Here are some reminders for all of us as we depend on computer networks and electronic communications in more and more of our life and work, and particularly our ministry together in the Wisconsin Conference. Think of this as a "101" basics course.

These reminders come at a time when more people than ever are online and more internet users are connected via broadband services like cable or DSL, opening their computers and small networks to obnoxious, irritating and unscrupulous marketers (who are using every trick in the book to get their junk email advertising past spam filters), and to the more criminally-twisted writers of "computer viruses," worms and trojans (who are finding ways to bypass most of the safeguards we may have in place).

If you have a WisconsinUMC.org email account, or one of the church domains we host, you already have a formidable front line of defense working for you. In fact, any reputable ISP should now be offering a basic level of junk and virus filtering. We spend a significant part of every day reviewing the MailWarden logs on our email server and adjusting our filter sets which so far seem to be considerably more effective than the industry standard. Although we succeed in blocking almost all of the junk that hits our mail server (some days number in the thousands of emails per day), there is usually something that gets through to someone and every so often even to a whole group of people, and that's where your own computer/network security has to work.

Here are some simple things you can do (most of these will be most useful to Windows users, as Windows is an inherently easier operating system to target with computer worms and viruses, but the Mac and linux/unix world are not far behind). Every internet-connected computer should have the following in place. If you have a small "local area network" (LAN) then every computer and computer user on that network needs to be protected:

1. Do not double-click on email attachments to open them.

   Attachments often are the method of choice for worms and viruses to spread themselves. When you double-click on a file, you are telling it to "run." Instead, open the program the file was created in, and then open the attachment from inside that program using the "File --> Open" menu. You may just have to learn the file types, they are standard.

   For example, if someone sends you a word processor attachment called "document.doc" it is likely something created with Microsoft Word or Wordpad. If the attachment has a filename like "document.wpd" it was most likely created in WordPerfect. Every program has its own "signature" filename extension (the three letters after the dot).

   • "xls" documents are Excel spreadsheets.
   • "txt" documents are plain ascii text files.
   • "rtf" documents are pretty interesting in that they are "universal" formatted-text documents that work in any word processor.
   • "pdf" files open in Adobe Acrobat Reader.

   It is very convenient to simply double-click on the attachment, which engages Window's "file association" mechanism and automatically opens the document in whatever program is associated with that file type. It is a convenience factor that virus writers depend on. If you get an attachment like "document.pif" or "document.scr" or even the notorious "message.zip" or "your_information.exe" and you double-click on it, you most likely just ran some pretty destructive virus code.

2. Do not sign up for (i.e., submit your email address to) online marketing surveys, free products or other offers, or (need it be said?) online gambling services or pornography websites, unless you are using a "throw-away" yahoo.com or hotmail.com email address and don't mind the flood of junk that will soon be hitting your inbox (we routinely block anything coming from known junk emailers, without asking, even if you have signed yourself up for the stuff, just to keep the load off our mail server).

   There seems to be in increase in the number of legitimate places who have been selling their address lists to less-scrupulous marketers (financial services/newsletters in particular). Have you gotten email from "getanewmortgage.com" or "mortgageratesareontherise.com" or "offersonthenet.com" lately? Or the most recent email from "munged" domains like "brightdans.us" or "brightbernies.us" or "dazzlingjefferies.us"? Or how about all those discount online pharmacies that will solve all your weight, aging or sexual problems and make you live forever? Would you believe they are almost all coming from the same group of U.S. citizen spam gangs, operating off-shore out of a block of Asia-Pacific ip addresses whose owners have been charged and convicted of fraud and other criminal activity? They are now using rotating throw-away dial-up access accounts to spew this stuff out because they are almost impossible to trace and block.

   If you are getting unwanted junk email and want it filtered, forward the entire note, including the entire extended header, to email-abuse@Wisconsinumc.org.

3. Do not install "spy-ware" programs.

   Of course no one would do this knowingly, we are tricked into doing it. We install Hotbar because it gives us a nifty formatting toolbar and email backgrounds. We install Comet Cursor because it gives us cool little mouse pointers. We didn't know they (and a hundred other programs like them) also keep track of every web site we visit, every email address we send to, and forward that information to some of the finest spamhauses and sleazy internet marketing gangs in the world.

4. Install and use anti-virus software. We use (and recommend) Symantec Anti-virus Corporate Edition. Symantec also markets a consumer version of their software as Norton AntiVirus. Another major name in anti-virus software is McAfee. Pick one. Buy it. Install it. Run the "virus definition" updates at least weekly (or better yet, configure the program to check for virus definitions automatically). Set the program up to do what is called "auto-protect" or "real-time file checking" (this is usually the default).

5. If you are connected to the internet via cable or DSL (or other broadband), purchase and install a hardware firewall router.

   A firewall router stands between your computer and the rest of the world (which now has access to your machine because broadband connections are fast and always on) and keeps them out. One look at the weekly log from a properly-configured would convince you, because you would see hundreds of logged attempts to break into your computer or computer network. D-Link, Linksys and Netgear all make reasonably-priced firewall routers. A simple "broadband router" is not enough, it must be a firewall router. My own preference is for the Netgear FVS318, under $120.

   If you use a dial-up account, install a software firewall such as ZoneAlarm Free, ZoneAlarm Plus or ZoneAlarm Pro (www.zonelabs.com), Symantec's "Norton Internet Security" (www.symantec.com), Black Ice's product called "Black Ice PC Protection" (www.iss.net), are all excellent. And do not buy your Norton products from one of the spam emails advertising "Norton Blowout Sale." Get your software from reputable sources like PC Connection (recommended: www.pcconnection.com), Comp USA, Office Max, Office Depot, Staples, or even Amazon.

6. Download, install, update, and then use "Spybot." It's free. You can find it at http://security.kolla.de/. You may be shocked to see what all it finds on your computer.

And yes, the email note you received from "Barrister Whoever" whose father was a martyred general in some rebel army (or whose mother died of some horrible disease leaving a huge amount of money made in oil can futures) is a scam, and was not "confidential" like it said because it probably went out to a few million people in the world. And no, they will not really deposit $45 million dollars in your bank account. Really. Trust me on this one.

Further information that may be of interest:

• abuse.net: http://spam.abuse.net/
• Best Practices for Eliminating Spam: www.bestprac.org/
• SamSpade: www.samspade.org/
• SANS Internet Storm Center: http://isc.incidents.org/
• Symantec Security Response center: http://securityresponse.symantec.com/
• Carnegie Mellon CERT Coordination Center: www.cert.org/
• U.S. Dept. of Energy Computer Information Advisory Capability: www.ciac.org/ciac/