|
Email service on pangea ends on Nov 1, 2007.
Information on this page is only valid until that date, for accounts
that have not yet switched to another service.
|
|
Action items: |
One of the serious problems with reading your email on a Windows PC computer with a program such as Eudora Pro or Outlook is that your computer can become infected with an email "virus" program. This is also possible, but less likely, when using a Webmail program.
Email viruses are small programs that hide in attachments to email. If you open the attachment, the virus will then run on your computer and install itself. Sometimes there is a bug in the email program that allows the virus to install itself even if you don't open the attachment! Once installed, the virus program will cause all kinds of mischief.
First, the virus will typically try to propagate itself by using your computer to send more copies of itself to every email address it finds on your system. Email viruses generally use a false return address so you cannot tell where they originated.
Second, most viruses also install a "backdoor" program to let a hacker take control of your computer and use it to attack other computers. In some cases, they may also delete or corrupt files on your computer.
A third common virus activity is to turn your PC into an email relay for "spam" (junk email), so complaints about the spam will go to you, not the spammer!
So far, email viruses have been a problem only on personal computers that run some version of Microsoft Windows, and particularly on those that use Microsoft's Outlook or Outlook Express email programs.
The design and configuration of Unix on pangea prevents email viruses from running if you login directly to pangea and run pine to read your email. So far, there have been no email viruses designed for the Macintosh operating system. However, this could change, so the precautions below are also recommended for Macintosh users.
Email viruses spread by two basic methods:
- The mail message tries to trick you into opening the attachment containing the virus (thus running it) by, for example, pretending to be some document or photo that would be of interest to you.
- The virus writer exploits a vulnerability in the mail reader program or operating system so that his virus program will run when the email is downloaded to your computer, without requiring any action on your part.
The second method is far more dangerous, but also less common.
Install and use anti-virus software
Many email servers, including pangea and the Stanford University central servers, implement virus checking on the server. Known email viruses are removed from mail that passes through the server, so they never reach your computer.
You should also install and use anti-virus software directly on your PC, particularly if you connect to multiple email servers, some of which may not implement virus checking. Such anti-virus software will also offer protection against known malicious programs that spread by methods other than email, such as "internet worms".
Stanford site-licenses the Symantec AntiVirus program (formerly called Norton AntiVirus). Get and install it from the Essential Stanford Software web site. Configure its LiveUpdate feature to check for new virus definitions daily (follow directions on the ESS site).
A properly configured anti-virus program, whether on the server or your PC, will intercept and deactivate any known email virus that is contained in the email you receive. New email viruses seem to be released every day, and they can spread for hours or days before the anti-virus companies learn how to recognize them and update their software to find and remove them. You could be infected by a new virus before your anti-virus program is able to recognize it.
Don't open unexpected attachments
The second line of defense is simple: Don't open unexpected email attachments. The main way email viruses spread is by tricking you into opening the attachment containing the virus.
Please resist the urge to open the latest "funny photo" that appears to be from your friend, or the unexpected "spreadsheet" that is supposedly sent for your comments. Check with the supposed sender first that these are legitimate.
Remember that email viruses falsify the return address so a virus file sent from one computer could appear to be from someone else on another computer.
Do not use Outlook and Outlook Express; they are particularly vulnerable to viruses
Windows PC users often use the Microsoft Outlook or Outlook Express program that comes with their new PC.
Microsoft has programmed Outlook and Outlook Express to be tightly integrated with the Windows operating system and other Microsoft applications (such as Internet Explorer), so they can offer more "features". But this also makes these email programs prime targets for hackers who create email viruses that exploit these connections into the operating system. Almost all email viruses work primarily with Outlook or Outlook Express and are ineffective, or at least less dangerous, if you use Eudora Pro, which has been site-licensed for use at Stanford.
For more information on the security risks posed by Microsoft's policy of tight application integration, see this recent article published by the Computer and Communications Industry Association, and read this note containing examples of the destructiveness of Outlook email viruses.
If, in spite of the dangers posed by email viruses, you do decide to use Outlook or Outlook Express as your email program, you must regularly visit the Microsoft Windows Update web site and download and install new security patches for Outlook as they are made available, and you must install and regularly update anti-virus software, such as the Symantec AntiVirus program that is licensed and distributed for campus use. Although you will still be vulnerable to the "next bug" discovered by an enterprising hacker, you at least will be protected against the known bugs. See the note on Windows PC Security for more information on securing your PC against email viruses and other hacker attacks.
