By Lily Casura

I recently read an article on CNN’s website called “It’s a Bacterial World!” The article quoted a prominent microbiologist who said people are only dimly aware of the vast numbers of bacteria that populate every surface of the world. He seemed to imply that, if we knew, we’d give bacteria more respect and also practice better health practices ourselves. All true -- but the point for us today is that, while the physical world may be highly bacterial, the online world is highly viral.

Just as a point of reference, I’ve been using computers daily since 1984, and have been online since 1993, the year before Amazon.com was launched. While I don’t know it all--and nobody does--I certainly feel that I know “enough,” even from experience, to be relatively safe on the Internet.

Yet a few months ago I experienced enough Internet-based attacks--with their attendant huge amounts of frustration, lost ability to work, etc.--to make even me, a confirmed and enthusiastic techno-phile, feel that the “fun” is being taken out of an otherwise fully worthy experience.

And if I feel that way, I can hardly imagine how people who are just getting online -- or demographic groups like the children and the elderly, who are less well-equipped to handle the hazards-- would feel about it. I’ve already told my husband, neither childish nor elderly, but nevertheless not computer-literate, that, now’s not the most auspicious time to be trying to get online for the first time. Having seen what I’ve gone through, he is more than happy to agree.

Spyware
The last and worst of the occurrences happened when I was away from my home office, with the computer on and the Internet browser open, and yet within earshot of what was happening. As I sat on a couch in the next room, I heard a strange metallic ping coming from my computer. It was a familiar computer sound, but really out of context, since I wasn’t at the computer -- so I went to look. What I saw on the monitor was a little notice saying, “the applications you have requested are now being installed,” or words to that effect, followed by something about “wait--we are now choosing your skin.”

What followed from that moment was about two business days’ worth of total frustration and infuriating irritation, of a kind that only a computer can provide. Essentially, from what I can reconstruct, I had my Internet browser open to two different websites, one something basic, the other a “blog” (or weblog). I think now that the blog had some malicious code on the page that was able to start the process on my computer. The end result was that my browser was reset to some non-preferred, cheesy search engine--”Incredifind!”--which was really just a mask for selling things--and it was virtually impossible to reset. “Browser hijacking” is not uncommon, but usually there’s a pretty simple way around this--you just go to “control panel,” into “Internet options,” and reset the “home page.”

This episode, though, was something more. Six or eight unwanted applications had been installed on my hard drive--and wouldn’t let themselves be uninstalled. The “spyware,” as it’s called, sometimes known as “adware,” had not just hijacked my browser, it was literally tracking everything I did on the computer. In order to do this, it slowed the processing speed down to almost nonexistent, and quickly made web browsing so sluggish that it wasn’t worth it. Then it crashed my ability to get on the Internet at all. So for a number of hours I couldn’t use the Web or get my email, which was totally frustrating.

It also shows how poorly built this adware is, because, if the point is to force you to buy what they’re showing you as choices, it hardly helps if they slow down or shut off your ability to be online.

At that point I found I had another “fun” thing to contend with--the super-duper Internet security I was using, in a trial version, which let this through-- could only be contacted for its “free technical support!” ONLINE. The company, which later turned out to be Spanish, has an enormous presence, and is preferred by several U.S. government agencies, etc., but, has a single technical support line, non-toll-free, somewhere in California, and the line rang busy for two days until I stopped trying. The email I finally sent, once access was restored (no thanks to them) has still yet to be returned, despite the promised 24 hour access. Needless to say, I was less than impressed.

The spyware’s “manufacturer,” who I traced down before my Internet access was shut off, claims that it “never” allows its software to be installed without the user’s permission, but of course this is bogus, since I was the only one around at the time when I heard my computer self-installing their stuff.

When it comes time to sue outfits like this, I will be happy to join the class action. As one technology company owner I know said recently, it’s time to make an exception for the people who write this stuff, and bring back “cruel and unusual punishment.” I couldn’t agree more.

Spam
Anyone online for more than a moment has already been a victim. How you choose to cope with it is up to you. Some people actually respond to this stuff --the ads for gonad enhancements and Nigerian investment scams--so P.T. Barnum was apparently right. In fact, there’s even a small cottage industry of “spamming the spammers”--people who contact the Nigerian investment scammers and play along that they’re completely serious, ask to meet with them in person, take their photos, and post those on the Internet. My opinion? Funny retribution, but too much work.

