Search
 

What is MAP?

MAP Services

Law PracticeTips Blog

OBA-NET FAQs

MAP Articles

Other LPM articles

Starting a Law Practice

Lending Library

LPM Books

Law Practice Today

Grande Macros for Family Law

Internet Directory

Forms for Download

News & Views
Home -- MAP -- Articles
Management Assistance Program  

Law Practice Tips

Computer Viruses to Spyware: Things You Don't Want to Pick up Online
By Jim Calloway, Director, OBA Management Assistance Program

August 2003 was a difficult month for personal computer users. Well, not all PC users. Linux and Macintosh users had little to fear, although I assume they also got some e-mails that were intended to cause trouble. But it was a difficult month for the majority of us who operate a computer with one version or another of Microsoft Windows. From Blaster to Sobig, there were several new additions under the category of nasty things circulating on the Internet.

It was a particularly difficult month if you happened to click on a file attachment to an e-mail where someone you knew was apparently wanting to share a "wicked screensaver" or "that movie" with you. Many of us avoided the worst of these potential problems because we knew two things: 1) just because an e-mail states it is from a certain individual does not make it so, and 2) there are many types of e-mail attachments you just do not click on, certainly not until you have verified by phone or face-to-face discussion, the legitimacy of the attachments. (These include files with names ending in .pif and .scr, the two file types used by Sobig.)

Most computer viruses and worms are still spread by someone who makes the mistake of clicking on a bad attachment to an e-mail. But the new Blaster worm did not utilize e-mail for its transmission. Rather, it used an open port in the Windows operating system to attack computers. You don't need to know what a port is to understand that if it is open, things may enter and if it is closed, they may not. We'll discuss more on ports later.

A lot of lawyers tell me that they do not download any files from the Internet, that they never click on e-mail file attachments or they delete any e-mail from an unfamiliar source without opening it. While those techniques would certainly greatly reduce the chances of one's computer being infected with something nasty, those rules are probably too restrictive for most of us. While there are many aspects to the Internet, the ability to send and receive e-mail and file attachments is likely the biggest business boon to most lawyers.

This month we will discuss some of the bad things that you can run into online and ways of avoiding or coping with them, beginning with the least serious.

The Problems - "Bad things" on the Internet

1) Pop-up ads - Surely every Internet user is familiar with these annoying ads that pop into view when you enter or leave a web page. Now some pop-up ads have made it harder to close the page by positioning the X to close the web page just off of your viewable (and clickable) screen area so you have to drag it over. Many web surfers have stumbled into an area where you are bombarded with multiple pop-up ads or new ones that open as you close the old ones. If you find yourself suddenly receiving substantially more pop-up ads when surfing your normal Web sites, it may be that some adware has infested your computer and is now serving them up to you in greater numbers.

2) Spam - Unsolicited commercial e-mail continues to proliferate. Hardly a day goes by that I don't get an _e-mail offering to expand or shirk part of my anatomy, refinance my home, give me another credit card or direct me to Web sites with inappropriate material. A recent study by e-mail filtering specialist MessageLabs indicated that the legal professional was the second-highest industry in receipt of spam, second only to the health care sector. The Federal Trade Commission has stated that an estimated 96 percent of spam contains information that probably is false or misleading.

3) Spyware - Spyware is software, that is usually downloaded for free from the Internet for some other purpose, which also sends information without your knowledge from your computer to third parties whenever the computer connects to the Internet. Generally speaking, this information is benign information about web surfing habits not linked to you personally, but that need not always be true.

4) Adware - Adware is like spyware, but with one legal difference - the computer owner probably agreed to it being installed by clicking on an "OK" box sometime during the installation of the software. There is a rumor that some people, even lawyers, do not read every word of every online or software installation agreement before clicking OK. These programs are usually a feature of software that is free with included advertising and where a registration fee is required for the "ad free" version.

5) Viruses, worms and other malicious e-mail attachments - One of the most important features of the Internet is the ability to send e-mail with file attachments. A five hundred page contract may be sent across the country or around the world instantly and at no cost. This also means that every computer program designed for naughtiness can also be attached to an e-mail. If you are not aware that sending out infected e-mail attachments is the primary method that most computer viruses use to spread to other computer systems, then you should be.

6) Port probers - Ports are, in fact, non-physical openings from your operating system to the Internet. Ports are reserved for certain tasks. They are needed to do certain operations. Still, the design and use of ports by Windows seems questionable. One writer noted that Windows XP Home Edition ships with five ports open, even though the services run by these ports are meant to be used in a network environment, not the single computer environment that is intended for the Home Edition. It was one of these open ports that was exploited by the Blaster worm. In addition, there are programs used by hackers and hobbyists that randomly check for open ports on other computers connected to the Internet. You might consider this the equivalent of walking down a street at night trying every door to see if it is unlocked. Nothing bad may happen at that particular instant, but you hate to be added to the list of "unlocked doors."

