I need to make a recommendation about the Microsoft security downloads again. As I have noted in this series, it is a good thing to keep the Microsoft OS update capability turned on automatic. The Windows XP Service Pack 2 (SP2) is now available for downloading. Make that download as soon as possible after hearing about other’s successes in getting it up and running. The Windows XP Service Pack 2 firewall is set “on” by default now. It may be a good thing to leave it on. This might keep some of the blended threats out. One bit of experience with the nearly one-hour SP2 download and installation. It killed the Internet Explorer 6.0 SP1 portion of my XP Pro OS. And, the Microsoft Firewall that was turned on cannot be accessed. Good ole Microsoft, getting it right! I will let everyone know the outcome in my December 2004 column.

This series has had as part of its thread, a general statement on the state of threats and what is being said in the industry. As we have noted, each of us with broadband connectivity and a late model high performance computer can be a target for hackers and spammers. Identity and information gathering are also high on the list of unauthorized computer intrusion that can be a bother or damaging event to computer users.

There are good hackers and bad hackers. The good hackers tend to show attitudes “that there is a world of problems to be solved, no one should have to solve a problem twice, that boredom and drudgery are evil, freedom is good, and that attitude is no substitute for competence.” These traits are good as long as that effort and energy is directed at solving computer problems that benefit the rest of us. Those attitudes can also be turned to the dark side and be directed at injuring the rest of us through computer intrusion. This dark side is what this series is all about.

Spammers are equally as bad as the dark side hackers. Spam e-mail is the snail mail equivalent of mass advertising mailings. Spam is easy to do and can be done from any location with Internet connectivity. All that is needed is the e-mail address of potential recipients and a good computer to compile the solicitation material on. The spammers and anti-spam vendors have had to play a continuous game of catch me if you can. The spammers have gone from tricking the key-word recognition anti-spam solutions to very sophisticated HTML features in their e-mail to foil spam filters.

 Identity theft falls into this category. In the past, we have been a trusting sort of country with the vital information about our personal lives. Our social security numbers, driver’s license, addresses, medical information, credit card numbers and other codes, numbers, and facts have always been fairly open to everyone. We hand over our credit cards to clerks or waiters who may take them out of our sight for processing and fill out on-line or warranty cards without really considering where the information goes or who is receiving it or how it is being used. There is no real utility program that will protect against the on-line vulnerability concerning the use of our vital information. The large credit and bank entities get hacked and have vital data stolen. An individual’s best bet is to be really suspicious of every on-line transaction and trust no one. This suspicious attitude should also be carried over at the local restaurant and credit card transaction purchase as well. Identity theft should be another future column on its own (I have written about this before).

Unsolicited information gathering through the use of Spyware applications is also a major problem in securing one’s computer from intrusion. On-line information gathering can be really intrusive to one’s Internet browsing. These programs can track your on-line behavior and provide unauthorized access to your computer. Spyware utility applications, there may be in excess of 78,000, track on-line browsing habits (provide pin-point marketing data), insert ads (unwanted pop-ups), log key-strokes (passwords and credit card numbers), and insert Trojan horses to give hackers access to your computer. These can be delivered by e-mail or from hidden code in browsed websites. CoolWebSerch can be defeated by CWShredder. Again, this is the subject of a whole future column.

Filters and Blocks
Within the Outlook 2003 versions, there are fairly good and extensive filter and block capabilities to help cut down on the unwanted e-mail (spam). In general, rules are sets of instructions that can be created to tell Outlook how to handle certain types of messages. We looked at the Junk E-mail Filter in the last column and covered the key-stroke settings that are used to filter unwanted spam e-mail to a specific folder, which in my settings is the Junk E-Mail Folder in my Outlook tree. Junk E-Mail is one of the preset sub-folders. It is reached by clicking on the <Actions> pull-down menu, select <Junk E-mail>, then select <Junk E-mail Options> which opens a window with four tabs, <Options>, <Safe Senders List>, <Safe Recipients List>, and <Blocked Senders List>. Review that last column for the settings key-strokes.

Rules, the command strings needed to set up filtering and blocks, are also called Filters and can be used to screen out unwanted e-mail. The rules can be set-up for both incoming and outgoing e-mail. The rules automate how specific e-mail is handled so that the e-mail can be directed into specific folders without any action on your part.

