# Security Best Practices . . .



## BobJam (Jan 10, 2005)

Not sure if this post should be in this discussion forum or in the Security forum, but I'm making it here because it's NOT a question, but rather some comments - more of a "Tip" sort of thing - on Security "best practices". So, Mr/Ms Moderator, move this post if it's in the wrong forum.

I hang out mostly in the "Windows NT - 2000 - XP" discussion group and I see a LOT of people making posts about malware infections (and some of them subsequently get moved to the Security forum). HiJackThis logs are a common post. It is apparent to me that a lot of people just don't follow best practices when it comes to security.

So, with that in mind, let me suggest that these people are doing one or more of the following:

*1. Surfing the web and clicking on unknown links UNPROTECTED.

2. Clicking on links in Instant Messaging programs.

3. Opening suspicious Email attachments.

4. Having emails automatically open - in OE this is known as the "Preview Pane".

5. Opening Emails from people they don't know.

6. Leaving your "personal"email address (I'll explain what I mean by "personal") on the web.*​
Now I'll address each of these items in detail:

*1. SURFING THE WEB AND CLICKING ON UNKNOWN LINKS UNPROTECTED.*

I'm NOT suggesting that you stop surfing the web, just that you have malware protection software running (e.g. antivirus, anti -spyware, firewall) when you do.

Ideally you want to have "real-time" protection with your anti-spyware software and "on-access" protection with your antivirus software, and run "on-demand" scans at least monthly. *And make sure your definitions are up to date. If they're NOT, your malware protection software won't protect you from the latest threats.*

If you Google a lot, then you're probably going to be clicking on a lot of unknown links. And even "known" links can sometimes be disguised and be phishing scams (which is a whole 'nother topic and not the subject of this post).

Some categories of links that most often carry malware are: porn sites (more on that in a bit), stock advice sites, and "free" downloads sites.

*Porn sites* - I'm not suggesting that users voluntarily go to porn sites (though some do), but some of the names of these sites are misleading. For example, someone wishing to visit the Whitehouse site may think the URL would be "Whitehouse.com". But "Whitehouse.com" is actually a porn site. What is really the Whitehouse web site is "Whitehouse.gov".

Porn sites will frequently hijack your browser home page, inundate you with pop-ups everytime you run your browser, and embed malware so deep in your Registry that it's hard to get out.

*Stock advice sites* - There are a lot of legitimate stock advice sites, like Thomson, Morningstar, and The Wall Street Journal, but a lot of stock advice sites are just plain nasty.

For example, stock message boards, like the ones that Yahoo maintains, can be breeding grounds not only for pump-and-dump schemes, but links that contain malware. It's a good idea NOT to click on links on these message boards - no matter how "good" the poster (who will likely be a stranger) says the stock advice is.

*Free download sites* - There is a lot of good free software out there, like Spybot, ZoneAlarm, AVG, and Ad-Aware. But unless you are sure about the safety of the software you are downloading, it's a good idea NOT to download it. That's because a lot of "free" software is supported by adware and spyware that's included with it, unknown to the user. And, believe it or not, a lot of "free" so-called antispyware software actually contains spyware itself.​
*2. CLICKING ON LINKS IN INSTANT MESSAGING PROGRAMS*

I'm not suggesting here that you stop using Instant Messaging programs, like AIM, or Yahoo, or ICQ. But I AM suggesting that you refrain from clicking on links in the messages. Even if the link is from a friend who says, "Click on the link and look at the pic, it's pretty cool" - DON'T!!! That link could very well download a Trojan at the same time it's downloading that "cool" picture.

IM's are notorious for spreading malware, so make sure and run all your security software when you run your IM program.

I have a friend who runs ICQ, and at least once a month he gets infected with some malware he got in an IM. We've reinstalled his OS several times because we've been unable to remove the malware (maybe next time I'll send him to the Security forum here). One of these times I'll probably just say, "NO, I'm not coming over because you did what I repeatedly told you NOT to do!!"​
*3. OPENING SUSPICIOUS EMAIL ATTACHMENTS.*

Many viruses are sent in email attachments. If the attachment has a .scr, .exe, or .dll extension, then it's likely malware. There are other suspicious extensions, but I can't remember what they are right now.

If you insist on opening an attachment, store it first to a folder named something like "Email attachments to scan", and then scan it with your antivirus software BEFORE opening it.