7) Hackers and other strangers - There once was a time when "true" hackers reacted strongly to the idea that they were wrongdoers. They just checked out things that was open on the Internet and often gave valuable advice to Web site designers who had left open some vulnerability. Hacking into someone else's computer is now by definition a crime and most of the time, the goal is stealing credit card numbers or other valuable information. The Internet is largely about improving the connections between people, which is great if your sister moves to Taiwan. But sometimes, while having a vigorous debate in an online forum, some behave as if these were not real people that they are insulting and disparaging. One need not do anything wrong to become a target. Finding oneself as the victim of a hacking or an identity theft or a cyberstalker can be scary and dangerous. Children obviously have to be taught safe Internet use rules.

So, let's discuss how to improve your ability to surf and use the Internet safely.

First the Problems, Now Some Suggested Solutions

It is certainly not the intention of this author to scare every reader into permanently disconnecting their computer from the Internet. First of all, most use the Internet regularly without suffering much impairment from any of the problems listed above. Secondly, for most lawyers, the use of the Internet is just about a business necessity. From e-mail transferring of files to free legal research on OSCN.net to easy access to a vast array of federal government regulatory information available for free, there is much online to make a lawyer's life easier and to help the lawyer serve clients better.

There are a few general suggestions to better secure and protect your computers. These rules often relate to more than one of the problem areas listed above.

The Basic "Rules of the (Cyber) Road"

1) Back up your data - Hackers and drive-erasing viruses are not the only threats to your data. Hard drives are like automobile tires. Drive them long enough and they will go flat on you. It is absolutely critical to guard against the loss of the irreplaceable data that resides on your computer network, from the hundreds of previously drafted documents to the data in your calendaring, billing and case management software. If you lost huge amounts of this data, the results would be devastating to your law firm. Just imagine paying someone to redo all of your word processing forms or to correct the results from scanning them all. The best backup is a complete backup that can be restored to a new hard drive. But using a CD burner to make quick copies of all documents and data files (and taking a CD home frequently) keeps your practice data from being "wiped out." Tulsa attorney Ken Bodenhamer says that he just replaces his hard drives with "newer and better" drives every sixteen to eighteen months. "That is a whole lot better than waiting for it to crash, because it will crash, and then I have to go through the pain of restoring," he says. "They are too inexpensive now to worry much about the cost of replacing them." Of course, he still continues to do his daily and weekly back ups.

2) Protect your passwords - "Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months." (This witty techno-safeguard is attributed to one Clifford Stoll by many Web sites.) Your password to your computer and various online services is the key to the information. Try not to lose that key and, when you do have to share it with another, change it immediately thereafter. Use long passwords containing a mix of letters, numbers and some other characters. (This summer a group of Swiss researchers published a paper outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such passwords to an average of 13.6 seconds instead of over 100 seconds. Sticking in symbols that are neither number nor letters greatly guards against crackers.) It is OK to use the same password for inconsequential services, such as online newspaper registration, but never use the same password for critical services like your Internet service provider or online banking provider.

3) Patch your software - Every type of software has service packs and updates, it seems. But the critical ones are the software from Microsoft- with the patches for Windows, Outlook and Internet Explorer. We will discretely avoid the often asked question of why there are so many updates needed and why software is released with so many flaws. But you have to patch, particularly when there is a critical security patch released. Blaster exploited a flaw for which a patch had been available online for free for some time. Some lawyers have reported horror stories from patches and it is important to back up everything before applying a patch. But the bottom line is that there is little choice. You have to patch. (You do not have to install every patch, however. I routinely avoid foreign language updates, for example.) If you have not done this for a while, then do a backup and head to http://windowsupdate.microsoft.com/.

4) Virus protection - You have to have this, which means paying for it when the free period of protection on your new computer runs out. Install it, learn about it, set it to scan every e-mail and then make certain it is updated regularly.

5) Firewalls - A firewall sits between your computer and the Internet and keeps bad things from coming inside your system. Firewalls may be physical (a box) or only software. They are somewhat of a pain to initially set up and administer. If you work in an organization large enough to have technology staff people, they have probably already set up the firewall for you. Ask them. If you know you do not have a firewall, then first go to http://grc.com and visit the link there for Shields Up! There is a free service there to probe your ports and see how vulnerable you are. The software offered there is free for personal use and very reasonable for business use.

If you want to learn more about firewalls go to http://directory.google.com/ (or your favorite Internet directory) and click computers - security- firewalls.

