Monthly Archives: November 2010

To Scan Emails or Not to Scan Emails, That is the Question

The content of this article might make some readers think I’ve lost my marbles. Regardless, here we go. As most users know, antivirus protection usually includes email scanning. What that means is incoming and outgoing emails are scanned (assuming you use an email client of course, as discussed in this recent article) by the antivirus software installed on your computer, to detect and eradicate any known threats from all emails. So here’s my advice: Turn email scanning off.

First, let me explain why, then I’ll explain the benefits of it.

Let me start by telling you that most antivirus programs have what is call “real-time protection” or “active shield” or some other similar name. In an antivirus, this is a function that scans every file you access in your computer. So when you open a document, a picture, a video, a new program, sometimes even a folder that contains such files, the antivirus scanner function quickly gets in the way and examines the file for anything that would make it be classified as malware, and if the results are positive, the antivirus will take action, the action taken largely depending on what it has been set to do. It might alert you of the threat and ask you for a decision on what to do, or quarantine the file in question, delete it, and so on. If after scanning the file the results for any malware trace are negative, the scanner naturally allows normal access to it. But the point is, providing the real-time protection is enabled, the email scanning function is redundant, for the email scanner will do the same than the real-time protection scanner, but with emails and their attachments, which are after all, just files.

Fair enough, you might say, let’s assume for a moment the above is right; However the more protection the better and so if I get a file scanned twice, there’s no harm in it.

That’s true. Well no, actually, it’s not. And here’s where the benefit part comes in. The truth is, an email scanner is likely to cause a corruption in the files your email client uses to store emails, and that will cause problems with the normal functionality of said client. Ironically, email scanners are more often responsible for inbox corruption in an email client than malware! So when you look at it that way, it doesn’t seem so beneficial anymore, does it?

I sometimes even wonder why antivirus program vendors still sell antivirus software with email scanners. It seems like a vestigial function that somehow is still there even though it’s not really needed and is more or less famous for causing trouble.

So turn off your antivirus email scanner if it’s on. And if you don’t know how to do that, ask an expert for help.

Adobe Releases Newest Version of its Reader, with New Protection

Regular readers have seen several articles in the last few months about different patches, updates, hot-fixes (same thing) in several programs, Adobe’s PDF reader amongst them. This article is not about another one of those patches.

Now that we have made clear what this article is not about 🙂 , let’s take a look at what it IS about. Adobe released, a few days ago, a new version of its reader, version X (latest prior version was 9, get it?). The highlight of this new version is the fact that it incorporates sandboxing capabilities. Sounds good, right? Well maybe, if one knows what in the name of all that is Holy “sandboxing” is.

This article from last year covered the subject. But in a few words, it is a special protected mode. When Adobe Reader X runs in protected mode it provides an added layer of security. In this mode, malicious PDF documents can’t launch arbitrary executable files or write to system directories or the Windows Registry, activities that usually malware attempts to perform to infect a computer.

You can download Adobe Reader X from this location. At this time, users of earlier Adobe Reader versions will not be offered the new version’s download automatically. it needs to be downloaded manually (meaning initiated by the user, i.e. click on the above link!).

To check the status of protected mode, open Adobe Reader X, then choose File > Properties > Advanced > Protected Mode.

Protected mode is enabled by default. If for whatever reason you want to turn-off protected mode:

  1. Choose Edit > Preferences. The Preferences dialog box appears.
  2. In the Categories list select General.
  3. Deselect Enable Protected Mode at startup.

Adobe is hoping that this new version’s handling of vulnerabilities exploits will take  the pressure off  having to constantly issue patches to, well, patch them. I hope so too.

How Does Email Work?

Most people know how it works. You open a new email, put the intended recipient in the “To” field, put a subject, write the email and click on the “send” button. Nothing to it. Or is there more to know about it? Yes, and that’s what I’m here to talk to you about today.

There are two main ways of handling your email, depending on how it is accessed:

The first one is accessing it straight from the web. In this case, the term webmail applies; This is a web-based page that displays your emails, allows you to see, reply to, and compose new emails. Example: you go to yahoo.com, or msn.com, sign in, and thus gain access to your mailbox, right there on the web server that contains them.