Even if the attachment is from a friend, scan it FIRST. And definitely DON'T open an attachment from someone you don't know - delete the entire email.​
*4. HAVING EMAILS AUTOMATICALLY OPEN.*

In Outlook Express (OE), this is known as the "Preview Pane". DISBABLE it by going to "View>Layout" and unchecking "Show preview pane". The word "preview" is misleading, because it makes you think that it's only a snippet, like a preview of a film. BUT IT'S NOT!!! This "Preview Pane" will actually open the entire email, and thus download any viruses that may come with it. And the OE preview pane is enabled by default, and so also is the setting in "Tools>Options>Read" to automatically download all emails viewed in the preview pane.

This is particularly dangerous when you get an email from a stranger and want to delete it first. If it's opened in the preview pane, it already too late to delete it - the damage has been done.

I'm not familiar with other email programs, like Eudora, but they probably have something similar to a preview pane. DISABLE IT!!!​
*5. OPENING EMAILS FROM PEOPLE YOU DON'T KNOW.*

You'll have to suppress the temptation to know what this is about - especially if the title of the email peaks your curiosity. If you don't know the person, DON'T open it - delete it. If it's from someone you know or it's something important, they'll likely call you on the phone.

People you don't know can get your email address from a number of places, not the least of which are those "Forwarded" joke emails you get from your "Auntie" that contain all the addresses of everybody on the forward list.​
*6. LEAVING YOUR "PERSONAL" EMAIL ADDRESS ON THE WEB.*

Leaving your "personal" email address on the web can make you vulnerable not only to spam, but also to malware.

A lot of spam AND MALWARE (but not all) comes from "harvesting" programs that spammers AND MALICIOUS mailers use to "harvest" email addresses left on Internet pages. Some spammers can also harvest addresses from "Forwarded" emails.

So, to eliminate the Internet page source of spam and malware via your "personal" email address, there are three things you can do:

1) NEVER leave your "personal" email address on the Internet.

Now there are some sites that absolutely INSIST that you leave an email address - like when joining discussion groups, when making a purchase, setting up your profile for your Health Insurance web site, Online banking, etc.

For that requirement, see point #3.

2) On discussion group postings, always "munge" your email address if you want to post it. "Munge" means to disguise it.

For example, one of my email addresses (see point #3 for why I have more than one) is rbjamie [at] gmail.com. Notice that I typed out "at" instead of using the @ symbol. That's "munging". Most harvesters look for the @ symbol to get email addresses, so if you leave out the @ symbol by typing "at", the harvesters will not identify it.

However, spammers are getting more sophisticated tools, and harvesters may now look for "at" when it's typed out - which is why I put it in brackets too. But then they may look for "at" in brackets too - it's a real cat-and-mouse game.

*3) THIS IS THE TIP THAT'S MOST IMPORTANT*

Get an Internet Email account - such as Yahoo, Gmail (Google), or Hotmail (Microsoft) IN ADDITION to your ISP's Email account (*I call that one your "personal" email*). Most of them are free.

For Internet stuff, leave your Internet email address. That way, even if spammers figure out a way to harvest your munged address, spam will only be delivered to your Internet Email address.

It's like having two snail mailboxes. One is for junk mail only, and the other is for "personal" stuff, like correspondence from family or friends and bills.

Which brings me to another point on this "two email" strategy. Give your uncontaminated "personal" email address to trusted family members and friends ONLY.​
OK . . . time to end this lengthy post.

My final point is this: Anti-malware programs WON'T always provide 100% protection - there is no such thing as "100% protection", unless of course you throw your computer in the trash. *The ultimate source of protection is your own common sense!!*

I'm sure there's a lot more that could be said for this topic and that I left out, but this is already too lengthy - perhaps other posters can append their tips to this "Security Best Practices" thread.


----------



## aarhus2004 (Jan 10, 2004)

BobJam,

Another superb post - setting a fine example; and if folk have something to add I am sure you would welcome it. In fact I would like to see a listing of websites which pose a very strong, or proven, threat to users.

*McAfee Site Advisor *I find useful if ever I am unsure.

:up:

Ben.


----------



## BobJam (Jan 10, 2005)

Thanks again, Ben.

And, YES, I do indeed hope some people post their "Security Best Practices" tips here.

BTW, I'm a "McAfee Maniac" - which is a volunteer moderator on the McAfee Antivirus discussion board. And, I run McAfee Antivirus Version 8.0i Enterprise on my machine.