If you want to just cut back on spam, there are several things you can do. Practice good email hygiene--don’t give out your address regularly, have several addresses that you use for different purposes, don’t post to a list or leave your email address in any public place on the web where it can be “harvested” by spammers, etc.

You can also install anti-spam software--our illustrious Bar Bulletin editor and I both use Spamnet by Cloudmark, a pay per month service that seems to cut back on spam somewhat. The latest version of Microsoft Outlook, 2003, that I have recently migrated to, is also supposed to be quite helpful in this regard--and apparently a better investment than upgrading to the rest of Office 2003. Brightmail is also recommended by users.

One technology company I know even pays another company to literally get their email first and go through and clean it, so whatever they get is free from spam, etc (www.mi8.com). This seems like a lot of work and expense to have to go through as well, but it also seems like a great business idea--given how frustrating this trajectory is becoming. A few years ago, one in 13 emails was spam-- today it’s 85 percent of all emails, and continuing to grow. Again, it will be nice and satisfying to see what legal remedies can be had against spammers--in the meantime, protect yourself.

Spoofing
Worse than spamming, to my mind, is spoofing -- something else that’s been happening to me a lot lately, just over the last few months. I have a number of different websites, some of which are just up there, doing nothing, some of which actually have a purpose and are being used. There’s a contact email listed on each one of them.

What I’ve seen recently is each of those contact email addresses for me being “spoofed,” which means that a spammer, or a virus writer, somehow gets a hold of the email address (harvested from the web) and then starts sending spam, or much worse and more frequently, viruses and worms -- as though they’re from YOUR email account.

All that’s happened is that your email address has been harvested, and spoofed as the sender on their malicious stuff. But again, this is an enormous pain to go through, and there’s a good chance that some people, especially those new or even medium -- new to the Internet, don’t understand the process and really believe you’re sending them the Sasser worm.

Again, ability to prosecute would be nice. I’ve been spoofed on three separate email addresses recently, and have deleted dozens apiece of respondent emails that have “bounced” to others’ email addresses and come back to me with the worm or the virus intact--even though my computer is virus free.

What you can do to prevent spoofing is only what you can do to prevent spamming, above. The hardship is if you need to have your email address on the Web, period -- it’s an unavoidable risk. If you don’t need to list an email contact address, better not to; or better to fake how it’s written to make it harder for email harvesting software to pick it up. (An example would be: hapless AT technology DOT com is harder to harvest, currently, than hapless@technology.com).

All in all, experiences like this, in addition to the ordinary ones--opening an email with a virus in it, which happens all the time--are beginning to frustrate heavy users enough to want to find another way, even if that’s just wishful thinking.

And Bill Gates’ solution--interesting that he weighs in on this, given the number of critical security flaws in his products--is that we start paying a fee to send email, with the idea that if it became expensive enough for spammers to do this, perhaps the practice would die off. Either that, or it would just get that much more expensive to be online--which it already is becoming, at least in turns of frustration when things go wrong.

Internet Use: Right or Privilege?
What these examples may indicate as well is a trend towards considering whether Internet use is really a right or a privilege. Increasingly, more and more of IT support time is going to be spent installing patches, and cleaning up Internet-related disasters that happen to users--attorneys and staff alike.

As a solo business owner, I can vouch for my own Internet practices, yet understand that even with the best precautions, a large amount of productive time can otherwise be spent dealing with the problems that still come up. I’ve also seen problems at firms, though, where through bad or inefficient practices, worms and viruses are still on hard drives, or users are opening up personal emails (business emails as well) and activating viruses that shut down a whole firm’s system.

At the very least, I’d suggest people segregate business emails and personal through two different accounts, and create a set of standards for both. It may become like the concept of getting a bill from the search and rescue team after an ill-advised hike into dangerous territory --if you’re determined to use email for personal and business purposes, are you prepared to take the precautions you need to, or to foot the bill for repairing the damage that gets caused by unwise practices? I remember reading in a legal trends magazine years ago that some firms were considering restricting email access, or thinking of it as a privilege, not as a right--but I’m not sure what came of this.

The higher the bill becomes for fixing the problem, and the greater the frustration that ensues from undergoing these assaults, the more this will have to be considered, as much as we might not like to think about it. Now that we’ve gotten addicted to how user-friendly, helpful and instantly accessible the Internet can be, we’re unfortunately seeing more and more of its other side--how frustrating it can be when it harms you and the productivity you’ve come to expect. And that’s from someone who used to only love and enjoy it. n