Tip of the Day

The Ten Commandments of PC Security
 
Fight off nasty viruses, worms, and Trojan horses by following these simple rules.

Daniel Tynan
Wednesday, October 29, 2003

And it was written (by Bill Gates, et al): Thou shalt use a Windows PC to do thy work and it will be good.

But Windows computers are vulnerable to plagues of biblical proportions: viruses that bring down entire networks, e-mail worms that replicate at lightning speed, Trojan horses that hide inside otherwise innocent programs, hackers that take over computers, and more.

Fortunately, archeologists have recently unearthed two stone tablets from a garage near Cupertino, California that can help deliver us from such evils. We present their guidelines here, along with interpretations from our brothers and sisters in the PC security choir.

I. Remember thy antivirus software and keep it updated. It's not enough to have the software installed (if you don't have an antivirus package, stop reading right now and get one); you also need to keep up with new viruses as they emerge. "Your antivirus software is only as good as your latest virus definitions set," says Kelly Martin, senior product manager for Symantec's Norton AntiVirus. Programs like Symantec's Norton AntiVirus ($50) and Network Associates' McAfee VirusScan ($35 to $60) can automatically update their virus signature databases, but it costs an additional $20 to $35 for ongoing annual subscriptions.

II. Thou shalt not covet thy neighbor's attachments. You get a message you think is from a friend with what looks like a cool file attached, so you click on it. Next thing you know, you're Typhoid Mary, spewing out infected e-mails to everyone in your address book. That's how the Sobig.F worm spread--and it happened so quickly that millions of copies got out before the antivirus companies could update their databases.

"Never trust an e-mail 'from' address," adds Chris Wysopal, director of research for security consultants @Stake. "And never open an attachment without verifying it was sent by a trusted person, and they meant to send it to you."

III. Avoideth bogus file downloads. Be wary of any Web site that requires you to download software to view a page, unless it's something familiar like a Flash plug-in or Acrobat Reader. The file may contain a virus, a Trojan horse, or some auto-dialer that calls pay-per-minute numbers via your modem and racks up huge charges.

"Do not install software via the Web unless you are absolutely sure what it is and that you trust the company you are downloading it from," warns @Stake's Wysopal.

IV. Smite spyware and pop-ups. Like Trojan horse programs, spyware secretly installs itself when you download software like file-swapping applications; it tracks your movements online and delivers ads based on where you surf. Pop-up ads can also exploit security flaws in Internet Explorer, like the recent Qhost Trojan that hijacked users' browsers after they viewed an ad on the Fortune City Web site. Fortunately, there are tools that can protect you: For example, Ad-aware (free) blocks spyware and StopZilla ($30) takes care of pop-up ads. Some antivirus software and security suites also stop spyware and pop-ups in their tracks.

V. Thou shalt foil spammers. Unsolicited commercial e-mail is more than just a nuisance; it's also a major source of virus infections. In fact, some versions of Sobig are designed to turn infected PCs into zombie machines that can be used to send spam. A good filter like Symantec's Norton AntiSpam 2004 ($40), Network Associates' McAfee SpamKiller 5 ($40 to $50), or Sunbelt Software's IHateSpam ($20) help trap the nasties your antivirus software might miss.

VI. Keep thy operating system patched. E-mail-borne worms and other scourges like to exploit security holes in your software--namely Windows and other Microsoft programs. These days Microsoft issues so many critical updates to fix these flaws that many users ignore them. Don't. Last January, the Slammer worm exploited a vulnerability that Microsoft had fixed more than six months before. But thousands of infected computers--including some at Microsoft--didn't have the patch installed. Run the Windows Update program once a week and whenever Microsoft issues a warning.

"Until we see automated patch management software, users will simply have to stay up to date," says Thor Larholm, senior security researcher at PivX Solutions.

VII. Maketh a rescue disk and keep it handy. When things go bad, a boot or rescue disk is your first step to recovery. At minimum, you'll want to put the basic elements of your operating system on a floppy disk or Zip media, so you can bypass the hard disk at start-up. To find out how, read "Hardware Tips: Create Your Own Emergency Boot Disk." A better idea: Use your antivirus program to create a rescue disk you can use when your system gets infected. Label it with a date and store it near your system where you won't lose it.