As a side note, I'll mention that I was almost thrown off these boards - for good cause too.

Here's the story:

I recently posted a reply to someone who posted that he wanted to make the "error" message go away on an illegal copy of XP (pirated) he had on his machine. He explained that he had gotten the machine from someone else who had later told him that it was an "uncertified" copy (Hmmmm. . . I should have suspected something right there). I responded that he could call Microsoft and explain his situation and see if they would give him a registration code, but that I doubted they would and he would probably have to come up with the cash to buy a "genuine" copy of XP.

I should have stopped there, but I added some links to a hack that would remove that error message. Some kind souls warned me that my reference to links for a hack to remove a warning from an illegal copy of XP was a violation of the TOS (which I should have known anyway - *very* embarrassing, and *doubly* embarrassing for someone who is a moderator on another board).

Fortunately, no one "reported" me, and I was able to *DELETE* my post before it was too late.

Don't know what I was thinking when I did that, but I definitely wasn't in my "mature and responsible" mode.


----------



## aarhus2004 (Jan 10, 2004)

Hello Bob,

I am still chuckling  after reading of your near miss. I think TechGuy(Mike) has a lot invested in this Forum and in that one area in particular he is very concerned we don't let him down.

But the other rules are less clear and it's possible to have great fun challenging them. I sometimes use familiar-to-Brits swear words and they are not disputed. I suspect the computers involved are 'calibrated' to pick-up American English cusses!

You have an interesting 'resume', Bob. Lots of experience and know-how too. You will have detected TSG offers a lot for all types. I have enjoyed my time here and learned enough to have made it very worthwhile. And we all enjoy humour though not necessarily in precisely the same way.

You will make MOD here, Bob, in due course.

Welcome and best wishes.

Ben.


----------



## BobJam (Jan 10, 2005)

Hey Ben,

I see you are from "Western Canada". Want to chit-chat about that a bit, so I'll carry this over to the "Random Discussion" forum - see you there.


----------



## aarhus2004 (Jan 10, 2004)

Bob, "Western Canada" in 'Random' would attract a few folk - perhaps as many as 500 but we try to keep it a big secret cos the word is partially out that this is the place to live, Which it is, especially closer to the ocean, (that's a whisper).

I will look out for you over there, tho random is not a big part of my TSG life.

Ben.


----------



## hewee (Oct 26, 2001)

> Give your uncontaminated "personal" email address to trusted family members and friends ONLY.


And to me that means "trusted family members and friends ONLY" that do not forward email or CC them and show yours and others email address in the email because then you have no way who all is getting your address and doing the same thing and then your address is all over the place in other peoples email. Then one of them gets something on there PC that finds all the address and sends out spam.


----------



## BobJam (Jan 10, 2005)

YES, hewee, I agree with you.

But for the "Forwarding" email variety of spam harvesting, there *is* something you can do, though the effectiveness of this will depend on your correspondents.

When people forward you emails, which are most often either jokes or urban legend chain emails, most of the time they'll just send out the email *WITH ALL THE PREVIOUS ADDRESSES ON IT* (as you said), which is the default sending format. I'm sure you recognize these when you see all those underlined addresses of people, some of who you probably know and some of who you've never heard of.

So, let's say that Aunt Gertrude believes everything she reads in email. Auntie dear makes sure that you get every warning, every sentimental story and every petition that's going around. However, Auntie's forward list doesn't just include you. There are 37 people on her list and only three of those are relatives. 34 people on her list are perfect strangers to you. In fact, five of these are actually perfect strangers to Auntie as well. She met them in some chat room somewhere.

Now, as soon as Auntie forwards that email that the government is going to end the social security program and make people like her homeless, 34 people whom you do not know can see your email address. 10 of those people decided to forward the message again. Each of these has a "buddy" list of approximately 10 more. That's now 134 people whom you do not know who now have access to your email address. This happens just in the first two hours since Auntie forwarded the mail to you. Of that 134 people, one could be a professional spammer, one could own a pornography site and wants business and another could enjoy sending viruses. (I'm just saying in detail what you said). Add in all the people who get the forward after that and your email address has just been handed over to hundreds of people in one day.

So, YES hewee, I definitely agree with you.

