Sunday, October 23, 2005

A Breakthrough in AntiSpam for Lotus Domino (and probably other Systems)

It never ceases to amaze me how out of touch software vendors can be with their software. They spend a lot of time and money promoting what is essentially crap software, and then when something really spectacular comes along, they forget to do any marketing.

Ok, this generalisation seems to apply to a lot of things, not just computing, but for now, lets look at a recent example.

Symantec MailSecurity for Domino
We have been using Symantec MailSecurity for Domino for some time and while it has been working for us, the maintenance on this product is a lot of work.

For a start, there was no such thing as an automated update, you had to manually add in blocks for everything you could think of. In my case I did a few things;

Firstly, to prevent false positives;

  1. Created a whitelist which included the domain names of most of our frequent business partners (obviously something that needs to be updated occasionally)
  2. Created a whitelist keyword which meant that the use of a specific word in the subject line of an email would cause it to bypass all of our filters - obviously not a normal word, and fortunately not something that would ever require updating.

Now, to prevent spam...
I created about 8 different word lists, called things like Sex Drugs, Loans, Scams etc... and put various keywords into each. That way, if a list seemed to be going ballistic and was blocking everything, I could switch it off without affecting the remaining lists.

Obviously there was a huge amount of work in maintaining these lists.

Whenever I got spam, or someone forwarded me spam, I would have to read it and attempt to decide which words were unique and which category they belonged to. As the words got more and more twisted, the job got harder. Especially when I discovered that certain symbols meant different things to Symantec.

One which got me badly was "cialis", when I first blocked this drug, all mention of the word "specialist" caused emails to be blocked causing a lot of problems for I.T.

We were blocking a lot of spam, but we were also still allowing quite a bit in.

Premium Anti-Spam
One day when I was poking about in Symantec Mail Security, I found a tab marked "Premium Anti-Spam". Nothing on this tab worked. I decided to ask Symantec about this facility when our corporate anti-virus software came up for renewal.

It turns out that Premium Anti-spam was an add-on service for Symantec's Mail Security Products. You just had to pay the extra licence fee and away you go.

Symantec weren't terribly interested in promoting their product. Sure it was a little more expensive than the normal anti-spam, but it wasn't double the price or anything. They explained that the product downloaded signatures from Symantec which uniquely identified the contents of spam emails.

The theory was that symantec received lots and lots of spam and that they converted the contents of this spam into some form of unique identifier. The identifier then became the signature.

The result is supposed to be 99.9% accuracy and 0 false positives.

I finally managed to convince Symantec to sell me the product and had to reinstall MailSecurity to activate it. Since activation, I have received zero spam. I still can't understand why, if Symantec have such an effective product, they don't promote it more effectively, and why their own staff seem oblivious to its benefits.

Thursday, October 06, 2005

The Perils of Home Computing (What you need to do to make your computer more secure)

I can't remember a day in the last three years when I wasn't asked at least one security related question. Security has become the biggest problem in the computing world and it's only going to get worse. This blog entry is aimed at the "average" home-PC user, and will hopefully help you to secure your own computer.

Why is this relevant to me - I haven't got anything on my PC that I want to keep or hide?

Yep, that's the biggest excuse I hear for having no security on your home PC. Let's bust this myth right now.

If your computer is unprotected, people can take things off it (like credit card details) but people can also put things onto it - like child pornography.

There are numerous cases of trojan programs installing child-porn websites on unprotected computers. People have gone to jail for this... People have died for this. Don't let it happen to you.

Have a look at these articles.

    Ok... now that we have your attention, lets look at what you can do to toughen up your home PC.

    If you're not using Windows XP
    I'm afraid that I'm going to have to limit my comments to Microsoft Windows XP. Many of the suggestions here will work with older versions of windows, but some will not. When I suggest obtaining software, please check the system requirements before you install the software.

    Is this article still valid?
    This article was written on Thursday 6th October 2005. By the end of today, some things in it may no longer be valid. That is the nature of the computing world. For the most part, the concepts in this article should be valid for a number of years to come.

