While viruses and spam continue to proliferate, they have been joined by two emerging threats: spyware and phishing, according to the September issue of Consumer Reports (CR), which takes an in-depth look at the state of online security.
“For now, keeping spam out of your life requires setting up a fortress around your computer with help from your Internet service provider and spam-blocking software,” said James Guest, president of Consumers Union. “While consumers are busy protecting themselves, service providers and the software industry have work to do.”
On January 1, 2004, the first US federal law regulating junk email, the CAN-SPAM Act, went into effect and has resulted in a few prosecutions of people charged with spamming by the Department of Justice. But a CR survey of 2,000 email users indicates that the new law hasn't reduced spam yet. In fact, most people who received spam in the previous month said it outnumbered legitimate messages.
– 69 percent said half or more of their email was spam
– About 55 percent said they received pornographic or other objectionable material
– 47 percent said they were receiving more spam three months after CAN-SPAM went into effect
To avoid spam, Consumer Reports recommends that consumers:
– Don't buy anything promoted in a spam message
– Don't reply to spam or click on its “unsubscribe” link
– Disable preview panels in email programs to prevent the spam from reporting back to its sender
The Consumer Reports tests found that MailFrontier Desktop (Matador) ($30) is a good choice for consumers who want maximum spam blocking and don't mind checking for valid email that was mistakenly blocked. For consumers who prefer to minimize valid email mistakenly classified as spam, while still getting a very good spam blocker, CR recommends Alladin/Mailshell SpamCatcher Universal ($30)
Virus Wars
In the CR survey of households with at-home Internet access, nearly seven percent said they had permanently lost important data files because of a virus, 64 percent said that they had detected a virus on their computers in the past two years and more than 12 percent had found a virus 10 or more times in that period.
The survey also found that consumers aren't doing all they can. Fourteen percent of broadband users don't use a firewall. To avoid viruses, Consumer Reports recommends that consumers:
– Don't open an email attachment unless it's expected
– Regularly update their operating system, Web browser and other major software
– Use antivirus software, updated often to recognize the latest threats
The Consumer Reports tests found that Tend Micro PC-cillin 2004 ($50) and Norton AntiVirus 2004 9.0 ($50) are good choices for consumers looking for full-featured, easy-to-use antivirus programs.
Spyware Sneaks In
In a nationally-representative survey of more than 2,000 households with at-home Internet access, CR found that 36 percent reported that their homepage had been changed — a common symptom of spyware. Spyware isn't a single type of software. The term covers a diverse range of applications. Like spam, spyware is often used by third-party marketers associated with reputable companies whose products they are hawking. To avoid spyware, Consumer Reports recommends that consumers:
– Download and install software only from trusted online sources
– Adjust the Web browser's security settings to the medium or high level
– Use updated antispyware software to scan the hard drive regularly
For maximum spyware detection, Lavasoft Ad-aware 6 Standard (free) and PestPatrol ($40) came out at the top of the Consumer Reports tests.
Phishing: Identity-Theft Spam
Phishing, the sending of fraudulent email that solicits confidential information, such as your password, by impersonating banks or other institutions online, is on the rise. Consumer Reports recommends the following steps to outwit online ID thieves:
– Never directly respond to email asking for personal information
– Questionable messages should be verified by contacting the institution itself
– When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