There are a couple of solutions to this though:

1) Ask Auntie to stop forwarding email to you with other people on the list, and explain to her how she can "cut" those addresses out BEFORE emailing TO ANYBODY

2) Ask Auntie to forward to you AND OTHERS using only the *blind carbon copy (bcc)*feature, or

3) Just ask Auntie to stop forwarding those sorts of things to you anyway.​
As I said, the success of this depends on your correspondents willingness to do what you ask. Ask Auntie nicely. Actually, if you're rude and Auntie doesn't like you anymore and takes you off her mailing list, you've really accomplished what you wanted to do anyway . .

One more thing. My own son, who is an Attorney, kept forwarding chain emails to me. I sent an email to him asking him to do #1 above. I continued to get forwarded emails from him with no changes as I had asked. So then I asked him to do #2. Still no change. Finally, I *told* him to do #3. I haven't gotten any emails from him since. We still talk on the phone (he's on the East Coast, I'm on the Left Coast), but neither of us mentions this email thing we had going. It's like it never happened.


----------



## hewee (Oct 26, 2001)

I had to tell my cousins over and over about the way they emailed but they never got it tru there head. After I changed ISP's they no longer had my ISP address either but a web base address. Even then they keep doing and I keep telling them. So now I don't get emails from them and it's sad but hey do the math of send to 10 other and then those 10 sent to 10 other and 1000's and millions can have your address in no time at all. 
I was email emails that had 100's of address in them and was forward so may time you could not even read then. I mean one word or less then that per line is bad. 

So guess your son was like my cousin's who just don't get it. 

It's easy to BBC. It is easy to copy and paste. It is even easy to forward and then edit out address but you email program has to be setup right so it all shows up in the reply box. Some will attach it so you don't want that because you can't edit a forward email.


----------



## nod32 (Jul 16, 2007)

good information!!!

For average home users they should have at least the following...

#1 - Antivirus software (buy one)
#2 - Firewall (numerous free ones, Windows firewall is decent)
#3 - Secondary spyware removal utility
#4 - Operating system fully updated and patched


----------



## aarhus2004 (Jan 10, 2004)

Just mailed it to a chap asking my advice on the matter.

Thanks to all.  

Ben.


----------



## BobJam (Jan 10, 2005)

Hey Ben,

I guess that's an example of that "Global Community" you spoke of in our Random Discussion thread.


----------



## aarhus2004 (Jan 10, 2004)

BobJam said:


> Hey Ben,
> 
> I guess that's an example of that "Global Community" you spoke of in our Random Discussion thread.


Yes, BJ, that is if I may think in a scale of millimetres. My son is 2.092147 mm down the road.  He is right on the periphery of my world for my brain is now pea-sized.

Poddy Ben.


----------



## Tstright (May 19, 2007)

I don't agree with #4 on the preview pane. Been doing that for years with my work email and I've never had a problem with it.


----------



## ferrija1 (Apr 11, 2006)

I stick by these tips, from Leo Laporte.

1. *Dont open email attachments; even if its from someone you know.* If you do get something from someone you know, make sure that they really sent it to you. Email attachments are the number one way viruses and trojan horses get into your email. You might also want to turn off HTML email in Outlook and other programs. HTML emails are just as dangerous as rogue web sites, and can spread infections just by previewing them.

2. *Dont click links in email.* That link could lead you to a phishing site, or the link may lead you to install malicious software. Copy and paste links into your browser, or type them in by hand instead. Another reason to disable HTML email - the HTML hides the real destination of that seemingly innocuous link.

3. *Dont download files from places you arent absolutely sure are safe.* Stick with the well known sites. Teeneagers who use filesharing software like BitTorrent, Azureus, Kazaa, Morpheus, Grokster, and Limewire, often unwittingly download spyware and trojans. If you must, quarantine all downloads then scan them a few days later with an updated anti-virus.

4. *Update your OS regularly!* Turn on automatic updates in OS X and Windows. Apply all critical updates immediately. Criminals often create hacks within 24 hours of Microsofts patches (these are called zero day exploits), so you need to protect yourself the day the patches appear.

5. *Use a firewall.* The best firewall is a hardware router - the kind you use to share an internet connection. Even if theyre not billed as firewalls, they are, and theyre quite effective. I also recommend turning on your operating systems firewall - even if you have a router - but I dont recommend third-party software firewalls. They cause more problems than they solve.


----------



## jack8 (Feb 6, 2005)

A very well written and useful guide. Thanks .


----------



## aarhus2004 (Jan 10, 2004)

> Laughing stock: cattle with a sense of humor.


Like that, ferrija1; how about a link to Laporte?



