Poe in Cyberspace
Pundit in Poe's "Melonta Tauta" reports from the Atlantic balloon on the day after April 1, 2848: "Spoke to-day the magnetic cutter in charge of the middle section of floating telegraph wires .... civil war is raging in Africa, while the plague is doing its good work beautifully both in Yurope and Ayesher." Poe's imaginary floating Atlantic telegraph line of 1848 was followed in only ten years by the first actual attempt to build such a line in 1858, leading to the successful building of the first submerged line in 1866. As to self-sustaining manned flight, that followed just 56 years later in 1904. The eventual point of Poe's satire - that progress can be an illusion - is often borne out when our own technological progress is accompanied by offsetting technological hazards. For example, today's rapidly-improving networked computers are increasingly vulnerable to equally rapidly-spreading computer viruses, our new global electronic plague. (For background, see "The Purloined Letters" in this column, Fall 2005.)
How many infected computer files are there around the world today? When Microsoft offered its Malicious Software Removal Tool, 62 percent of the 5.7 million computer users who responded reported such a problem. In just one month TrendMicro, a vendor of security software, reported finding about a million infected files distributed around the globe as follows: Europe, 521 thousand; South America, 204 thousand; Asia, 162 thousand; North America, 103 thousand; Australia, 85 thousand; and Africa, 78 thousand. Viruses and its relatives, spyware and spam, can put at severe risk our personal Poe research on our computers - and now they can even do it wirelessly. These new electronic threats may have familiar names - such as virus, spam, and spyware - or more bizarre appellations - such as stalker, rootkit, and phishing. What's certain is that in their endless mutations they pose a dilemma for us as we handle research: should we invest known amounts of time, expense, and nuisance to combat them vigilantly, or should we save time, money, and the inconvenience -- and just take our chances?
A major war is heating up between escalating threats to our computers and the growing countermeasures that are becoming available. Viruses that once were harmless pranks can now destroy essential Poe research and personal data. Spyware that once was merely an advertising gimmick can now be used in identity theft by capturing passwords, social security numbers, and bank information. A new cybermafia has come into being, seizing profitable new opportunities for electronic crime. Spyware has even been involved in sexual harassment cases, and some evidence suggests that spyware and spam are also being directed against children. Consumer Reports found 28 percent more spyware in homes where children under 18 had used the Internet in the previous six months, and in 8 percent of these households, a child had inadvertently seen pornographic material because of spam.
Want to go into the business of stealing keystrokes? Now you can just buy a do-it-yourself keylogging kit. In April 2005 there were 70 known such kits on this gray market, but within a year 180 kits were available. Think you can detect fake web pages? Tests conducted at Harvard and Berkeley found that more than 90% of users were fooled even though they were on the lookout for such deception.
1. The vocabulary of this strange new world.
A virus is a malicious program transmitted by something you put into your computer either physically in a disk drive or electronically from an internet connection. It is programmed to spread itself, often in disguise, and it can destroy or interfere with your data and operations.
Like paper junk mail, spam is unwanted email; it can waste your time, and enough of it can jam your electronic mailbox.
Spyware may keep track of the web sites you visit and may even capture your keystrokes; it can be used to report your activities to advertisers or, more dangerously, to obtain private fiscal information and even to stalk you. Since spyware is so varied and rapid-changing, experts suggest you use not one but two anti-spyware programs!
Phishing, a pun on fishing, seeks to trick you into giving up passwords, social security numbers, bank information, and private data by simulating an offer of help in combating the very sort of fraud it is committing. One survey found that the 2854 phishing sites reported in April 2005 had increased to 11,121 in April 2006, a fourfold increase - even though many are amateurish in spelling and grammar.
A rootkit takes over the basic operations of your computer without symptoms, like someone jacking up your car and running it from beneath without your knowledge.
Taken together, these potentially malicious programs are called malware.
Protection exists in the forms of antivirus, antispyware, and antispam software, sometimes combined into security suites.