6) Use more than one e-mail address. Sure it can be a bit confusing at times, but if you post in many online forums, participate in vigorous discussions online, list items for sale on e-Bay and place bids, enter into online contests or generally find yourself typing your e-mail address into web pages frequently, it probably makes sense to use a separate e-mail address for all of that activity. That address is sure to receive much more spam e-mail plus legitimate vendor offers. Having all of those materials in a different inbox than your law firm e-mail account will be a good thing. Hotmail and Yahoo, among others, provide web-based e-mail accounts, for free or a small monthly fee. Many Internet Service providers allow you to set up more than one e-mail address for your basic monthly service fee.

Bonus Tip to help with alternative e-mail addresses - Use your free lawoklahoma.com e-mail account. 
The Oklahoma Bar Association provides each of its members a free web-based e-mail account, with an address of Your.Name@_LawOklahoma.com. (Since that one includes your real name and infers you are a lawyer, you probably do NOT want to use that one for the "spam-friendly" address noted above.) This account is protected by an antivirus solution that is updated hourly and a Spam blocker that is constantly being adjusted to block the latest onslaught of unsolicited e-mail. You also have the ability to setup your own filters to further protect your inbox from viruses or Spam. You can access your web-based e-mail account by signing on to OBA-NET or you can elect to have e-mail to your lawoklahoma.com address forwarded to your normal e-mail address. Enhanced e-mail options are available through the OBA-NET Bronze, Silver and Gold packages at reasonable annual fees. OBA-NET premium e-mail options include the ability to check this account's e-mail from your favorite e-mail client (Outlook, Netscape, Eudora), from any Internet browser, or from any WAP enabled wireless phone.

For a valuable white paper on Internet security for the home user or small office from the Internet Security Alliance see, http://www.isalliance.org/resources/papers/ISAhomeuser.pdf.

More Solutions

Now, let's cover some suggestions for coping with the problems and dangers outlined earlier.

1) Pop-up ads

There are several pop-up ad blockers. But consider this warning first. Not all pop-ups are bad. In fact, the OSCN uses pop-up technology in its Web site. So after you install a pop-up blocker, you may have to spend some time telling it that pop-ups from certain Web sites are approved and should not be blocked. PopUpCop 2.0 for Internet Explorer and AdSubtract 2.5 currently get the best reviews at Cnet.com. Both are commercial packages, although there is a free version of AdSubtract with fewer features.
Bargain Special - For those of you who hate pop-up ads, but don't want to pay to get rid of them, try downloading the Google Toolbar version 2.0 from http://toolbar.google.com.  You should already be using the Google Toolbar for other things and the newly released version 2.0 now includes a pop-up blocker getting great reviews. Sorry, but this only works for Internet Explorer users.

2) Spam

Spam has been the subject of Congressional hearings and much debate. E-mail users waste literally thousands of hours each day deleting the numerous junk e-mails that flood their inboxes. It is annoying and a drain on our national productivity.

There is only one long term solution to this problem. Never respond to spam and never buy anything from a spammer. These lowlifes simply do not care if they inconvenience and annoy millions of people if they can generate a dozen sales. Good luck to our government authorities as they try to cope with this growing problem, but we must do our part by not supporting it in any way.

There are several commercial software packages that assist in blocking or removing spam. Spam has been the subject of many discussions on OBA-NET. I personally have no experience with any of the software. Cnet.com reports that SpamCop requires more technical expertise than McAffee.com's SpamKiller or SpamAssassin, which are standalone filtering applications. McAfee bought SpamAssassin early this year so there should be a combined product soon.

Spam filters will let a certain amount of spam through despite your best defenses and also will inadvertently block some legitimate e-mail, which should be a major concern for lawyers.

Bargain Special - In addition to our LawOklahoma.com e-mail with spam filters included, you can set up rules to reduce dealing with spam in your own e-mail client (Microsoft Outlook or Outlook Express for the majority of you.) For example you could set up a new folder called Spam Inbox and set up rules that say any e-mail containing certain words would be immediately moved from your inbox to that Spam Inbox. Some suggested words might be refinance, Nigeria, Viagra, or winner, depending on what type of spam you receive. (I'll let you pick out the keywords for filtering the porno spam on your own.)

Then you can check the Spam Inbox once a week or so for any familiar senders before deleting it all. Sometimes you will find that a legitimate e-mail has been moved there because someone has said something like "I got ten spams for Viagra today" in an e-mail to you. But overall this technique saves time, allowing you to mass delete most of the spam once or twice a week.

3) Spyware and 4) Adware

As noted previously, some of the pop-ups ads you encounter may be generated by something that has installed itself on your computer. These products range from Gator, a password organization and recall service that makes it very clear before you install the software you will be seeing pop-up ads in return for the freebie to the widely hated Xupiter, which can hijack your browser after one visit to their Web site. The company claims to install only after permission, but many consumer reports dispute that claim. Once you get stuck with Xupiter, manual removal is difficult and most will have to download a professional program to get it totally removed. There are sets of instructions for removing Xupiter online. In fact, typing the words adware and spyware into search engine Google will return many results. Other products that report on your net surfing habits to others include the Comet Cursor and Weather Bug.

