Sunshadowz Logo banner

Email Security

Main Menu

Firewalls

Antivirus

Intrusion Detection

Spyware

Data Encryption

Home

KimEase Tec-Hop Computer Services

KimEase Tec-Hop
















Email

Email is a wonderful tool primarily due to the speed of transmission and quick communication. It opens up a world of communication that was inhibited previously by manual letters, which were an effort to mail and in transit too long.

There are certainly pros and cons to having email as it has now given you yet another task to perform in your already multitasking life. I know that if I don't check my mail for a couple of days it takes forever to catch up due to accumulation. The pros, of course, include instant communication with colleagues, friends and family. You can now stay in touch with those people residing in other parts of the city or world. You are also able to handle any important business in a timelier manner without the wait of traditional mail or the expense of courier. The downfall of email is that you are dependent on the reliability and security of your server. I have had many servers in the past few years and not all of them are as problem free as they would like you to believe. Many emails never arrive at their intended destination for various reasons but considering the volume of emails sent every day the efficiency is still very reliable although not as secure as traditional mail. Another negative impact with email is being inundated with commercial propaganda or being spammed by telemarketers. Email is just as susceptible, if not more, to junk mail as it costs less than conventional mail, email addresses are really easy to obtain and the message gets delivered quicker if not immediately. Both invasion of privacy and the spread of computer viruses, which I will get into, are ever-increasing concerns with email use. Another important point that I need to stress is that email can be read by anyone either purposely or accidentally so be cautious when sending confidential letters or personal information. As email passes through the Internet, which is a global system of networks, it can be intercepted by anyone with interest and/or the right tools. Email is delivered by passing through many computers before arriving at its final destination. In order to ensure privacy, when sending sensitive data, you must encrypt it first. Encryption is the process of making data unreadable for viewing by unauthorized persons. The data travels through the network from sender to receiver scrambled. When it gets to its destination, a key or special password must be used to open and decipher it.

Email security and privacy are hot topics. As the popularity of Email has risen so has the spread of computer viruses. The most popular means of spreading viruses is through email attachments. It's really hard to understand what pleasure people get in creating and passing along these viruses which have the capability of looking at personal information stored on your hard drive or completely crashing your system. Viruses are a real problem so all computer users are forced to protect their systems just like they put alarms on their vehicles and homes.

I am not new to computers, as I have been programming since the age of 14. However, the Internet explosion did bring about an increasingly unfortunate side to using the web and email, which is computer and data security. I began reading articles on the subject of computer security and developed a genuine interest in the subject so I furthered my knowledge through University courses. The Internet also offers a wealth of information and there are also some great books out there authored by security experts. A couple of my favourite sites and especially great for beginners are Fred Langa who writes an amazing weekly column and Steve Gibson's security Research sight . As a general rule of thumb, I keep my antiviral software up to date at all times. I have also implemented layering protection by using a firewall, intrusion detection, encryption, update Windows Security Patches and spyware detection and removal appz.

One of the biggest misconceptions that I have stumbled upon, while discussing computer security with friends and family, is that once antiviral software is installed, all updates are automatically done, this is not always the case. Please check with your antiviral software vendor to be sure. After your software has been installed on your PC, it must be updated regularly with new definition files available through the vendor of your software. If this is not done automatically then you must manually perform this task. The process is quite easy once you've done it a few times. Usually there is an update manager built right into your software's control panel. The control panel is responsible for helping you manage tasks and customize your settings. This is where you can tell the software either to automatically check for updates and/or download updates manually. The control panel will also provide you with details about the software license, version number and date of your software, the virus definition number and its corresponding release date. You can also get the latest signature files by visiting your vendor's website and following their downloading instructions.

