Wednesday 11 November 2015

There's 1 born every minute

The current figure from the AV-TEST institute says that there's over 390,000 new malicious programs every day. I'd guess that this could well be correct, and that it would be the result of server-side polymorphism (explained in a previous post).

That's 270 born every minute, actually.

Scanning incoming emails simply cannot work (see my previous blog posts). Here's what you have to do instead.

1. Take a sceptical attitude. If an email claims to come from Paypal, it probably doesn't, unless you only just paid for something, and the email references what you paid. Even then, there's no reason to read it. I buy lots of stuff on Ebay, and get confirmation emails from Paypal, and I don't bother reading them.

Don't trust the from address on an email. It's as easy to forge that, as it is to put a misleading from address on a paper envelope. And the Bad People do just that.

2. If an email includes an exe file, a scr file, a com file or a zip file ... delete it. Do NOT click on the attachment.

3. If an email includes a PDF file, check that it comes from someone you were expecting to get a PDF file from before clicking on it.

4. Set up your word processor so that it doesn't run macros. In LibreOffice, that's Tools ... options ... Security ... Macro Security ... Very High. Then under the tab "Trusted sources" I have nothing. I have zero trusted sources. Likewise set up your spreadsheet.

5. If an email includes a doc or xls file, check that it comes from someone you were expecting to get a file from before clicking on it.

6. If an email includes a link for you to click on, don't click on it. It might not go to where it says it goes. If you do feel the need to visit your bank's web site, do so without clicking on a link in an email.

Even better, would be if there were software that automated all the above, and you could just install it and have your rejection of dubious emails, baked in to your computer. But I don't know of such a product.

A problem is just an opportunity seen from the wrong end. There's an opportunity here for someone.


  1. I'm on it Doc., I just cant get a reservation at Reubens just yet :)

  2. You should have said. They always have a table available for me.

  3. Just had an "invoice" with a .pxl attachment. PXL is a spreadsheet file format used by Pocket Excel. Pocket Excel is a spreadsheet program designed for mobile devices. That's a new one on me!

  4. Yes, I got that one too. It was flagged by three out of 54 scanners, and none of the three are any of the big names.