The second one is… accessing it straight from the web. But wait, didn’t I just say that? Let me explain. The truth is, the second way could be said to be by using a program installed in your computer that downloads the emails to it and allows you to do the same as what you can do with webmail – see, reply to, compose new emails. Programs such as Outlook, Outlook Express, Windows Mail, Windows Live Mail, Thunderbird, Eudora, to name a few, are examples of the second way – These are called email clients. But the point is, and this is what I wanted to emphasize, all the email client does is access your mailbox in the web to download (receive) and uses the same mailbox to send emails from it. So in both cases, whether displaying a web page so you can see your email on the web or using a program that will access the same information on the web but will download it and then display it on your computer, the web-based email server is used.

So what use does all this information have to the average user?

First of all, it opens the door to understanding some of the “mysteries” related to email. Example: you’re talking to a friend on the phone and he/she says he/she just sent you an email. You use Outlook to receive your email. You check your inbox, but minutes go by and the email is not showing up. Finally, about half an hour later, the email shows up. Where was it all this damn time??? In your web server mailbox. Well then why didn’t you get it earlier? by default Outlook will do an automatic send/receive every 30 minutes. This default value can be changed, but if it hasn’t, that’s how long Outlook will wait between automatic send/receives. So if you don’t force a manual receive, the emails in your web-based mailbox are not going to download by themselves. At least not for up to 30 minutes.

So what exactly happens when emails get downloaded to your computer, whether by a scheduled email run, or by manually causing that to happen? 1) Your email client contacts the web server that contains your mailbox. 2) They say hello to each other, and the web server asks for credentials. 3) The email client must now provide the right username and password to the web server in order to gain access to the mailbox. Once that’s done, 3) The email client compares what’s in the web-based inbox with what’s in your computer email client’s inbox, and thus decides which if any emails are new and need to be downloaded. 4) It proceeds to download the individual emails (at which point you’ll see them appear in your email client inbox) and 5) Normally it will delete the emails from the web server’s inbox. This setting (whether or not to leave a copy in the server of what gets downloaded) can be changed, but that’s normally the behavior by default – deleting emails from the web server that have been downloaded to your computer.

There’s also an email protocol that will behave differently (it will keep in the web server’s mailbox whatever you keep in your local mailbox, and will delete in the web server whatever you delete in your local mailbox). But generally speaking, the aforementioned way is currently the most common one.

Another Handy Tool; This One Will Check Your Whole Computer for Vulnerabilities

Vulnerabilities and programs updates as part of computer security is an interesting subject. Savvy computer users realize early on that patching their computer programs plus having a good security setup (preventive maintenance) is better than having to deal with a malware infection (corrective maintenance) or with a possible resultant data loss or identity theft (just plain damage control). Last week’s article provided readers with a tool to check their web browser for out-of-date plugins that could open the door to hackers exploiting existing vulnerabilities to gain remote control of your computer. This week we’ll move on to a more embracive tool  tool that will check your whole computer for vulnerabilities and similarly generate a report of out-of-date programs in your computer that pose potential security risks with links to newer, more secure versions. This tool is free for personal use. It’s called Secunia Personal Software Inspector (PSI).

Users with Windows XP installed in their computers can download it by clicking on the following link:

ftp://ftp.secunia.com/PSISetup1501.exe

Users with Windows Vista or Windows 7 can download it by clicking on the following link:

http://secunia.com/PSISetup.exe

Warning: Use judgment when updating the versions of your different programs. Given the individual configuration of computers, sometimes a newer version of a program might present a problem that did not exist before. Example: I recently tried to update Skype in my laptop. The newest version of Skype did not recognize some of the hardware I was using for audio recording/playback. Had to revert to the earlier version and wait for a future version that will fix that bug. Moral of the story is either be able to use judgment and undo what you update as needed, or have an expert available to help if needed.

If you so wish, once you have scanned your computer and brought all the programs to their latest version, you can uninstall PSI.