Tips & Tricks

Is your computer being put to criminal use without your knowledge?

(rev 11 Nov 2005)

No - I don't mean are the kids up to something behind your back - its a lot more sinister than that - and a very real possibility! Even more so if you have a broadband connection.

Presently 30,000 computer are being recruited (infected) each day as zombies for criminal use - and without proper protection - that could easily include yours. Its a threat that is multiplying.

Whilst applying and keeping protection updated is a chore eating into our valuable time - NOT doing so and getting caught out could have dire consequences and waste even more time. You have been warned.

Adequate protection is available for free - and you should aim at updating your protection profiles each day you use your computer. As a minimum in addition to virus software - you should be running firewalls that protect both incoming and outgoing communications - together with separate spyware detection.

Details of threats and what actions you can take.

e.g. I have on each of my computers:

For virus - free AVG scheduled for daily updates and to do a complete file scan between 2 and 3 am;
Firewall - ZoneAlarm
Spyware - Spybot Search and Destroy (mainly because it includes a secure shredder) - again scheduled to do a complete scan during the night.

I also have an ADSL router with a built-in hardware firewall which helps to protect my whole network from Internet attacks.

Re-occuring Problems

Why do companies publish email addresses but not answer emails? (new 8 Nov 2005)
Are you giving spammers & viruses a helping hand? (rev 24 Jun 2007)
How can I compose offline and use my spellchecker? (new 18 Jun 2004)
Getting rid of the re-occuring Badtrans Virus
Having trouble getting to that internet site or page?
Can't find the expected data or page having reached a site (rev 09 Nov 2005)

Why do companies publish email addresses but not answer emails?

(new 18 Jun 2004)

The most probable reason is that they are overwhelmed with UCE (Unsolicited Commercial Email) otherwise known as Spam or Junk Mail. I have experienced an escalation of UCE this week and my UCE is now running at 150 to 200 per day as an individual. That's between about 54,000 and 73,000 per year - so imagine what a company with multiple email addresses has to deal with - so what chance is there of yours actually being seen.

All is not lost and the most common way of circumventing this is to provide direct mail access via their website by way of a mail form. On submission the various fields are checked for validity - and any errors are flagged for your correction. So do check the companies website for a mail form before complaining that emails are ignored.

As my ISP has no provision for direct mail by form - I've devised my own system for identifying valid emails - and if you click the Mail-Me link above - and you will see how this works. Whilst you are at it - tell me what you think.

If you don't like composing online and prefer to use a spell checker etc. before submission - then see also the following item.

How can I compose offline and use my spellchecker?

(new 18 Jun 2004)

Nothing is more frustrating than to type a lengthy mail online - only to loose the lot just before sending - or having sent - realise there are major typo's! The answer to both of these is to pre-compose your message offline using your regular word processor - spell and grammar check etc to your satisfaction before going online. As an added bonus you can optionally save yourself a copy. This method is also useful when sending lengthy text via mail forms - see item above.

Having composed your mail - go online to the intended mail program - then copy and paste your text into the appropiate field.

The universal short-cut keys provide a quick way of doing this as follows:

Click anywhere on the text to be copied then press Ctrl+A to highlight 'All';
Press Ctrl+C to copy the highlighted text;
Click on the field where the text is to go and press Ctrl+V to paste

Complete the address fields etc and its ready to go. If it fails then you only have repeat the copy process.

Note : This copy and paste method can also be used to grab text from web pages that don't allow printing or copying.

Are you giving spammers worms and viruses a helping hand?

(rev 24 Jun 2007)

Whenever you forward emails to multiple recipients - do you forward it as it is - complete with previous mail header - and Cc the new recipients? If you do - then you are exposing both the recipients and previous recipients (which includes yourself) to a very much greater risk to infection and to spammers. To avoid this - always delete previous mail headers and use Bcc (Blind carbon copy) rather than Cc or To. This results in the To: address list being replaced by undisclosed recipients

How does this help? Whenever a email containing address is stored in a computer mailbox - it can potentially be scanned for thoses addresses - and the more times/places it is stored the greater the chance of it being harvested and targeted by both by worm/virus and by spammers. Remember - many worm/virus releases these days have criminal intent (see first item on this page).

By way of an example I will use an email circulation received last year. Ironically the subject was "In honor of stupid people!". Whilst the copy I received had used Bcc - it still had headers for the previous four sets of recipients.

The earliest repient A forwarded it to 22 people
one of which person B in turn forwarded it to 16 people
one of which person C in turn forwarded it to 11 people
one of which person D in turn forwarded it to 12 people
one of which person E in turn forwarded it to me and possibly other people - but used Bcc.

