Newsletter "Behind the Scenes" Newsletter

January 2013The monthly newsletter by Felgall Pty Ltd

My Word

Emails and Security

It isn't enough to rely on whatever security programs you have installed on your computer to protect you from all of the nasty things that some people attach to emails. Those programs can only block those things that they identify as harmful and it takes a while for their information on what is harmful to be updated after new threats are introduced.

Just because you have security in place doesn't mean that you can open emails and click on all the links they contain without considering the consequences. The security software should be looked on as a fallback for those rare situations where you are actually fooled into thinking that the email is actually genuine by the fact that it was really sent to you by a friend whose computer has been compromised.

The first, second and third layers of your defence against harmful emails are all the same - they are you and how you use your email program. The very first step in protecting yourself from harmful emails is to configure your email program so as to minimise the harm that incoming emails can do and also to minimise any harm that your emails can do if your system is compromised. That means making sure that you have JavaScript turned off and kept off for all emails (emails NEVER need scripts to run). It means having linked images disabled so that only embedded images in emails are displayed when you see the email when you first receive it. The option to turn on the linked images should only be selected where you specifically want to tell the sender that you received their email and so should only ever be used when you are positive as to who the real sender is. Any emails you send should be in plain text unless there is a specific reason why this particular email needs to include HTML. The preview pane of your email program should be turned off so as to ensure that emails don't get opened by accident.

The second layer of defence that you can implement yourself is to examine the subject and sender of the emails before you start opening any of them. You know what sorts of emails you expect to receive and so any email that came from an unexpected source as almost certainly something that you should delete without opening (marking it as junk is also useful to tell your email program what emails you want and what emails you don't). If the email doesn't say it comes from someone you know and you don't remember signing up for a mailing list that could be the origin of the email then delete the email. Even if you do expect emails from the sender, if the email looks suspicious then delete it. So all those emails suggesting that your account with ZYZ site has been compromised where you don't actually have an account there can be deleted unopened. All those emails that mention a problem with your order from ABC site where you received the last thing you ordered from them a few weeks ago can also be deleted unopened. Of course any emails where your security software have updated the subject to indicate that there is a virus contained within the email should also be deleted unopened.

Once you have carried out these steps then you can at least be reasonably certain that the remaining emails will be safe to open in order to examine their content further without triggering any threat they contain when the email is first opened.

Once you have opened an email, don't just go clicking on links within it no matter how genuine the email looks. The first thing you need to do once the email opens is to see whether it contains plain text or HTML. If it contains plain text then what you see is what you get and if a link appears to go to a particular site then it will actually go there. If the links look like they go to a different site to the one the email claims the links go to then delete the email immediately and move on to the next email. With HTML emails it is slightly harder to see where links will really take you but in most email programs if you hover your mouse over the link then the real address the link points to will be displayed somewhere so you can check it. If the real address isn't the same place as where the link claims to take you then delete the email and move on to the next.

If you want to make sure that those emails you still have at this point really came from who they claimed to come from then you can use the option in your email program that displays all the headers for the email and examine the path the email took to get to you. I have rarely found it necessary to do this.

By this point you will have discarded most if not all of the malicious and spam emails yourself and the remaining emails should be those that you actually wanted to receive. At this point you are now relying on the security software you have installed to identify if one of your friend's computers has been compromised resulting in your having received an email that actually did come from them that contains something that they didn't mean to send - for example they meant to send you an excel spreadsheet but not the macro virus embedded in the spreadsheet. That's the point at which you will need your up to date antivirus software to scan the attachment as you try to open it and advise you of the malware it finds before it can spread onto your computer.

Too many people rely exclusively on their security software to protect them where they themselves ought to be looking to eliminate all the threats before they get to your security software. Not surprisingly their systems usually end up infected with all sorts of nasties because the security software is not going to identify all the threats.

With most of the emails I receive that contain a virus my antivirus program flags the email as containing a virus as the email is downloaded. It does not flag any of the emails that simply contain a link to a web page that contains a virus as the emails are downloaded. I have seen emails that I know contain viruses arrive without being flagged as containing viruses and know that I receive lots of emails that link to web pages that contain viruses. These emails all get deleted by me (or in some cases saved to a specific folder on my computer so I can print copies of the email to show the students at my next computer security class). I have never had my antivirus block my opening a link in an email though as fortunately none of the legitimate web sites I get emails from has had its security compromised so far. I hope that should that happen that my antivirus program will be able to identify that threat.
 

On Site

A bit more variety in web pages this month and hopefully more to come in the coming month. Suggestions for topics for web pages are always welcome.
 

What's New

The following links will take you to all of the various pages that have been added to the site or undergone major changes in the last month.

Main Links

Ask Felgall
Past Newsletters
Sign Up/Unsubscribe
Question Forum

Categories

Browsers
HTML
Javascript
Interactive Web
Mainframe
PC Software
Networking
Comms Software
Word Processing
DTP
Graphics
OS/2
Linux
DOS/Windows
NT/2000/XP
Book Reviews
Links

Other Links

My Javascript Site
My Blog

http://www.felgall.com/