Archive for the ‘Definitions’ Category

Have you ever replied to an email message only to realize too late that you just sent your reply to the entire department? Or worse, to the entire company? Reply to All should be used only when you are sure that every recipient on the list really wants and needs to read your reply.

Unfortunately, accidentally hitting Reply to All is an easy mistake to make.

If you are the sender of the original message, you can make life easier and safer for your readers if you use the bcc: field instead of the To: field in the email header. Bcc: stands for "blind carbon copy. Every user will receive the message but the recipient will see only his or her own name in the bcc: field. If a user accidentally hits the Reply to All button, the reply message will only be sent to the original sender.

As a matter of ettiquette, you should disclose the distribution list to your readers in the body of the message. This avoids any appearance of attempting to hide the distribution. A common convention is to use small italicized text in the first line with the text "sent bcc: to MidwestDivision".

Have you ever seen a "free" offer to scan your computer for security vulnerabilities? The most common one that I get is a pop-up ad that reads "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below." It looks like a great idea. You’re offering to test my machine for free so I know what, if anything, needs fixing. Doctors, mechanics, even the lawn guy offers that kind of free screening as a legitimate way to build a relationship with new customers.

Unfortunately, most if not all of these computer scanning offers are scams. They are rogue programs that will always report something that needs to be fixed or cleaned whether the flaw is real or not. They are designed to scare you into believing that there is something terribly wrong with your computer that only their software can fix.

Examples that attack Windows computers include SpySheriff, WinFixer, IEDefender and Cleanator. Interestingly, Mac users ran into this problem for the first time in January with a product called MacSweeper. MacSweeper is so “thorough” that it even finds flaws when it’s run against a PC – flaws that can only exist on a Mac.

Most of these are simple attempts to con you out of money or credit card numbers. Some are more malicious and will load spyware onto the computer or even disable your existing antivirus programs.

Never run software from unknown sources. If you do suspect that your computer may be vulnerable, use your own anti-virus and anti-spyware software. Don’t trust that “free” offer.

Note: The word “scareware” also includes more harmless pranks such as the program that pops up and says “Erase everything on hard drive?” with two buttons labeled “OK” and “OK”. (Nothing is actually deleted in this prank.) Just ignore those pranks.

A few more popup examples:

Most states have passed "credit freeze" laws, allowing individual consumers to lock their credit reports and, in theory, reducing their vulnerability to identity theft. While the credit freeze is in place, the credit reporting agency may not give out your credit report unless you explicitly grant permission and confirm your identity using a PIN or password. This makes it harder for the identity thief to open an new account or to get new credit in your name.

Even if your state does not have a credit freeze law, the three major credit reporting agencies now offer freezes voluntarily. To institute a credit freeze, you generally need to send a written request to each of the three major credit reporting agencies. The specific instructions vary from state to state. You can find links to each state’s instructions at ConsumersUnion.org. The states allow the credit reporting agency to impose a fee to initiate the freeze (usually $5-10 per credit reporting agency but often free to confirmed victims of identity theft) .

If you do freeze your credit report, you will have to lift the freeze whenever you want credit. Under almost all the state laws, you’ll have to pay again each time you want the freeze lifted. This can make opening a new account or even changing your existing service more difficult and expensive. When you apply for the freeze, you will be given the instructions and PIN needed to lift the freeze. In some cases, you’ll have to lift the freeze yourself – in others, you might be able to authorize the merchant to do it for you. Either way, it will take some extra time. It will also make you ineligible for “instant credit” unless you lift the freeze before going to the store.

The credit freeze laws have implications for businesses that use credit reports for purposes other than lending (such as evaluating underwriting risk). Unless the state law has explicitly carved out that usage as allowed (and many but not all states did for underwriting), the business should expect extra paperwork and several extra steps in the process to get permission to view the consumer’s credit report. The law varies from state to state. Check with your corporate counsel for details.

As a consumer, you should also know that a credit freeze will not necessarily keep you safe from identity theft. While most reputable creditors will check your report before issuing credit, some don’t. Identity thieves can still exploit those situations, knowing that you will have to pay the consequences. A credit freeze also will not protect you from exploitation of existing accounts.