If each of the people in every set of recipients forwarded the mail to the same number of people in turn - who all forwarded the mail without deleting the previous headers - then number of times recipents A's address is potentially stored on other computers is given by muliplying 22 x 16 x 11 x 12 which is 46,464 times. Even if only half the number forward it on at each stage - the total is still over 3000 - and with that number of computers - there's bound to be several with inadequate protection - thus exposing a number of the above addresses according to where they where in the chain.

The easiest way I have found to edit mails to remove headers etc is to hit reply - do the editing and modify the recpient list - not forgetting to use Bcc. This assumes you have your mail program set to show the original message.

The morale is - if you are one of many repients of any particular email - point out the potential risk to the sender. It is just as easy to click Bcc as Cc. Better still send them this link to this page: http://www.goodconnexions.plus.com/internet-corner.html#bcc

Note: if your mail program (or more likely your ISP) requires a 'To:' field to be present - insert your own address - and as it is already visible its exposure won't be increased. It is good practise to do this as standard as many people have spam filters set to reject mail with "undisclosed receipents" in the To: field. I have!

Badtrans Virus

This tricky virus is quite widespread at the moment - and appears to be the Badtran virus that was prevalent early last year. I have received several copies recently. With this one it is no longer enough - NOT open suspect attachments - as it tricks Outlook Express into opening HTML emails that include binary attachments or embedded code. It is enough for the email to be visible in the preview window for its payload to be activated.

Netscape Communicator is not affected - and it only appears to be able to gain access via Internet Explorer with Outlook Express.

It installs itself in two stages -

- it saves itself in the Windows folder as "Inetd.exe" - and place an entry in the file "win.ini" to run at start-up.
- the next time you start or restart your computer - two files "Kern32.exe" and "Hksdll.dll" are generated in the windows system folder - together with a registry key entry to run Kern32.exe.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=Kern32.exe

What does it do? Well the original Badtrans virus replicated itself by forwarding to the addresses on any unopened mail in your inbox.
But more insidious is that Kern32.exe emails the IP address of your computer to the virus author when online and Hksdll.lll is a key stroke logger - which means anything you've typed in can be transmitted and may include passwords - credit card numbers to say the least.

The last one I received was to an email address that was active in 1999 - so I'm not so sure that this is the same as last years Badtran virus.

The title of the attachment or embedded section is made up of three parts - one taken at random from each of the columns below - giving 90 possible permutations.

1ST PART
fun Humor docs info Sorry_about_yesterday Me_nude Card SETUP stuff YOU_are_FAT! HAMSTER news_doc New_Napster_site README images pics

2ND PART
.DOCS .MP3 .ZIP

3RD PART
.pif .scr

The last one I received had the Subject as "Re:" - it had no visible body text or attachment - but it's file size was 40kb. On looking at it's source code - there was a section


    Content-Type: audio/x-wav;
             name="stuff.MP3.pif"

followed by a block of code - the nasty bit.

Having trouble getting to that internet site or page?

Are you getting 404 Not found or 404 Page not found message after diligently entering a long address?

Understanding Internet addresses - These are much the same in structure as those used by both DOS and Windows for folders and files. (DOS users substitute directories for folders )

e.g. C:\My Documents\Letters\ means sub-folder Letters in folder My Documents on hard drive C

and C:\My Documents\Letters\Dear John.doc would be a file from the above. The DOS equivalent might be C:\MYDOCU~1\LETTERS\DEARJO~1.DOC - this is because DOS restricts folder and file names to eight characters without spaces. I say might because if the letters folder also had a file named Dear Joan.doc then the above DOS filename could be DEARJO~2 - depending on which came first - and so on. I digress but to avoid this - always make sure that the first six characters are different.

If you are on a network then you might see E:\\My Documents\letters ...etc. where the " \\ " (double back slash) shows that drive E is on a remote computer. i.e. not the one that you are working from.
Getting back to the Internet - an equivalent internet address might be http://www.goodconnexions.plus.com/ - which is a special case that takes you to the home page of the site. The name of the home page of a particular site is specified by the ISP. On this site it is index.html as is fairly common - so if you had entered http://www.goodconnexions.plus.com/index.html you would have entered this site at the same page. On the other hand if you had entered http://www.goodconnexions.plus.com/computer-corner.html - you would have enter at this page. It would be this latter address that would be stored if you now bookmarked this page as a favourite. A web page is a file usually with a .htm or .html extension but pages can have other or even no extensions.

In common with PC's as you get more files on a site it becomes necessary to organize them into sub directories (equivalent to sub folders in Windows) in order to better manage and keep track of them. Now if I had a sub directory called widgets - then entering http://www.goodconnexions.plus.com/widgets/ - should list all of the files in my directory widget -
NOTE: to avoid hacking - direct access to directories in this way is inhibited on most sites.
and http://www.connexions.Dabsol.co.uk/widgets/picture.jpg - would display a file from directory widgets .

