Monthly Archives: September 2009

Spam and Links in E-mails

The CAN-SPAM Act, a law that sets the rules for commercial emails, includes a requirement to tell recipients how to opt out of receiving future email from businesses. This is why, when you get a commercial email, it is supposed to give a way to stop receiving such emails. Methods can include replying to the email and putting a certain subject such as “unsubscribe” or have it in the body of the email itself when replying, etc. Some emails come with a link that you are supposed to click on to unsubscribe. While in the past this has been a legitimate way to unsubscribe to certain emails, this is now superseded by a more basic rule of email handling, DO NOT CLICK ON LINKS IN EMAILS FROM UNKNOWN SENDERS.

Why? because this is one of the easiest ways to infect your computer. All you have to do is click on that “unsubscribe” link and it takes you to a malicious website that will try to infect your computer just by virtue of accessing the webpage your web browser will land on.

So if you get an email that looks like spam, and you want to handle it, do it in some other way if unsubscribing means clicking on a link. I wouldn’t even bother sending an email asking the sender to stop sending those emails, as that is a known way to harvest valid email addresses for further spamming. Block the sender if you want, mark the email as spam so your spam filter will learn to better recognize it, report it if you wish, but that’s it. Don’t fall for the trick.

The Many Faces of Software Piracy

You’ve probably heard, one way or the other, about software piracy. It is the mislicensing, unauthorized reproduction and illegal distribution of software, whether for business or personal use. Generally speaking, it means illicit use of software that is normally sold to users. While I’m sure many can think about obviously flagrant examples of this – like walking to a computer store and shoplifting a copy of a program you’d normally pay for – there are more subtle ways of indulging in software piracy, and as it gets more and more into what is called the “gray area”, more and more people seem to justify it. I’ll cover some of these in this article.

Sharing Copies

Normally every software program is sold with a specific number of licenses – how many computers you can install it on. Different software companies have different mechanisms to prevent abuse in the form of installing software in more computers than the license covers. However they’re not perfect and some of them can be circumvented. That doesn’t mean it’s legal. Don’t install a program by “borrowing” a CD from a friend. And don’t allow for that to happen with the software you own and paid for.

OEM

The most often misunderstood term when it comes to software, it’s represents one of the most common forms of software piracy. OEM: Original Equipment Manufacturer – For example, when you buy a new computer and get all those CDs with the programs already installed in it – that’s OEM software. It is sold to the company that sold you the computer by the companies that make the software, under specific licensing.  Said licensing has its terms.  For example, when it comes to Windows operating systems, it is supposed to be sold by the licensed reseller WITH a new computer, and it is irrevocably linked to that computer. What does this mean? It means the operating system cannot be sold by itself. It means it cannot be sold with a different computer, than the originally intended one.

In this scenario it is common practice for unscrupulous resellers to sell the operating system by itself. Why? because of the reseller license, they get it at a lower price and can sell it at a lower price than the retail version and still make a profit. It is also easier to install many more copies than one is supposed to.

One of the sleaziest “circumventions” I’ve seen on this happened to a client of mine recently. The client went to eBay to look for a copy of Microsoft Office 2003 to buy. A seller was offering OEM copies of it for about $60. To try and circumvent Microsoft and eBay’s policies on OEM software, the seller would include some generic piece of “hardware” with the OEM software he was selling, and with that interpretation of the policy he thought he was covered. In this specific case the piece of hardware turned out to be a data cable used inside computers. C’mon! How could that be compared to a full computer or hard disk, like it’s supposed to? I informed the client she needed to return the purchase and get a refund, and the seller got reported to eBay.

Key Cracking

This is the most obviously illegal form of software piracy. One of the mechanisms used by software companies to make sure you own an original copy of the software they sell is the use of product or activation keys, a sequence of numbers, letters, or numbers and letters that is to be input during the software installation to validate the installation – make sure it’s legit. This key is normally generated using an algorithm (formula) but it can be cracked by somebody who knows enough about the subject, or who gets a program that does exactly that, created by somebody who knows enough about it. Not only is this completely illegal, but also often times “key cracker” programs and “cracked” versions of programs are available from sources that more likely than not have malware embedded in them, and it’s one of the easiest ways to infect a computer. So if you buy a program from a reseller and you get a CD in the mail with a printout of a product key or a photocopy of the original product key sticker, most likely that key is not legit, whether illegally reproduced or generated with key cracking techniques.

The Maxim

When it comes to buying software (and other things), if it looks too good a deal… it’s probably not legit.

Conclusion

Most users use properly licensed software and are honest. For the minority that don’t, here’s my message to you: Beware. Don’t indulge in software piracy in any form, no matter how justifiable, attractive or tempting; discourage others from doing it and report those who don’t play by the rules. Otherwise it will come back and “byte” you you-know-where.

Computer Security FAQ

1. What is the best antivirus?

Find the answer here.

2. How do I find out if my computer is infected?

Read the signs.

3. I have an antivirus program installed. How come it didn’t catch the virus that infected my computer?

Because you don’t have enough security measures in your computer. How to handle.

4. I think my computer has a virus. What do I do?

Follow these steps.

5. Why would anybody create viruses in the first place?

Find out why.

6. I never click on suspicious email attachments or download programs from the internet. So why would I need an antivirus?

Because.

7. I heard I shouldn’t update my Windows operating system, because it only causes problems. I also heard that those updates are used by Bill Gates to help the government keep track of all the computers in the world and invade my privacy. Is that true?

Yeah, and I’m the Easter Bunny. True data.

Fake Antivirus Programs

Fake or rogue antivirus programs, also called scareware (you’ll see why in a moment), are applications that pretend to detect and get rid of viruses, while actually being malware themselves, or being completely useless other than to scare the user into paying to download or unlock the full version of the “antivirus” to “remove” the “infection” the computer is plagued with.

Be very careful with this, as it is currently the most common type of infection going around – a rising trend. Assuming you have an antivirus solution in place – and I hope you do – know how it behaves and learn to recognize that it is not what is making an alarming pop-up window come into view all of a sudden and tell you there is an infection in your computer, and maybe prompts you to do a scan or simple starts a fake scan with lots of alarming results.

Once you’ve learned to recognize a fake antivirus in action, you have only two valid choices, and I’m deadly serious. The choices are based on your personal knowledge of malware and how to get rid of it. A) If you’re not sure what to do, save any open files, turn off your computer and contact an expert. B) If you know what to do, well, do it!

I’ll tell you what are NOT valid choices though: 1) Clicking on the “OK”, “Scan”, “Yes”, “Download” button that the suspicious window contains, 2) Even clicking on the “X” on the upper right corner of the window to get rid of the pop-up, 3) Entering your personal and credit card information to purchase the “antivirus” so you can disinfect the computer, 4) Ignoring it hoping it will go away and continue using your computer. All those are invalid options.

July 2011 note: Due to some variations of fake antivirus programs that have emerged since this article was originally written, in some cases, part of the removal procedure includes allowing the fake antivirus to perform its fake scan, so that it will allow the next steps in the removal process.

Here’s a list of trusted antivirus software vendors – you can use it as a starting point to recognize the legit ones: http://www.ccssforum.org/trusted-vendors.php

Hope this helps.