> _Tstright _:	I don't agree with #4 on the preview pane. Been doing that for years with my work email and I've never had a problem with it.


Come to think of it I have also used it - but for another reason - the same one that makes me open gifts slowly. Maybe we should investigate that assertion or have BJ convince us. I prefer the latter, being a lazy-behind-a-router type.

Cheers,

Ben.


----------



## ferrija1 (Apr 11, 2006)

aarhus2004 said:


> Like that, ferrija1; how about a link to Laporte?


He has 14 podcasts at twit.tv.

He said those tips on The Tech Guy, a syndicated radio show, so I just found them at a random website.


----------



## aarhus2004 (Jan 10, 2004)

ferrija1 said:


> He has 14 podcasts at twit.tv.
> 
> He said those tips on The Tech Guy, a syndicated radio show, so I just found them at a random website.


That's interesting. I must check the audio archives which are available *here*.

Thanks, ferrija1.

Ben.


----------



## BobJam (Jan 10, 2005)

OK . . . guys and gals . . . let me address this Preview Pane "controversy" again, and I hope to 'splain it a bit better than I did first time around.

*ENABLING/DISABLING THE PREVIEW PANE IS ALL A MATTER OF RISK OF INFECTION, NOT CERTAINTY. *

In my original post, I may have given the impression that having the Preview Pane enabled would definitely result in a malware infection. Again, that's not a certainty, but it does raise your risk.​
And, this is a thread about "Best Practices", *NOT* "Full-proof Practices". Indeed, as I've said before, there's *NO SUCH THING as "100% Full-proof Security"*. Even the best anti-virus product will be less than 100% effective. You can have your firewall enabled, your anti-spyware software doing real-time blocking, your anti-virus software enabled, Windows updated with the latest security patch, etc., and STILL get infected with malware. Now granted, if you have all these things in place, your *RISK* is significantly reduced, but infection is still possible, though unlikely.

Malware writers (a despicable bunch) are in step with, and sometimes ahead of, security efforts. For example, as soon as Microsoft comes out with a security patch, or your anti-virus vendor produces the latest definition file, the malware writers are hard at work defeating these efforts. They even have their own forums, where they trade malicious code, and inform each other of the latest security efforts.

So, if you have the Preview Pain enabled, then your *RISK* is higher than if you didn't. But having it enabled *IS NOT* a certainty that you will be infected with malware - which is perhaps why Tstright and Ben haven't had any malware infections and have their Preview Pane enabled - they've been "lucky" so far. Nevertheless, the risk is still there, and they're tempting the odds - or as Ben might say, "the Fates".

And to address Tstright's statement that his work email has never "had a problem with it", that may not be a typical home user's situation. I say that because "work" emails very often have the extra protection (still not foolproof though) that Corporations put in place. Typically, they filter out attachments, have stronger anti-virus software ("Enterprise" stuff) than home users, and generally have better security than home users. Now this may not be a portrayal of what Tstright's "work" has, so I may be off here in that particular situation.

And as for Ben, I think he may be using Millennium, in which case malware writers no longer target that system as much as they target email HTML codes specific on XP and Vista systems.

And HTML brings me to another point. You can have your email program "read" only in Plain Text, which will also reduce your risk. In fact, going back to the issue of "work" email, most Corporations "lock" their email readers into Plain Text only.

In closing, I'll repeat my opening statement: *ENABLING/DISABLING THE PREVIEW PANE IS ALL A MATTER OF RISK OF INFECTION, NOT CERTAINTY.*

Convinced, Ben???

(Now watch . . .he'll disable his preview pane and then right away get infected - entirely possible, but not related to disabling the preview pane - and then blame me. Just kidding, Ben)


----------



## Tstright (May 19, 2007)

BobJam, I didn't mean to imply you were in any way wrong. I was just stating my .02...

But you did have a very good argument about it. I see your point when it comes to home/business users.


----------



## rolandk10 (Oct 17, 2005)

Another reason not to open unknown or unsolicited attachments.

By default, windows XP "hides extensions of known file types". So it's possible with some email programs for an attachment called picture.jpg.exe to show up as just picture.jpg since the real file extention is .exe. Looks like an innocent photo but turns out to be an executable. I recommend changing this setting so you can always see the file extentions of any file on your pc. If you don't know what a particular extention is, just google it and you can find out.


