Security Choices, Part 4: Complementary Security Software

Introduction

Now that we’ve reviewed the key essentials in security software (firewall, antivirus, proactive tools), it’s time to take a look at some applications that will enhance those basic security measures with additional security and privacy capabilities.

Anti-spam

It’s estimated that more than 80 percent of all e-mail messages are spam. Spam is a major irritant and time-waster; it’s also one of the major vehicles for the distribution of malware, phishing attacks, and other sources of identity theft and financial loss.

Spam peddlers send their bulk, unsolicited messages in the hope that enough people buy what they’re offering to cover their costs. Sadly, that hope is more often than not fulfilled, or they wouldn’t continue to do it. Spammers also seek to steal money by conning recipients into participating in financial scams based on stock appreciation schemes, fake letters of intent, lottery winnings promises, and other fraudulent activity.

Phishing, now a well-documented offense, operates by impersonating bona-fide organizations and demanding log-in or other privileged information to purportedly “update your account”. In reality, any information you supply to such solicitations winds up in the hands of fraudsters who’ve set up fake websites imitating legitimate locations to “fish” (phish) for your money or passwords.

Because many of these attempts to separate you from your money or other valuable information are quite sophisticated, it’s strongly recommended that you use an antispam solution to protect against such scams. Even if you recognize spam and have learned not to react to it, it’s still a major time-saver to have your in-box cleaned of junk automatically. And some spam can even infect your PC without your interaction by automatically executing malicious scripts in the background if your email client or Web browser is not properly patched.

Anti-spam programs use a variety of techniques to protect the integrity of your inbox.

Antispam companies process millions of spam messages per day, adding new spam definitions to their databases as a result of their analysis. So the next time you are about to receive a spam message that’s already included in those databases, it will be automatically deleted or blocked from landing in your inbox by an antispam program that uses those databases. The databases include information such as a spammer’s domain name, message header, body text, attachment names, links, and other data. Users of some anti-spam applications can participate in a collaborative spam identification effort. To do that, they mark messages in their inboxes that they believe are spam, and after enough users have voted on a particular message and unequivocally flagged it as spam, the details of the message are added to the database so that new users receiving this message will have it filtered out automatically.

Another method to catch spam is identifying it according to Bayesian-based algorithms. These algorithms assess the probability of a new message being spam if it exhibits similar characteristics attributable to a known spam message. For instance, if the term “Viagra” or “Replica” is found in a message along with other valid entries, and the presence of those terms strongly suggests the message is spam, the Bayesian algorithm attempts to verify the probability of the entire message being spam and assigns the message a spam score (e.g., this message has a 60% probability of being spam).Then, depending on the user’s sensitivity threshold, this message is either classified as definite spam, suspected spam, or valid mail. This technique helps to block new spam that resembles past spam and also lets a user “train” the filter to his/her personal definition of spam. Software products such as Inboxer (commercial) or SpamTerrier (freeware) use this approach .

Spam can also be classified according to user-defined rules, for example:

• Whitelisting: Consider all messages coming from people listed in the recipient’s address book as trusted. Also trust contacts to whom the user has sent messages in the past
• Filtering based on message encoding: Setting acceptable languages for messages, while blocking the rest
• Keyword lists: Block emails if they contain specific words or phrases, blocking of emails sent from particular domains, or specifying whether a mail can contain attachments and how many

The majority of email clients (Microsoft Outlook, Mozilla Thunderbird, The Bat!) have built-in spam filters. Webmail services such as Google’s gmail have spam filters that process mail at the gateway level. There, too, you can define a variety of spam filtering criteria.

One of the key performance indicators of an antispam program is how many valid emails it erroneously categorises as spam, also known as false positive. The lower the number, the fewer genuine email messages are sent to the junk mail folder. The leading programs manage 2% or less percent false positives, meaning that the chances of losing important messages are slim. And although leading antispam programs can let as much as 15 percent or more spam through to your inbox, it is still a lot fewer messages to manually process.

Detecting graphical spam (spam contained in embedded graphics), document spam (spam coming as a form of a PDF or Word attachment) or voice spam (spam coming as a webcast or MP3 file) remain major challenges for anti-spam vendors to resolve.

Anti-phishing tools

Phishing can be very dangerous, especially if you are one of those people who are “click happy” (over-trusting of links and sites requesting personal data). If you receive a letter that purports to come from a bank demanding that you “verify” your credit card data, you might be tempted to simply do as you’re told. Unfortunately, that’s the most effective way to become a victim of a fraudulent phisher. While the answer to the phishing problem is quite simple and straightforward: ignore messages requesting personal data, as they are almost all illegitimate requests, in reality there’s a need for antiphishing tools in place to protect people from their own actions.

Both Internet Explorer and Firefox have built-in antiphishing tools that will alert you if you are about to access a suspected fraudulent site, and they’re both reasonably accurate. They will protect you against more than 60% of real-world phishing attacks, which is a step in the right direction. The rest of it is up to you, so be vigilant and think before you click.

Web browsing security

As you surf the web, you run the risk of becoming a victim of drive-by downloads that exploit weaknesses in browser software or unwittingly execute malicious Java or ActiveX scripts that silently install malware on your computer. The danger lies in that it requires little or no interaction on your part for this to happen.

There are security programs out there that analyze the locations your browser is pointed to and check whether they are safe before letting you proceed to them. Finjan SecureBrowsing is one of them. Google, too, offers advice on the safety of web search results based on the sites’ track record. Outpost will automatically block access to sites that are known to have participated in malware distribution or botnet activity.

Conclusion

As you can see, there are benefits to be gained from adding complementary protection to your key essentials. What you select is a factor of your personal choice and the level of risk you feel you are exposed to. But don’t forget that the biggest contributor to online safety is your own knowledge, vigilance, and – dare we say it – common sense. Remember – if it sounds too good to be true, it almost certainly is.