VIII. Be not taken in by false claims. There are more hoaxers than hackers on the Internet, and more bogus "e-mail virus alerts" than actual viruses. Even real virus threats are typically blown out of proportion by the media. A phony warning could cause you to delete harmless files and then forward the message to others, clogging e-mail servers and causing virus-like damage in the process. When you get one of these e-mails (or see yet another breathless news story), check it out first. Type the name of the alleged virus into a search engine to see if any of the major security vendors have issued an alert, and visit the virus hoax pages at F-Secure and Hoaxbusters.

IX. Honor thy firewall. A firewall is like a bouncer for your computer--it checks every ID at the door and won't let anything in or out until you give the thumbs up. So a hacker can't access personal information on your hard drive, and a Trojan horse keystroke logger (a stealth program that monitors the characters you type) can't steal your passwords and transmit them over the Net. Symantec and Network Associates both offer personal firewall packages for $35 to $50, while Zone Labs offers a no-frills version of its ZoneAlarm software firewall for free. But a better deal is an Internet security suite that combines antivirus, firewall, ad blockers, spam fighting, and other useful apps; most cost between $60 to $80. For a review of suites from Symantec and Network Associates, read "Extra-Suite Virus and Spam Protection."

X. Maketh backups and keep them holy. Simply put: Back up your data files at least weekly (daily if you're running a business). Even if you fall victim to a virus or hacker attack, you'll escape with only minor damage. Fail to keep a recent backup though, and you'll go straight to hell--at least, that's how it will feel.

 When you take a picture in automatic exposure mode, most digital cameras lock in exposure when you depress the shutter button halfway. So, you can force a darker exposure by pointing the camera at an object that's lighter than your actual subject when you lock in the exposure. If you want a brighter exposure, lock in exposure on an object that's darker than your subject. After locking in exposure, reframe the picture without taking your finger off the shutter button and then press the button the rest of the way down to take the picture.

Don't forget, however, that the camera also sets focus when you depress the shutter button halfway, so make sure that the object you use to lock in exposure is approximately the same distance from the camera as your subject.

Source: Dummies.com

• Press F1: When you're confused in Windows 2000, press the F1 key. That key always stands for "Help!" Most of the time, Windows 2000 checks to see what program you're using and fetches some helpful information about that particular program or your current situation. In fact, pressing F1 usually brings up a huge Help program.
• Click on the little question mark: Look in the program's upper-right corner. Do you spot a little question mark lurking up there? Then click on it. Your pointer turns into a question mark. Now, here's the helpful part: Click your newly shaped pointer on any confusing area of the program: boxes, windows, buttons, and icons. A helpful explanation appears, describing what those things are supposed to do. Click on that little question mark again to turn off the feature.
• Choose Help from the main menu: If pressing F1 doesn't get you anywhere, look for the word Help in the menu bar along the top of the confusing program. Click on Help, and a menu drops down, usually listing two choices: Help Topics and About ? or variations similar to those. Click on Help Topics to make the Windows 2000 Help program leap to the screen.

Source: Dummies.com

This Paintbrush icon should appear by default on the standard toolbar. To add it to the toolbar, go to Tools | Commands, navigate to Format, and drag the Paintbrush icon to a toolbar.

When you click on this icon, Format Painter copies the text formatting of the area where the cursor is located. If you select an entire paragraph or cell and then click on the icon, Format Painter will also copy the paragraph or cell formatting. You can then "paint" the copied formatting into other parts of the document by simply highlighting text.

By double-clicking on the Format Painter icon, you can apply the copied formatting repeatedly until you press Esc.

Source: PCMag.com

BUSINESS
Posted on Mon, Apr. 26, 2004.

The tickets airlines don't want you to buy

BY SCOTT MCCARTNEY
The Wall Street Journal

You go duck hunting in Louisiana with Vice President Dick Cheney, and you fly down from Washington in a government plane. But your commercial flight back home is expensive -- currently about $698 -- because it's a one-way ticket. What to do?

Supreme Court Justice Antonin Scalia recently disclosed that he did what most of us would probably do: He bought a cheaper, round-trip ticket -- with no intention to use the return leg.

Airlines consider that fraud, but it didn't stop Scalia: ''We purchased round-trip tickets that cost precisely what we would have paid if we had gone both down and back on commercial flights,'' he wrote in a 21-page memo.

The round-trip ticket, which today costs $218, may have seemed a Solomon-like solution to any ethical issue raised by accepting a free ride with the vice president.