    What if I still use a slow modem
    If you have a modem, you might find that it's a bit difficult to download all of these files (some are really quite big). You should look around to see if you can find a cover CD on a computer magazine - or ask your IT person at work to put them on a CD for you.

    Anti-Virus Software
    If you don't have anti-virus software, then do not use the internet. You can download freeware anti-virus from the internet, and can sometimes get it from Cover CDs on Computer Magazines. The best of the freeware Anti-Virus products is AVG Freeware Edition. Of course, the freeware Anti-Virus software is never as good as a commercial product, such as Symantec Anti-Virus. Unless your budget is really, really tight. Buy a commercial one.

    Which version of Windows XP should I be using???
    No, I'm not talking about the differences between XP Professional and XP Home (though the former seems to have better security). I'm talking about updates to the software. These updates are free so there is no excuse for not applying them.

    • Win XP Service Pack 2 - The current version of Windows XP is "service pack 2" you should at least be running this. You can get Service pack 2 from the Windows Update site. Note that Service Pack 2 is a Massive update - if you're using a modem, find a cover CD or expect a long, long wait.
    • All other Windows Updates - Once you have service pack 2, you should go to Windows Update and keep running the update until there are no more updates to be run. Note that you may need to reboot more than once - don't forget to go back to Windows Update after those reboots.
    • Application Software Updates - If you have recent version of Microsoft Office, Visio or other Microsoft applications, you should run the updates from their specific sites (you can get to this via the help menu in Word 2003 - click Help, then Check for Updates). After running all of these updates, you will be able to update these applications via windows update.
    The Other Anti-xxx Software
    • Firewalls - Windows XP SP2 ships with a servicable firewall, but you really should try to do better. If you're looking for a free product, I'd recommend Zone Alarm. The Zone Labs web site tries to make it difficult to find, but if you click Download and buy, then ZoneAlarm (extreme right tab), you will get there.
    • Microsoft Malicious Software Removal Tool - This will look for spyware and other bad stuff on your computer and remove it.
    • Microsoft Anti-Spyware - This stays in your task bar and watches for malicious things on your computer - it's like a super-firewall and is very good software. It can also erase all of your tracks (computer history etc).
    • Google Toolbar - This blocks those popup annoying web advertisments very well.
    • Microsoft Baseline Security Analyser - Download this and run it. It will look for weaknesses in your computer (including silly passwords etc). It will create a list that explains the problems it finds and how to fix them. Fix all the problems that you find.
    • Startup Control Panel - This application allows you to find out what starts up when your computer is turned on. Use it, and check it once or twice a month. Not only will you be able to stop malicious applications, but you will also be able to stop genuine applications from hogging memory. For example, remove: Quicktime, Adobe Acrobat & RealNetworks from startup - you can start them yourself when you need them. There are lots of other applications that fall into this category.


    This is a difficult one. Anti-Spam software is generally ineffective against web-based mailboxes, such as hotmail and gmail - you need to rely on the providers for protection here. The other thing about anti-spam software is that it generally works for only a single application.

    If you have Microsoft Outlook or Microsoft Outlook Express, try SpamFighter.

    If you have Mozilla Thunderbird, the anti-spam function is built-in.

    Replacement Software

    A lot of people are advocating the replacement of Internet Explorer with Firefox (and Microsoft Office) due to security issues. At this stage, I don't think you need to worry about these.

    Outlook express however is a different story. This software is a virus deployment system which also does email... Get rid of it. If your ISP has an online mail reader, or if you have some other web-based service, such as hotmail or gmail, then use it. If you need to use a mail reader, use Thunderbird.

    There are a few other reputable security applications that you might want to use...

    • AdAware Personal - Which prevents adware (but only after it has been installed) - you need to scan regularly.
    • Spybot Search and Destroy - Which primarily targets spyware. This software can be used to scan for new spyware (if run regularly), but it also can install a preventative mechanism.
    • PGP Freeware - If you need to encrypt email for people, use this - but remember that the recipient needs a copy of the application too.

    There's a lot more security applications and utilities available... but we don't want to go overboard do we?