If you are at increased risk of identity theft and already have a house, car, phone service and the credit cards you need and you see no near-term need to refinance any of them, a credit freeze might be appropriate for you. If you have few risk factors or will need to legitimately seek credit for yourself soon, a credit freeze could be more trouble than it’s worth. Personally, I do not have a credit freeze on my account. I take normal precautions to make my identity hard to steal in the first place (I have a shredder and use it, I don’t leave financial documents like credit card bills on the kitchen counter, I don’t keep my SSN in my wallet, I use strong passwords, etc) and I check my credit report regularly. To me, the incremental protection of a credit freeze is not now worth the extra hassle and expense.

Your web browser is your primary connection to the Internet, either by reading web pages directly or through applications that use your browser to function. How you set the security makes a great deal of difference for your computer’s safety.

Those security settings will also affect the functionality of some web sites. Web page writers try to improve your experience by enabling different features. Sometimes they’re nice but they leave your computer more vulnerable to attack. In fact, a common hacker trick is to set up an "innocent" website with attractive content but which will not work correctly unless you reduce your security settings, exposing you to the hacker’s malicious content on other links. The safest policy is to disable those optional features until you decide that it’s necessary and that the website is trustworthy. (In most cases, you can enable the feature temporarily.)

Note: Your IT department should control the settings for your work computer. Make sure that they have the security controls locked down so users can not accidentally expose their computer to unacceptable risks. If you use Internet Explorer, you can find the security settings by clicking Tools/Internet Options/Security. (Firefox and other browsers generally use similar paths.) If the security is properly locked down, you should be able to see but not change the settings.

Internet Explorer uses the concept of "zones" and lets you set the security level differently depending on where you are browsing. For most of us, the most important zone is "internet". This is the general zone for all public websites and is the default used when the browser doesn’t have different instructions. This should be set as high as possible but never below "medium".

The "local intranet" zone is usually used for internal content. Since your own company developed the pages, it’s usually safer to use a slightly lower level of security as long as there is a business reason to do so. "Trusted sites" are those that you have decided are well-designed and use good security practices. Our work computers have certain trusted business partners pre-loaded in this zone. I have none in my personal computer at home.

"Restricted sites" are those that you think might not be safe and that deserve the highest level of caution. Frankly, if you’re that suspicious, you’re probably not surfing there anyway. But it can be helpful to mark those sites because it will provide an extra layer of protection if your computer is calling those domains for "hidden" content like ads and pop-ups.

Your browser also has some security settings related to JavaScript, ActiveX controls and Plug-ins. You should only allow them if you are at a trusted site. See the tip on Active Content for suggestions on those controls.

You should disable cookies except for sites that you trust that require them. Add those manually to the browser’s "allowed" list. Definitely block pop-ups but remember that it will break some websites. You can always allow the pop-ups on a case-by-case basis.

In general, always set your security for the highest level possible. Then lower the security only when a page fails to work properly and only as far as you need to or for as long as you need to. Once you’ve set the controls properly, it’s not that much work to maintain. But it is a vital part of the protection of your computer and your confidential information.

Spyware is Internet jargon for advertising-supported software. This type of software often automatically installs itself on your computer without your knowledge in order to collect your personal information and provide it to a website or advertiser. Spyware is hidden in the background and keeps track of your web browsing, what information you enter into forms and even the configuration of your hardware and software. The company receiving this information may use it directly or, more likely, will sell this information about you. Based on this information, you may begin to see incessant pop-up ads, giving the false impression that the Web page being viewed is responsible for the constant annoyances.

Spyware usually is usually hidden in or behind an application that you want to use (such as a music player). When you install the software, the spyware application also installs itself.

In addition to the annoyances of increased spam and advertising, the spyware application ties up valuable computing power and can eventually make it run slower. It can create conflicts with other software on your machine causing programs to lock up or causing your machine to crash. It can even be abused by hackers to steal your password or to take control of your computer.

If you load software from the Internet, read the license agreement carefully. Some companies actually disclose that they will install an application on to your computer and may allow you the option to "opt-out". For example, RealJukebox has the ability to track how you used the program including the number of recorded songs on the computer, the format that songs are recorded in, the user’s musical preferences, the quality level of the recordings, and the type of portable player connected to the computer.

You can use specialized software to find and disable spyware applications and to protect your computer. Two of the better-known free-ware applications are SpyBot Search and Destroy and Ad-Aware. Whatever anti-spyware solution you pick, be sure to keep it updated and run it regularly.

Be sure to read all "End User License Agreements" very carefully and make sure you understand what is actually going to be installed on your home computer.