Vulnerable areas of your computer are the operating system, broadband and dialup internet connections, browsers, web pages, software downloads, email attachments, and shared software.
Backups: Since computers are also subject to internal hardware and software breakdowns and user mistakes over time, the prudent will make a data backup after each session.
2. What can go wrong? A popup offers to make your Paypal experience safer. Email warns you that an unauthorized person has tried to use your bank account. The Windows program seems to be warning you of a processing error. Someone you know is sending you an improbably offensive email. You are asked to sign a petition to keep Congress from charging for email. An offer is made to obtain expensive software free. You have received an unexpected inheritance that must be collected in 90 days. A businessman in Tasmania is seeking a North American partner. A long-suffering family needs to use your mailing address to expedite its prospective immigration. Your teenager has a chance to meet someone through MySpace. Your email address has won the random drawing of the Icelandic lottery. Your computer is taking much. much longer to load and run. Although these situations may be innocent and legitimate, all are typical of nasty problems with malware.
3. Update your operating system. Since security measures are constantly being strengthened in operating systems, make sure you download and install the most recent version of Windows o whatever else you use. You can get the latest upgrades, typically Service Pack 2, from www.microsoft.com/protect, whether you use Windows XP or an earlier version. You can set Windows XP to automatically use the Update feature. Operating systems are constantly being enhanced for security: it is expected that Windows Vista, the next version, will add more security features. If you use a Mac computer, you are somewhat safer, suffering fewer virus and other malware programs, but you will also benefit from system updates.
4. Update your Web browser and current software. Check your provider for updates or minor enhancements of web browsers such as Internet Explorer 6. Some users prefer the Firefox browser as less frequented targeted for malware attacks. Your current version of other software, such as Microsoft Office, may have small improvements designed to patch security holes of your version.
5. Make sure the firewall of home network is working effectively. Don't stay with the default passwords that came with the system, and make sure the "remote administration" feature is disabled. Shut off your broadband connection between sessions.
6. Raise the security level of your browser. For Internet Explorer 6, make sure the security level is at least medium so that Web sites can't downloading programs or run Windows active scripts without your knowledge. The next version, Internet Explorer 7, will contain better security features.
7. Back up all active files immediately after each change. While writing this article I spent a day at the library doing research on another project, taking notes on a laptop computer that I had been ailing for a while. When I tried to check my work a few days later, the laptop would not start up no matter what I did. Fortunately I had backed up my latest data on a tiny flash memory device I always carry, and had already transferred it to my main desktop machine. But I could not quiet those lingering doubts that I might have lost something. In the past I have used such backup devices as floppy disks (1.44 megabtyes), tape drives (20 MB), Bernoulli drives (150 MB), Zip disks (100MB), CDs (700 MB), and DVDs (4 gigabytes). Now I use a USB flash drive; recently I purchased such a 2 GB flash drive for only $40.
8. Protect your passwords. Make sure they are not obvious, not too short, and do include some numbers and symbols. Avoid natural or common words, and never disclose a password online.
9. Throw out junk email before opening it. Never open unexpected or suspicious attachments. If you do open strange email, don't reply, especially not to "unsubscribe," which serves as a confirmation. Never give out personal information.
10. Best email programs. Microsoft Outlook 2003 and Apple Mail have a reputation for providing the best spam, spyware, and virus protection, but sure you activate and maintain them. To avoid spam, use several different email addresses. You can get separate email addresses for business, for personal use, etc., from Yahoo, Hotmail, and Gmail. Check with your internet provider to see if spam blockers are available.
11. Be moderate: evaluate risk. Evaluate how much risk you can tolerate. If any of these suggestions seem excessive, be more moderate in your defenses, depending one how much risk you are what you are willing to tolerate.
12. The fake site trick. Be suspicious. Fake sites use spoofing - imitating the visual style of Microsoft and various banks by pretending to issue security bulletins. If you do reply to an honest message, type in the address yourself instead of clicking on it. Web pages can trick you by showing a safe web address your know on the screen while the code beneath actually takes you to a dangerous address unknown to you.
