viruses, which makes scanning easy. Similarly, when you download software, eBooks or whatever, always save to a file, then scan the file before opening. If you bring in data or software by floppy disk, CD or other portable media, the same rule applies; scan it first!

A good firewall can help somewhat in keeping viruses at bay, but there are too many ways to hide them in regular data or software transfers for a firewall to catch them all. A firewall (like chicken soup for human flu) can help, but don’t rely on that alone.

As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” However, sooner or later, some viruses are going to get through your defenses somehow, and you will need to turn to cures.

If you should get hit by a really bad virus, you could lose most of your files before you know that there is a problem! The first step to enable cures is to prepare well in advance, positioning and backing up your files for easy recovery. Set up your computer with a small hard drive (4-10giga) for your C: drive and a much larger hard drive for all your data. Use your C: drive for programs only. Keep copies of your software purchase receipts, registration and activation codes and setup info in a file on your data drive. You can always download them again, if you can give the seller your purchase info to show that you already bought.

Almost all virus infections will be in the program section of the C: drive, so scan it daily. This won’t take much time since you have arranged for it to be relatively small. Then scan your (larger)data drive once or twice a month.

You should still back up your data files frequently. If you cannot backup everything, at least backup the crucial information that would be difficult or impossible to replace. CD and DVD burners are a good way to do this backup, as are removable hard drives.

Finally, you will need good anti-virus programs to go after the viruses and either quarantine or (preferably) destroy them. There are many anti-virus solutions being touted and hyped out there. Some are good, most are not. Here is how to find the good ones:

1. Look for programs that offer both active and passive protection. Active protection means that part of the program remains memory-resident, actively watching for potential incoming viruses. When they detect a virus they can sound an alarm and give you a series of options for dealing with it. Passive or on-demand protection will let you ask for a scan of specified areas when you want it, but it waits for you to ask.

2. Select your anti-virus software based on the recommendations of independent testing agencies. Checkmark (by westcoastlabs.org), AV-test.org and PC World magazine are among the most respected independent testers of anti-virus software. For ratings of anti-trojan software, check with Anti-trojan – Forum. Use more than one anti-virus and anti-trojan program. Very few detect all problems, but what one program misses, another may find and defeat.

3. Keep your anti-virus programs up to date. There is a running gun battle going on between virus writer-disseminators and virus catch-and-destroy experts. New viruses are found; new anti-virus program patches to find and destroy them are usually ready within hours or days. Until your software is updated, you are still vulnerable to the new viruses.

In addition to using anti-virus software on your personal computer, consider using an Internet Service Provider or e-mail service that includes server-side anti-virus and spam e-mail filtering as a third layer of protection.

In summary, be careful, get good software, run it often and update it frequently… and stay alert to new developments! This struggle between new viruses and better anti-virus software is ongoing, and developing rapidly.