NOTE: to avoid hacking - direct access to directories in this way is inhibited on most sites.

You should now see the similarities with the Windows/DOS filing system. You should note that a "/" (slash) rather than a "\" (back slash) is used as a separator - not because the internet designers were being contrary - but because that has been the convention since the file systems first evolved - decades before DOS and Windows.

Now the basic web address say http://www.OurSupersite.com/ - gets you to the part of a remote drive that has the files you are seeking. Anything appended to that gets specific content from that drive. If the last character is a "/" - then it is a directory - if none it is a page or image.

There are two other pitfalls to the unwise.

No spaces or commas are allowed but hyphens "-" and underscores "_" are;
Names are case sensitive. i.e index.html is not the same as Index.html

I have found that most problems arise from addresses printed in magazines and newspapers where the column width cannot accommodate the full web address on a single line. Particularly those who use right justification and liberally use hyphenation.

Take for example the following was (but is no longer) a real and valid address:-

https://www.customer-
service.bt.com/fri-
ends_family/owa/best-
friend.who

Now are the hyphens part of the address or there because a word has been split? From closer inspection you can see that middle hyphen fri-end is most probably a split word introduced by the printing layout - while the other two are indeterminate. From here on it would be suck-it-and-see by trying each of the eight possible permutations until one works.

i.e.

https://www.customerservice.bt.com/friends_family/owa/bestfriend.who
https://www.customer-service.bt.com/friends_family/owa/best-friend.who
https://www.customerservice.bt.com/friends_family/owa/best-friend.who
https://www.customer-service.bt.com/friends_family/owa/bestfriend.who
https://www.customer-service.bt.com/fri-ends_family/owa/bestfriend.who
https://www.customerservice.bt.com/fri-ends_family/owa/best-friend.who
https://www.customer-service.bt.com/fri-ends_family/owa/best-friend.who
https://www.customerservice.bt.com/fri-ends_family/owa/bestfriend.who

This is extreem - but serves as an example.

If you are a UK BT customer and want to check and/or change your Friends and Family numbers online. (Its a lot quicker than by touch phone dialing and it appears to be instant).

Update 2 Mar 2001 As of this update - goto - http://www.bt.com/ - then select Friends & Family from the menu in the top right corner - you will need your BT account number from the top of a recent bill to gain access. BT has changed this at least twice since I put this page together & I would appreciate hearing of any other changes.

Generally http:// preceeds a web address. http stands for Hypertext Transport Protocol which is a fairly simple communications protocol that allows links to other documents. The eagle-eyed amongst you may have noticed that my above example is prefixed by https and not http . This indicates that it's a secure server and will require some sort of password - which in the above example is your phone account number.

So when an address fails:-

Check that you have copied it character for character in full without any spaces - included any capital letters shown in the address source - and also that you have used slashes not back slashes;
Check that no commas have been substitiuted for periods (full stops) and there is not a period following the address;

Can't find the expected data or page having reached a site?

(rev 09 Nov 2005)

When a web site is constructed its content in the form of files are uploaded. With exception of the file containing Home Page These files can be accessed directly by name - i.e. http://www.goodconnexions.plus.com/colour-settings.gif

Check that you have entered the address character by character (remembering that these are letter case sensitive) - and do make sure that you have entered the correct file extension. .htm is not the same as .html and another common mistake is to substitute .jpg for .gif and vice versa - particularly if both are types are in use on a page.

Don't assume that because you have reached a site the you can access all the pages as some may only be accessible directly by name - and not linked from the main site - or maybe require a password.

Also if the site uses frames - it is not possible to bookmark them a favourite (without using a few tricks) - and often NOT directly addressable by name. There are two main reasons for this: -

the page may only generated specifically in responce to request you sent by filling a form and doesn't exist as a separate entity.
it is not necessary to name or access pages in the usual way when used in conjunction with forms.

Personally I think when designing web sites - the general use of frames should be discouraged as it increases the load on that web site - by virtue of visitors having to navigate by downloading a number of pages rather than go directly to a specific bookmarked page. This also applies to directories and search engines where there is a need to classify specific pages.

Having said that I use frames in a couple of places in this website where there are sets of sub-pages that should not be viewed or indexed out of context. - e.g. tutorials - and a digital camera review.

Previous Page	Map of This Web-site	What's New?	Contents Page	Mail Me	Continue Circular Tour Two
NOTE: some popup managers prevent the Map and Mailme links working.Set to allow popups from this site.

Previous Page	Map of This Web-site	What's New?	Return to Contents Page	Mail Me	Continue Circular Tour Two
NOTE: some popup managers prevent the Map and Mailme links working.Set to allow popups from this site.

Internet Corner