13. Mailing list dangers. If you maintain a mailing list with the email addresses of your contacts, malicious software can spread itself to the names on that list without your knowledge. So malicious software might seem to be coming from a business associate, relative, or friend. Hackers can fake the return address on email: I was once made into the "sender" of obscene email to a female colleague, who fortunately discussed the matter with me before initiating a sexual harassment complaint.
14. Word macros. Beware Microsoft Word files that may contain dangerous attachments or macros (mini programs). File names can be misleading: what may seem a harmless .txt or .doc file may actually contain a dangerous .vbs Windows "script" or mini program.
15. MySpace dangers. Social sites such as MySpace.com can prove risky, sometimes containing spyware rhat can affect the family computer. There is also concern that efforts to stalk women or send sexual explicit messages to children can be transmitted in this way.
16. Thorough? Do the research to find the best security programs. Use sources such as Consumer Reports, PC Magazine, and PC World to see ratings on the best security software for anti-virus, anti-spyware, and anti-spam purposes. PC World rated some top security software in recent issues: antivirus software (January 25, 2006), spyware (August 25, 2006), and security suites (May 25, 2006). A unusually comprehensive study of software testing appears in the September 2006 issue of Consumer Reports. Articles from all three magazines (among many other sources) are available by subscription, in libraries, and online. Some of the top programs in each category are actually free, requiring just downloading.
17. Impatient? Install and maintain a security suite. If you don't want to do the research on individual software measures, use a ready-made suite of security programs available from several well-known providers, all requiring purchase and then an annual subscription fee. The most convenient way to get started is to purchase the software as a CD package from a retail store - much faster than downloading. Often upgrade rebates are available in software combination packages published by well established sources such as Symantec Norton Internet Security and McAfee's SecurityCenter. AOL's Total Care package is available to subscribers, and a new entrant in the field, Microsoft Live OneCare, will allow you to subscribe to a comprehensive security service - with remedies for what many allege are shortcomings in its own widely available software.
18. On a tight budget? Download trial or free software. Most software programs are available in 30 day trial versions, and some recommended software packages are offered entirely without charge for non-commercial use. Consumer Reports lists Alwil Avast for anti-virus, Spybot for anti-spyware, and Trend Micro for anti-spam. But be prepared for long download times if you have a dial-up connection.
19. A final caveat: beware of friendly fire. All anti-malware measures inevitably put at risk or even remove some small percentage of innocent files. Spam-killers, spyware cleaners, and cleanup operations for "cookies" may delete programs you have asked for, even relied upon. In each case, some functional files and associated data may be lost if you do not monitor the removal process carefully. Strike the compromise that suits you.
To return to Poe - evidently he shared the misconception, commonly held in the early days of steam transportation, that human vision would not function properly at high speeds. Pundit predicted that traveling across Canada at 100 mph would still produce worthwhile views because the glass windows could still be opened. However, but when the cars of the future reached 300 mph, they would be sealed up, yielding an "odd sensation" when the occasional glance outside detected the merger or all objects: "Every thing seemed unique - in one mass." In truth, human vision has proved more adaptable than Poe predicted, and jet planes now regularly travel at twice the speed Poe anticipated. But air travel, as Poe might have predicted, does not continue to become faster and faster. The supersonic Concorde has been permanently grounded, and a short trip of an hour by air now actually can take three or four hours or more when ground travel congestion, airport security screening procedures, and flight traffic delays are taken into account. It would have amused Poe to know that while our computer processing chips run faster and faster each year, it is actually taking us longer and longer to complete work on the computer it did than a decade ago - in part because of the growing damage of viruses, spyware, and spam - and the increasingly labor-intensive counter-measures against such malware.
"Is faster the new slower? Welcome to the future!"
Rutgers University, Newark
("Poe in Cyberspace" articles are available online at eapoe.info with links to cited electronic resources.)