----------



## Old Rich (Jan 17, 2003)

rolandk10 said:


> Another reason not to open unknown or unsolicited attachments.
> 
> By default, windows XP "hides extensions of known file types". So it's possible with some email programs for an attachment called picture.jpg.exe to show up as just picture.jpg since the real file extention is .exe. Looks like an innocent photo but turns out to be an executable. I recommend changing this setting so you can always see the file extentions of any file on your pc. If you don't know what a particular extention is, just google it and you can find out.


Which is exactly what is happening when the Preview Pane opens an email . . .


----------



## BobJam (Jan 10, 2005)

rolandk10 said:


> Another reason not to open unknown or unsolicited attachments.
> 
> By default, windows XP "hides extensions of known file types". So it's possible with some email programs for an attachment called picture.jpg.exe to show up as just picture.jpg since the real file extention is .exe. Looks like an innocent photo but turns out to be an executable. I recommend changing this setting so you can always see the file extentions of any file on your pc. If you don't know what a particular extention is, just google it and you can find out.


*VERY* good point.

Some anti-virus scanners (mine, for example - McAfee 8.01 Enterprise) have the ability to block the execution, or downloading, or opening, of any email attachments with multiple extensions ( as rolandk10 gave an example of : "picture.jpg.exe").

But even if your antivirus software doesn't have that ability, you can still implement rolandk10's suggestion of changing that "hide extensions" setting (Control Panel>Folder Options>View tab, and then uncheck "Hide extensions hidden for known file types").


----------



## BobJam (Jan 10, 2005)

simpswr said:


> Which is exactly what is happening when the Preview Pane opens an email . . .


Thank you for stating what took me several pargraphs to say in only one sentence, Rich.


----------



## BobJam (Jan 10, 2005)

Tstright said:


> BobJam,
> . . . you did have a very good argument about it. I see your point when it comes to home/business users.


Thanks for the kind words . . .


----------



## BobJam (Jan 10, 2005)

Oh . . . one more thing that I forgot to mention in my original post on Security Best Practices - and this may be the *MOST IMPORTANT *thing:

*ALWAYS KEEP YOUR ANTIVIRUS PROGRAM AND VIRUS DEFINITION FILES UPDATED.*​An out-of-date antivirus program or out-of-date virus definition files make the entire program *USELESS*. If you're not up to date, and in the case of virus definition files, that means *DAILY* (because the malware people write new threat codes *DAILY*), you might as well *NOT* run your antivirus program because being out-of-date is the same as not having any protection.

Most antivirus programs have an "automatic updater" feature that will do this. Like Norton has "Live Update", and McAfee has "Instant Updater". But whatever it's called in the program you use, it likely has that feature.

Be aware, however, that if a Vendor doesn't have enough resources dedicated to the server they use for automatic updates and there is a flood of requests from automatic updaters one time, then the update might not come through.

And just to be sure your automatic updater is working, you should check your version and def files from time to time.

There are methods to do "manual" virus def updates for some vendor's programs, so you should be familiar with that procedure just in case you're automatic updater fails.

<digression>I do manual virus def updates myself - I don't use the automatic updater feature. Doing them manually is tedious and you have to check for updates every day, but I've gotten this chore down to a routine and habit. I just don't trust the automatic updaters - a lot of them are buggy anyway. I also check on scan engine updates and program updates and patches, and can do them manually also.

And every once in a while, an update itself is buggy, so you should know how to revert to the previous update if necessary, while the vendor "fixes" the buggy update. If you made a Restore Point before you did the update, *WHICH ONLY PERTAINS IF YOU DID A MANUAL UPDATE *(which is one of the reasons I do manual updates), you can do a restore operation. (And, *NO*, btw, I don't have a lot of restore points that accumulate because I clean them up regularly too).<end digression>​


----------



## BobJam (Jan 10, 2005)

aarhus2004 said:


> BobJam,
> 
> Another superb post - setting a fine example; and if folk have something to add I am sure you would welcome it. In fact I would like to see a listing of websites which pose a very strong, or proven, threat to users.
> 
> ...


Hey Ben,

I just downloaded and installed that McAfee Site Advisor and I agree with you - it's very good, especially with Google searches if you don't really know much about the site. McAfee maintains a good data base on these things.

In fact, I recently did a search on the "Zlob Trojan" (don't have it myself, but a friend does), and there is an abundance of suspicious "Zlob removal tool" sites, which are nothing more than marketing ploys for rogue spyware removers. McAfee confirmed my suspicions on them.


----------

