making your web site work for you...
| Web
professionals dedicated to making your web site work for you... |
| |
|
 |
Welcome to the August
2003 issue of the CyberArtisans monthly newsletter! Several recent computer worms, which have been amply publicized in other publications, have been floating around the Internet lately. Most of these worms take advantage of an operating system vulnerability called "buffer overflow," and many people are under the impression that this is a weakness of Microsoft products. Actually, buffer overflows have been around for a long time. In November 1988 a buffer overflow worm attacked a Unix-based service, virtually shutting down the Internet. For more information than you ever wanted to know about buffer overflows, go to http://www.networkmagazine.com/article/NMG20000511S0015. The most puzzling thing about these worms is that Microsoft released a patch to fix the Blaster vulnerability a month BEFORE the worm was released to the Internet. Similarly, protection for the SoBig.F worm was available via antivirus software within 24 hours of the release of the worm. Even worse, many of the systems affected were professionally-supported systems, which implies that security is not high enough on the priority list for both IT departments and home users. For now, your best defense is to: 1. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com) and download the latest updates for your system, even if you have done so recently. 2. Make sure your antivirus software is installed, working, and updated daily (yes, daily, not weekly as some manufacturers recommend). 3. If you have a broadband connection, install a good firewall (we like ZoneAlarm -- http://www.zonelabs.com) and set it to the highest setting that works. 4. If you have a home network, minimize the number of disks shared and make sure all disks that are shared have a password. 5. If you have a teenager at home, make sure that he/she works on his/her own computer. If you use a home computer for work, insist that your computer is completely off limits for teen use -- period. If possible, set up the same protections on the teen's computer that you have on your own, but go on the assumption that some if not all of them will be disabled (this is why you put passwords on your disk shares). If you have a network hub or router, know which lights belong to the teen's computer, and if you see them flashing continuously when the teen is not at home, insist that Kazaa be removed and not reinstalled. Feel free to be absolutely obnoxious about this -- RIAA has brought suit and been awarded large sums against heavy Kazaa users and you know who will pay if that happens. 6. Back up all your critical data regularly, preferably to a CDR or other external medium. In the January newsletter, we said that "Nobody has succeeded in coming up with a set of rules that always lets the good stuff through and only stops the bad stuff." This is still true, but we have found a Spam filter that seems to work most of the time, and doesn't send everything it thinks is Spam to a big black hole where you can't retrieve it. Even better, it's free. For now, anyway. It is called Spamihilator, which is a little hard for Americans to pronounce, but its developers are German so maybe it works better in German. Nonetheless, the website, Help pages, and program all use good English (with a few very minor exceptions), and best of all it works quite well. Here's what it does: Like most Spam filters, it sits between your email program and your email server. Unlike some web-based Spam filters, however, it resides on your own machine, so you have access to everything it intercepts. It has two filters, a Word Filter and a Learning Filter. The Word Filter has a list of standard "Spam Words" (believe me, you know all these words). Each word in the list has a "Spam probability" associated with it. The Word filter checks each email and decides whether the words in that email add up to a threshold probability beyond which it is declared Spam. The Learning Filter starts out with no information, but the program has a "Training Area." Every once in a while (say once a day) you go into the Training Area and tell it which email you think is Spam and which you think is not. They claim that if you use the Training Area regularly the system will be right at least 90% of the time. Translated, this would mean you'd get 10% or less of the Spam you get now. We have been playing with it for a week or so and have come to a few conclusions that might influence whether you want to try it or not: 1. It isn't perfect by any means, but on the several email accounts we have here it blocks on average two-thirds to three-quarters of the Spam messages, and an occasional non-Spam message. This morning's email is a good example: It blocked 89 messages, all of which were Spam, and it passed 53 messages, of which 45 were Spam and 8 were real. So we still had to delete 45 messages, but that's a lot better than 134. Yes, this was a heavy Spam day -- usually our message count is about half that. 2. It doesn't eliminate the work completely -- you still have to go through the list of blocked messages to find the 1 or 2 you want. But if you rearrange the messages alphabetically by sender and then by subject (which it lets you do very easily), it's not hard to pick out the messages you want to release. And of course you still have to throw out the (relatively) few Spam messages that slip through. 3. The Training process is a bit of a pain, and our initial impression was that it didn't work that well, but we decided to be persistent and now find that about half the blocked traffic is blocked by the Learning Filter (it tells you why each message is blocked). 4. Some fairly crude tuning of the Word Filter does work quite well. We have found that reducing the threshold from the default setting of 100% to about 65 or 70% does a better job. Of course, that blocks more "good" messages, but we found that most of the blocked messages were newsletters (probably because the Spam Words list includes "subscribe" and "unsubscribe"). 5. We fixed the blocked newsletters with the Friends and Enemies lists. This is a list of people whose email you always want to receive ("Friends") and another list of people whose email you never want to receive ("Enemies," although to be fair, the program more diplomatically calls them "Blocked Senders"). You can add someone to either list by right-clicking on the message in Spamihilator's Recycle bin and selecting "Add to Friends/Blocked Sender list." It extracts the email address and adds it to the specified list. We've decided to keep it. It cuts the garbage in your email down to a very manageable level, and you can review the blocked messages at your leisure to find the few that shouldn't have been blocked. And it is easily configurable. * It only works with POP3 email (if you use Outlook Express, Eudora, or Netscape mail, you most likely use POP3 email). It doesn't work with web email, or IMAP email. It works with Outlook when Outlook is using a POP3 server. It does not work when Outlook is working with an Exchange server. * You must remember to check its Recycle bin regularly so you don't miss something you really want -- like this newsletter. The recycle bin keeps email for 30 days, but you can empty it at any time and you can change the 30 days to something smaller or larger. As with any Spam repository, it can get out of hand if you neglect it for a few days. * Don't count on it to protect you against the worms. It blocks the usual Spam quite effectively but hasn't been able to zero in on the worms. * Judging by the current version number (0.9.6.2), it is probably a beta product although the website does not say so explicitly. This means there may be some bugs in it (although I haven't found any), and it also means that some time in the future they might decide to charge for updates. If you're interested in trying it, take a look at their website: http://www.spamihilator.com/index2.php?lang=en. It can be easily uninstalled if you decide you don't like it. * We installed Spamihilator on two of our machines. A few days ago Spamihilator suddenly stopped working -- on both machines. After a little thought, we remembered we had just done a Windows Update on both machines, which sometimes has this effect on certain programs. We uninstalled and reinstalled Spamihilator and it is once again working (fortunately the uninstall/reinstall process is very quick). Thanks for joining us this month. See you next month. Jonathan Spencer |
|
| CyberArtisans Home Web Programming Services Clients Company Newsletter Contact Us |
