Triona's Tech Tips

We all know the risks of computer viruses, but what do you do if you think you have one?

First, follow Douglas Adams’ advice: Don’t Panic! Run your antivirus and anti-spyware software to see if they can remove the infection. Windows users might try the free online virus scanners from McAfee and Trend Micro. Malwarebytes is a good Windows resource for removing spyware and other kinds of virus-like intruders. Mac users should try the free programs Avast for Mac or ClamX AV.

Some viruses are easily removed, but others embed themselves deep within your computer. The worst-case scenario is having to format and reinstall your computer from scratch, which is why backups are a must.

There are some commonly-held misconceptions about how to prevent computer viruses.

• Adding “aaaa@aaaa” to your address book doesn’t work. It was a trick from years ago that only applied to one particular virus… for about five minutes, until the virus-writers wrote a workaround. These days it’s the equivalent of fighting a wildfire with a squirt gun.
• Booting into Safe Mode also doesn’t work. Safe Mode is used to diagnose computer problems by starting Windows into a minimal version where only the basics are loaded. Most of your software won’t function and the virus will remain in the background, chewing on your system.
• Fake antivirus software and computer cleaners will only add to your woes. Ads for these run rampant across the Internet, especially when you’re searching for legitimate tools like the ones I mentioned above.
• Fake security bulletins claim to be magic cure-alls, but they’re far from it. They are scams out to trick you into clicking on malicious links and further infecting your computer.
• Fake pop-up Web windows pretend to scan your computer, but they are also scams trying to trick you into clicking them.

Your best protection is prevention. Maintain good backups and stay tuned to Tech Tips for the latest computer news. Through November 1st, 2009, new subscribers to the free email version of Tech Tips will receive a special tip sheet on Four Easy Ways To Protect Your Computer. Just click here to sign up.

In November I’ll teach you about Do-It-Yourself Tech Support. If you have any computer questions, let me know.

Apparently the phishing scam that netted usernames and passwords for thousands of Hotmail accounts was wider than previously thought. The latest news indicates that Gmail, AOL, Comcast, and Yahoo! users, among others, may also be affected.

My advice to everyone is to make today Password Change Day. Get out there and change the passwords for all of your accounts. Use a combination of numbers, letters and symbols (where allowed) and be sure to use a different password on every system. Again, you can follow my password tip sheet (PDF) for guidelines on creating strong passwords.

I am often asked, “what does it matter?” accompanied by the protestation, “I don’t have anything important in my email anyway.” I would like to respond that you should care if:

• You want to avoid identity theft. Many people use the same password or set of passwords for all systems. If someone gains access to your email password, even an old one, they will try to use it to get into your other, juicier accounts, like your bank. And they will probably succeed.
• You hate viruses. Most viruses are distributed through compromised computers (called zombies).
• You hate spam. Most spam is sent from compromised computers. Your email address book is a gold mine for spammers because it’s a list of guaranteed good email addresses.
• You want your computer to work properly. Nothing slows a computer down like being zombied (see above).
• You don’t want someone else surfing the Internet on your dime. If you use an email account from your Internet provider, the same password is used both for email and to authenticate you to your provider’s network. If you use a common dictionary word without symbols as the password–shazam! instant access.
• You don’t want to go to jail for someone else’s crimes. Take the above scenario and imagine that the person who’s hijacked your Internet account is dealing in pirated software or child pornography. Unless you can prove it wasn’t you (and that may be difficult), you could be held liable. People committing crimes on the Internet use other people’s accounts for exactly this reason.

Although some people advocate that you not write your passwords down, I say it’s okay as long as you keep the written record somewhere secure, like a locked drawer or safe. (NOT on a sticky note on your monitor or under the keyboard, please!) Excel spreadsheets and other computerized means of tracking passwords are not good ideas, because the first thing a virus will do is check for convenient lists of the rest of your passwords. You might as well hand out your passwords on your business cards. And no, password-protecting the spreadsheet doesn’t work either; those are cake to crack. Properly encrypted password managers do work, but I favor the old-fashioned paper approach, as long as it’s kept out of sight.

