header
 
Creating Opportunities for All
 

 

Pop-ups, spam: The Flip Side of E-mail

 

 

Spam, spyware, adware :


By now, these terms may seem familiar, and likely you have already encountered them on your computer. These days, they are as common to computers as your steering wheel is to your car. But what exactly are these unwanted and annoying culprits of the Internet world? How do they work their magic, and why are they so prevalent? Better yet, how can they be prevented and stopped? Let's take them one at a time.

   Spam : This is described as unsolicited email sent to your email account or newsgroup for commercial or malicious purposes. It is also referred to as junk mail, and is officially known as unsolicited, commercial e-mail, or UCE. Recent studies estimate that 50% or more of today's email is spam. AOL estimates it receives 500 million spam emails per day (PestPatrol, 2003).

 

Okay, so just how do they get my email address and why is there so much of it?

 

The reason spam has become so prolific is that there are more spammers sending ever more spam in ever more creative (and automated) ways, such as by using intriguing subject lines to get you to open their messages. Unfortunately, there must be some people in the world somewhere who respond to the spam, or the spammers wouldn't continue their chicanery. Spammers can subscribe to mailing lists, which sometimes give them access to the addresses there; they can collect addresses from public online directories and web-sites; and addresses can be purchased from non-legitimate as well as legitimate mailing lists and Usenet postings. A newer trend for address collection involves spyware (see below).

 

How can I prevent spam?

 

Email filtering options, while becoming more sophisticated, still cannot catch everything in an open email system, such as the one used at Olympic College or by your own Internet Service Provider. Short of not using email at all, there is currently no way to totally eliminate spam. But, here are some things you can do that may help reduce spam:


•  Use a secondary email address If you visit chat rooms or need to place your address on a membership directory, consider not using your private or business email address. Instead, generate a secondary address that you do not care as much about and can use for more open communications.


•  Do not reply to the spam message  This is true especially if they invite you to unsubscribe to their spam. By taking this action, you actually verify for them that your address is good, and it becomes more valuable to them. They may then sell your address to other spammers, which will in effect increase the spam you receive. Note, some unsubscribe options are legitimate. Consider the source before you elect to unsubscribe to a mailing. If you are on a mailing list from a company that you work with, which you trust, and for which you have a telephone number, unsubscribing is probably the best way to get off their mailing list.


•  Consider using junk mail folders built in to many email applications, such as MS Outlook. These can be somewhat effective, since they will act as additional filters for the junk messages. However, spammers regularly change their own addresses and subject lines, so filtering for specifics becomes a hit and miss game.


•  Some good advice is to simply delete or ignore the messages as they arrive.

 

Spyware : Spyware is a software program that covertly installs itself on your computer and sits in the background monitoring your Internet activity.

 

This sounds like bad stuff; how does it get on my machine in the first place?

 

Spyware most often comes packaged with software that is freely downloaded from the Internet (also known as freeware or shareware). This adds impetus to the saying that ìthere is no such thing as a free lunch. Since software makers must pay for their services somehow, they partner up with agencies that specialize in Internet advertising. Spyware's job is to report back to headquarters just where you have been surfing. That information is worth money and there are plenty of companies willing to pay for it. Once they've got your profile (i.e., your interests), they are happy to send you friendly pop-ups (see adware below) to remind you about why it is such a good idea that you spend money on their products.

There are also Web-sites that will deliver spyware to you by simply browsing to them. These are disreputable sites that use browser vulnerabilities to distribute software via the browser. Not to sound too scary, but there is a growing trend with spyware that has even more malicious intent behind it. These programs read keystrokes as they are being typed and look for passwords. The keystrokes are collected even before they are submitted in encrypted form and are reported back to headquarters. One such spyware application is downloaded from a pop-up ad targeted at certain banks. When users visit their bank's site, the pop-up appears in the browser, and when the user clicks close the spyware installs itself on the user's workstation where it begins logging your keystrokes (techrepublic.com/5102-22-5252997.html).

Yet one other insidious job of the spyware application is to collect email addresses. Once it is on your system, it can locate your address book and send it back to headquarters, thus linking spyware with spam.

 

Ugh! What can I do to find out if I have spyware on my machine and how do I get rid of it?

 

Look for new toolbars in Internet Explorer that did not use to be there. As mentioned above, you will see an increase in pop-up ads--even without Internet Explorer running! Also, you may observe noticeable performance degradation (a.k.a., slow as a slug) to your machine. There are methods for detecting and removing the spyware, but they are often extensive and do not always remove all of it. Prevention is the best medicine. Avoid downloading freeware or visiting sites that are already questionable in reputation. If you receive a pop-up that you aren't sure about and you do not feel comfortable clicking the close button, try instead pressing CTRL-ALT-DEL on your keyboard and end task for the pop-up. Many anti-virus companies include spyware detection in their packages as well. Lastly, there are utilities you can run on your machine that will scan for spyware and will notify you if they find anything, similarly to the way viruses are treated.

 

Adware : Adware is advertising software that installs itself on your machine and sends regular pop-ups to you while you are using your computer.

 

Like spyware, adware is covertly downloaded to your machine so that it can appear in friendly, nagging pop-ups. Often, the ads themselves are placed somewhere on your computer. Most commonly, adware comes packaged with freeware or shareware when you download these to your machine. You likely had to sign an agreement of some sort to use the software, and most likely, buried somewhere on page 52 (or thereabouts) of the document, lay verbiage explaining your acceptance of the adware on your machine. Just as with spyware, some Web-sites will deliver adware to you using the same browser vulnerabilities as what are used with spyware. Unlike spyware, adware does not report back to headquarters. However, it is not uncommon for adware and spyware to work together in order to deliver the most meaningful ad pop-ups to you. Because of this, adware and spyware are terms often used interchangeably.

  The methods for detection and removal are similar to spyware. Prevention again is the key to good computing and to keeping your machine healthy. Spyware and adware fall into a group of applications known as malware.

 

So, how does OC handle these issues and what are we doing to prevent or reduce their occurrences?

 

We employ three levels of spam filtering at Olympic College.

 

•  Our MS Exchange server, which handles the processing and storage of email at the college, runs a product called Intelligent Message Filtering, or IMF. IMF analyzes each incoming message using what are called heuristics and assigns a special number rating to it. This number determines whether the mail will be delivered to your inbox, your junk mail folder (for Outlook 2003 users only) or to a non-delivery mail folder on the server.

 

•  We have an anti-virus product called GroupShield on the server. This performs file    attachment extension filtering, subject-line key-word and some content filtering primarily for viruses or malware. See below for the list of file extensions we filter on.

 

•  Another tool offered by MS Exchange and which we use here at the college is domain and name filtering. This checks for specific Internet domains, like Disney.com or oc.ctc.edu, and filters out known bad sites from sending messages to us. It also checks for specific email names (what comes before the @ symbol) and filters out known bad ones.

 

Additionally, if your machine is struck with spyware or adware, we have utilities we can run on the machine to scan for and remove them. In this case, we send a technician to the user's machine (most often because he or she has noticed a large amount of pop-ups continually appearing) to systematically run the utilities. The process can be very labor-intensive and time-consuming, and unfortunately it does not always work to completely remove the malware. Any time you have a question about email issues, please contact us at the Help Desk.

Olympic College | 1600 Chester Avenue | Bremerton, WA 98337-1699 | (360) 792-6050

Click here for current closure/delay information or to review emergency operating procedures.