Bargain Special - The state of the art programs to remove these programs from your computer include many that are free. You can download Spybot Search & Destroy at http://www.safer-networking.org. This product gets rave reviews and is listed as the best by many web sites discussing spyware. Don't be surprised if dozens of programs are identified on your system by Spybot S & D. Another product is Lavasoft's AD-aware - a free utility which detects and removes many adware products. This product also gets great reviews. I used it to free my computer when my son surfed into Xupiter. There are more advanced versions for purchase, but I have been happy with the free version.

5) Viruses, worms and other malicious e-mail attachments

You can get software to do just about anything on your computer. Therefore when you click on an e-mail attachment and run the program, it can do just about anything. Without intending to do so, you have given the green light for the program to install spyware, invade your address book and start sending out e-mail to your friends, set up a Trojan that will allow others to remotely access or run your computer or just format your hard drive, leaving you with nothing on your computer.

The vast majority of computer viruses and worms are spread by the simple act of clicking on an attachment to an e-mail. Therefore the majority would be stamped out if all computer users would just think before they click.

The Internet Security Alliance proposes the following analysis, which they call the KRESV tests.

"The Know test: Is the e-mail from someone that you know?

The Received test: Have you received e-mail from this sender before?

The Expect test: Were you expecting e-mail with an attachment from this sender?

The Sense test: Does e-mail from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense? For example, would you expect the sender - let's say your mother - to send you an e-mail message with the Subject line "Here you have, ;o)" that contains a message with attachment - let's say AnnaKourni kova.jpg.vbs? This message probably doesn't make sense. In fact, it happens to be an instance of the Anna Kournikova worm, and reading it can damage your system.

The Virus test: Does this e-mail contain a virus?"
- http://www.isalliance.org/resources/papers/ISAhomeuser.pdf 

Of course for one to try to know if an attachment has a virus one must install and use an anti-virus program. We also know that the current crop of viruses are able to insert a bogus sender e-mail address, so even though the message says it is from your best friend, it may not be either from him or his computer. Buy virus scanning software, use it to scan all of your e-mail and update it regularly.

Perhaps most importantly, do not routinely click on unusual file attachments even if they pass your virus scanning. There are new viruses being released. Wait. Visit Symantec's great virus warning page at http://www.symantec.com/avcenter. Be aware of the type of file attachment. The SobigF virus was spread across the world because people clicked on a PIF file attachment. That is one with a file name ending with .pif. Savvy e-mail users knew long ago that this was a very dangerous type of attachment and not one that should be automatically opened.

Here's a list of potentially damaging file name attachments. It is very unlikely anyone would send you a file in any of these formats anyway (except MDB.)

ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP JS JSE LNK MDB MDE MSC MSI MSP MST PCD PIF REG SCR SCT SHS URL VB VBE VBS WSC WSF WSH.

Most legitimate file attachments will be in one of a few formats with an easy-to-recognize extension: Microsoft Word (.doc), WordPerfect (.wpd), Adobe Acrobat (.pdf), Excel (.xls) or images (.jpg, .jpeg, .bmp or .gif.) There are several other common file types. But the point is if it is not one of the extensions you are familiar with, then it is time to pay attention.

A few years ago I wrote an article for the Oklahoma Bar Journal called "Keeping Computer Viruses at Bay." It is online here and still contains appropriate advice. (You can find all of my previous Oklahoma Bar Journal articles online by going to www.okbar.org,  clicking on Management Asst. and then scrolling down and clicking on "articles.")

The final point on the dangers of e-mail attachments is that you are not the only source of danger. Make sure everyone with an e-mail account at your office understands the danger and procedures. It might even be that some staff are prohibited from opening any attachment besides PDF or word processing documents without getting approval first.

6) Port Probers

See discussion of firewalls above.

7) Hackers and other strangers

Generally speaking, the areas of greatest potential catastrophe involves cyberstalking and identity theft. These are criminal justice matters and outside the scope of this article. The U.S. government's central Web site for information on identity theft is www.consumer.gov/idtheft.

Just remember that everyone is not who they say they are online. The Internet is a great source of information. When you choose to share your personal information with someone, make certain you know why you are doing so.
Be safe and practice safe computing.

Originally published in the Oklahoma Bar Journal September 6, 2003 - Vol. 74; No.24
General Public
Bar Admission
Lawyers Resourcess
Ethics & Professionalism
CLE
Legal Research
News and Events
Oklahoma Find A Lawyer
my okbar
Copyright © 2008 Oklahoma Bar Association
P.O. Box 53036, 1901 N. Lincoln Blvd., Oklahoma City, OK 73152-3036
Phone (405) 416-7000; Fax (405) 416-7001		 web@okbar.org
Disclaimer
OBA-NET