It really isn’t that difficult to maintain different passwords on every system. I’ve done it for decades. If we would all follow the basic, simple practice of secure password management, we could cut down on the viruses, spam and other problems that plague us all.

You should also be aware of the kinds of scams that caused these breaches in the first place. Try the SonicWall Phishing Quiz to test your skills on identifying phishing attempts, when a hacker emulates the login page of a site to con you into entering your username and password.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Gmail, Google’s email service, has some vulnerabilities that could allow unauthorized access to your email. To beef up security, make sure you are using a secure HTTPS connection to Gmail by checking your browser’s address bar. The address should begin with “https://” if you are using a secure connection. While HTTPS is not without its own vulnerabilities, it’s better than naked surfing.

You can configure Gmail to always use HTTP by clicking Settings from the main Gmail window. In the General tab under Browser Connection (at the bottom), select “Always use https.”

Other email services like Yahoo and Hotmail don’t allow this option. Your most secure option is to download your email using a program like Mozilla Thunderbird instead of viewing it on the Web. (In my opinion Outlook and Outlook Express won’t do anything to enhance your security because they have their own problems.)

Do you despair over your email? Many of us store everything in one great big Inbox, but that’s not very efficient. You can use a combination of folders, rules, and spam filters to pare your email down to manageable size.

Folders let you sort email any way you like. You might want to create one folder for business and another for personal correspondence. Create subfolders for each person and voila! organized email.

Rules redirect messages to folders, keeping your Inbox clear for the most important emails. I subscribe to many mailing lists, but don’t have time to read them every day. I use my email program’s Rules option to direct these messages into subfolders. I can see when these subfolders have new unread messages, but I don’t have to weed through them until I’m ready.

Spam filters, like puppies, behave best when trained. Check your email program or provider’s Help for your settings. Once your spam filter knows what you consider spam, it’ll do its best to redirect to a Junk or Spam folder. You’ll still get the occasional spam sneaking through, but if you keep marking as spam your filter will continue to improve.

Next month I’ll answer a frequently asked question: What Is Java? If you have any computer questions click Comments below this article, and don’t forget to subscribe to the email version of Tech Tips for bonus tips and product reviews.

This is why I started Triona’s Tech Tips – because there are murky things going on in the computer world that consumers have no way of detecting. Today it’s your Internet service providers, who are once again doing things without telling their subscribers.

In starting this blog, I naturally added its address to my email signature:

www.guidryconsulting.com/techtips

In the course of checking my Monday morning mail, I sent a reply to a client with whom I’ve worked for years. Imagine my surprise at the following bounce message:

PERM_FAILURE: Rejected by the recipient domain. The error that the other server returned was:
554 554-: (HVU:B1)http://postmaster.info.aol.com/errors/554hvub1.html
554 TRANSACTION FAILED.

I recognized the error because it’s an unusual one, and because I’d just seen it over the weekend when sending a non-work-related email. I immediately recognized the commonalities: both emails were addressed to AOL users, and happened to have links to Blogspot blogs.

A little web sleuthing came up with this:
http://blogging.nitecruzr.net/2008/05/aol-vs-blogspot.html

It appears AOL has decided, without telling its users, that it’s no longer going to accept email messages that happen to contain Blogspot links. And Blogspot happens to be owned by Google.

This is a horrible precident, one that echoes the arguments in favor of net neutrality. If it’s okay for an Internet provider to decide which links it will allow in email, what’s to stop them from, say, refusing all emails from non-affiliated providers? Imagine if your cell phone company decided you couldn’t receive calls from another company’s customers!

This isn’t going to provide computer security for AOL users, as the error message implies. It’s going to send those users – who are already plenty ticked about their degrading service, especially dial-up – straight into the arms of some other provider.

If you’re an AOL user and suddenly not receiving some emails, this may be part of your answer. And if you are emailing AOL users, you’ll have to break up the “blogspot” address, like this:

b l o g s p o t . c o m

Otherwise your message may never reach your recipient, and you may never know why.