Outlook provides a Wizard to easily go through the set-up process. This Wizard, the Rules Wizard, guides the set-up process so that creating or modifying rules is straightforward. It is reached from the Tools pull-down menu, <Tools> <Rules and Alerts>. The Rules Wizard window entitled <Rules and Alerts> is a dialog box window. It has two blank panel boxes and two blacked pull down selections, <New Rule> and <Options>. Clicking on the <New Rule> pull down menu to start the Wizard can create a new rule. New rules can be made from scratch or by using several ready-made templates. There are some ready-made templates that further simplify this process. By selecting one of the templates in panel one (the top panel), predefined properties of the rule are placed in effect. These properties can be modified as you need to customize the rule. To manually develop a rule, each of the properties must be selected individually. This was the technique used in rules development in prior versions of Outlook. Click <Next> at the bottom to continue.

Now a list of conditions that must be met are displayed for checking off from the series of <Check Boxes> to make the rule properties work the way you want. Remember that each condition must be met in the incoming or outgoing e-mail to cause the rule to work. The bottom panel in the beginning and <Next> windows are modifiers for the rule. They specify the e-mail <from individual or distribution list> that must be recognized by the rule for it to work. The more conditions are applied, the less likely any e-mail will meet the full set of conditions. The next step is to click each of the underlined items in the Rule description list box (the bottom panel), and fill in each of the requirements asked for. All of the underlined and any new ones opened need to be filled in for the rule to work. Click the Wizard <Next> to go to the next level.

 Enter a descriptive name for the new rule in the <Specify> box. The name entered should really identify the rule, especially if you intend on developing several rules. The <Check Boxes> on this window provide for testing the rule on existing e-mail and turning the new rule on. If there are multiple accounts, a <Create> this rule option will turn it on each account you specify. Click <Finish> when the rule is complete and click <OK> to close the Rules Wizard dialog box.

The Rule processing order may get complicated if there are more than one rule to be applied to each e-mail. Outlook applies starting at the top of the list of rules as they appear in the Rules Wizard dialog box. Change this order by using the <Move Up> and <Move Down> buttons in the Rules and Alerts dialog box. Each of the applied rules must be adjusted in the order of operation to insure that any given e-mail will be treated the way you want it to be.

Most of the time, the Rules and Alerts dialog will run automatically. There is a method of running them manually if necessary. Run the Rules and Alerts dialog box and choose <Run Rules Now> to open the Run Rules Now dialog box. Place a check by each rule to be run and then click <Browse> to select the folder in which to run the rules. Choose the <Include Subfolders> option to run the rules on specific subfolders. Select the <Apply Rules To> drop-sown list the types of e-mail that apply. Click <Close> when finished.

The Rules and Alerts dialog box is used to copy or modify any of the contained rules. At some point, the rules may have to be changed or modified. There may be an occasion where your rules may have to be copied to another computer or network. The change a rule, select the rule to be modified and then click <Change Rule> to display a menu of actions that can change the rule.

The Rules and Alerts dialog box is also used to copy rules between locations. Open the Rules and Alerts dialog box select the rules to be copied and click <Copy> in the toolbar to open another dialog box to select the target computer from a drop-down list. Select the computer and click <OK>.

Rules may be imported, exported, and backed up. Outlook 2003 stores the rules in the PST file if it is used as the message store, or stores them in the Exchange Server mailbox if Exchange is being used. From the Rules and Alerts dialog box, open the <Options> dialog box. Click <Export Rules> to open the <Save Exported Rules As> dialog box. Enter a filename, choose a path, and click <Save>. The file is saved with a .RWZ file extension.

Other Rules and Alerts that can be executed include the Out of the Office Assistant. This rule works with Exchange and provides a means of responding to e-mail when you are out of the office. It also has a Wizard to set up the rules as you want them. I will not get into them in this security discussion.

Conclusions
Again, we have covered other security settings in the W2K/XP OS and Outlook 2003. I recommend that everyone go back to the last column and review the Filtering Junk and Adult content mail coverage. This is really important to managing spam. In fact, I use it to manage all my spam.