One major pitfall for users is opening mail thought to be from a trusted source. Just because you know a person, do you really know the person or origin of the email that was just delivered to your inbox? There are a few reasons to be cautious. I started asking friends and family who send me regular emails with attachments whether or not they update their antiviral software regularly. To my horror and disbelief, only a few claim to diligently perform this task. The others either don't use it, don't know how to update it, or think that it's done every time they boot up. Users who aren't conscientious with updating their antivirus, not only risk their own machines, but also every hard drive attached to every email address contained in their personal address books. This domino effect is the primary reason that computer viruses spread so quickly. The first place a worm looks is in an infected users address book where it then replicates and mass mails itself to all addresses found in the book. All of a sudden a serious game of Pac-Man begins as the virus searches out more unsecured computers and eats up more unsuspecting email addresses. This is where the trust part comes in. Many times but not all, you will receive this virus-laden file from an address that you recognize purposely as you are more likely to open it up. If your antivirus is not totally up to date or perhaps it's such a new virus that you don't have the protection yet then you will fall victim to it as well. In the case of a known address, the sender could have contracted the worm and it has mass mailed itself to all users in the affected address book or the person has sent you a legitimate email unaware that he or she has a file infector virus which has contaminated all attachments being sent by the them. However, sometimes the person that the email appears to be from is not the case either as it's really easy to spoof or pretend to be another user online by using that persons email address. I always scan all email that I send and receive first. I also don't open anything that I wasn't expecting or I have my suspicions about. If you're using Outlook Express, disable the preview pane as viruses don't only arrive in attachments anymore and just displaying the email will activate them. In my opinion, anti-virus software is only 99% effective due to the fact that viruses are created in volume on a daily basis. This leaves you with a 1% chance that the software companies may not know about a certain virus that is already in your mailbox. When in doubt and I'm trying to make that important decision whether to open it or not, I try another little trick using Outlook Express. I highlight the sender's address, right click on properties, then select the details tab. Look at the return path, does it match the senders address on the email? For obvious reasons, viruses don't want to go back to the spoofed email account to make them suspicious but to the mother ship or at least a well-disguised mother ship to report their victory. If the two addresses look totally out of sync then I toss it. The return path email address may be totally legitimate as I also, on occassion, send email myself showing my web account email but have the return path send it to my POP (post office protocol) or permanent ISP account. When in doubt, it's best just to delete it.

Another tool that I have tried and really like is a program called MailWasher. This effective little program offers great spam control while also alerting you to possible viruses. The way it works is that instead of initiating Outlook Express to check your mail server, mail washer will perform this task. Before the mail is downloaded on to your hard drive, MailWasher will provide you with a listing of the email you have. Mailwasher then interprets the status of each email as possible spam, virus or normal. You are also given the address it was sent from and file size to help you make your decision. You can then choose whether to bounce, blacklist, delete, view the headers or report it as spam to your ISP before downloading it to Outlook Express or similar mail program. It just gives you back a little control and the ability to make some choices. This software is very easy to setup and use. The best thing is that it provides you with that extra layer of security protection. I have tried many spam blockers and this by far has been the best.

Privacy is another important issue with email as many jokes get passed and forwarded from machine to machine. Have you ever received an email where you are only one of the numerous addresses that the email was sent to? Of course you have, everyone has. These jokes, virus hoaxes or chain letters are sent out with absolutely no regard for anyone's privacy. Don't get me wrong; I don't blame anyone for sending these mass mailings, as there are many users who just don't know any better and it can be all in good fun. Let's face it; many users had no prior computer experience and solely purchased computers due to the popularity of the Internet. That's partly why I am here; to help educate these and more advanced users in security practices. When this happens, you have no control about who has ended up with your email address as the joke has been forwarded onwards many times. You know the ones...FWD>FWD>FWD>FWD in the subject line!!! Many of these strangers have their address books set up automatically by default to add all addresses that are received to their address book. You really have no idea who has added your email address to their address book so if these unknown users happen upon a virus then guess who will be getting it sent to them next? You...the trusting soul you are and you'll have no idea why this virus was sent to you in the first place or even where it originated. Imagine if it was your home address or telephone number being forwarded to all these strangers? OK, it's not that bad but it should give you incentive to sign up for a free webmail account instead of giving out your permanent Internet Service Provider email account. It's much easier to cancel or change the webmail address in case your email address gets into the wrong hands of spammers, crackers or worse. One way to protect the people in your address book is by creating an "undisclosed recipients" group in your address book. By doing this, you only forward the subject of the email and not everyone in your address book. The following information, which I found through www.cyberwalker.net, will help you set up your address book if you're interested: In your e-mail program, go into your address book and create an entry called "Undisclosed Recipients." Assign your own e-mail address to the entry. Then create a new e-mail and in the "To:" field type "undisclosed recipients." Your e-mail program will pull the entry from the e-mail address book and address the message back to you. This is like sending the e-mail to yourself. Then use the Bcc: field to enter all the other e-mail addresses you want to send the e-mail to. Bcc means, "blind carbon copy." The addresses in this field will receive a copy of the e-mail message, but anyone who receives the e-mail will not know who else received it. That information is not included in the header (the technical addressing information) of the e-mail message. It may be tricky to find the Bcc field in some e-mail programs.

  • In Outlook Express, create a new mail and click the View menu and then select All Headers.
  • In Netscape Messenger, create a new message. Enter the To: address. Click the blank line below that. Another "To" will appear below the first. Click it and a menu will drop down. Click Bcc:, Then enter your Bcc e-mail addresses to the right of it.
  • In Outlook 2000, create a new e-mail message. Click View, then click the Bcc: item in the menu to display that field.
  • In Outlook 2002, create a new e-mail. Click the "To:" field next to the address field. A grey box will pop up. Select your Bcc recipients and click the Bcc button to the right.

    • I think that email is a great means of communication and blasts the socks off conventional snail mail. It's quicker; more efficient and used cautiously it reaps very positive benefits.

    Google


    Top