But airlines call it breach of contract. In fact, it's an emerging legal battleground. Currently, there's a federal class-action lawsuit pending against several airlines related to ticketing rules.

Carriers write their elaborate rules to defend their incongruous fares and sometimes go to great lengths to enforce them. They dun travel agencies for issuing tickets that aren't ''properly'' used. They sometimes demand higher fares from travelers caught dodging the rules.

And at the height of a crackdown in the late 1990s, airlines even seized some travelers' frequent-flier miles, saying they were fraudulently obtained.

But if a Supreme Court justice can skirt irrational rules -- after all, how can one flight be three times more expensive than two flights? -- why can't you?

Travel experts say you can. For one thing, it's not illegal. People engaging in these practices are breaking airline rules, but not breaking any law -- unless they lie about what they are doing. (More on that later.)

Also, airlines aren't likely to track down first-time offenders, especially since they need all the customers they can get and aren't selling many top-dollar, unrestricted tickets anyway.

''It's not a practice we encourage, but there's little we can do about it,'' says Jason Schechter, a spokesman for UAL Corp.'s United Airlines.

One of the airlines' favorite targets is the practice known as a ''hidden-city'' itinerary. That's when travelers, bound for a hub city, book a trip to a cheaper destination but end their travel at the hub. Heading home to Detroit from New York? Northwest's unrestricted one-way fare from New York to Detroit is $559, and its unrestricted fare from New York to Akron, Ohio, is $221. The Akron ticket means a stop in Detroit, on the same flight for which Northwest wants to charge more than twice the price. Book the Akron trip and just get off the plane in Detroit.

Some travelers use a variation known as ''back-to-back'' ticketing. Their strategy is to avoid an expensive midweek business round-trip fare by buying two cheap round-trip, Saturday-night stay tickets and using only one coupon from each. Every big airline, except Southwest Airlines, bans the practice. (Southwest's rules allow it and also hidden-city ticketing.)

HUGE SAVINGS

On the high-fare carriers, the savings can be huge. The current unrestricted fare between New York and Houston on Continental Airlines is $1,972 round-trip.

But someone who plans two weeks in advance can save a bundle by buying two $232 discounted round-trips -- one from New York to Houston and throwing away the return, and one from Houston to New York and tossing that return, too. Savings: $1,508.

It's tougher for airlines to know this is going on if the tickets are booked without a frequent-flier number or if the two round-trips are booked with different credit cards or on different airlines (though most airlines still prohibit that because it's still back-to-back ticketing).

Airlines say ticketing tricks are actually less frequent these days than even two years ago because low-fare carriers have forced them to cut prices and erase a lot of restrictions.

''There are better deals out there,'' said one pricing executive at a major airline, who asked that his carrier not be identified.

Still, travelers are pushing the issue. There's a federal class-action lawsuit pending in the Eastern District of Michigan accusing Northwest Airlines, Delta Air Lines and others of violating antitrust laws by conspiring to fix rules against hidden-city ticketing.

Travelers were injured to the tune of at least $4 billion because prices were 'artificially inflated by defendants' illegal and anticompetitive conduct,'' the suit alleges. Airlines have denied the allegations in the suit and fought it vigorously.

Courts have held so far that airlines have the right to set their own rules. They used to be printed, in fine type, on booklets stuffed into ticket jackets, but in this age of ticketless travel, now you usually have to go to airline websites to look for a ``contract of carriage.''

Breaking the rules could constitute breach of contract, and airlines could possibly sue travelers for price differences. That's highly unlikely.

But where travelers have gotten into legal trouble in the past is in lying about their intentions when asked after the fact.

NO LYING

''Lying to the airlines in order to get the cheap fare would be fraud, but silence coupled with a purchase cannot be fraud,'' says Mark Pestronk, a Fairfax, Va., attorney who specializes in travel law.

``It's perfectly OK to take advantage of loopholes in tariff rules as long as you're not actively engaged in lying about it.''

If you're caught, airlines can demand higher fees if you haven't completed your travel. If they catch you after the fact, however, they are stuck, Pestronk says. If they tried to charge your credit card, you could protest the charge, and card companies would likely side with you since the charge wasn't authorized.

And now, if we get caught, we have Justice Scalia to point to as an example. (A Supreme Court spokesman says he has no further comment on the ticket.)