13 Aug 2021

Dealing With Spam And Scams By Ignoring Them

It was bad enough when we had to deal with just plain old spam, but junk email that just tried to sell us products or services seems so innocent compared to the dreck that comes in these days.

Now we have to deal with phony messages from banks (some of which look quite realistic) or with equally realistic-looking messages from Amazon, Ebay, every delivery service under the sun, airlines, and even scammers trying to impersonate government agencies.

If you have access to the server that receives your messages, there may be options to reduce the clutter. If not, there's an application that offers protection. I've used MailWasher Pro for nearly a decade because it gives me a way to delete spam before my email application downloads it. There are two versions of the program: The free version can access only a single mail account and does not contain a Bayesian learning filter. The Pro version can access multiple accounts, enables a learning feature, and has additional capabilities.

 Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

I like this approach because I can quickly review a list of all messages on the server and decide whether to let the email application retrieve them. I subscribe to several newspapers and other news organizations that send email updates. I've whitelisted their domains, but it's rare for me to want to read the email update so I can mark the messages for deletion without ever seeing them. Every afternoon I also receive a dozen or so messages from GoodSync to confirm that daily local backups have run. Each message should look like this: "The result of 'xxxx-xxx' is '' (if blank, no errors.)" If there's no error, I don't need to download or see the message.

MailWasher Pro also marks for deletion messages from any sender or domain that I've blacklisted, from dodgy sites known to blacklist organizations, and those that it considers to be spam based on analysis of the message.

Spending just a few moments reviewing messages on the server lets me trim the number of messages to be downloaded from dozens to just a few — and sometimes to none.

One of MailWasher Pro's most impressive features is its ability to rate messages based on numerous conditions. These can be plain-text rules or, for those who are willing to spend a bit of time to learn about regular expressions, they can be complex and powerful rules.

When MailWasher Pro washes your email, it "deletes" spam — but not really. Deleted messages remain available for a while so that you can recover a message if it's one that you want to see. To do this, open MailWasher's recycle bin tab to display deleted messages and use the search window to find the message you want to keep. Click the deleted message you want to restore and then click the Restore button. The message will be returned to your inbox and made available to your email application.

Any number of email accounts can be checked in the pro version. I have set up 5 accounts. You can specify whitelists (messages will be considered good regardless of content) and blacklists (messages will always be considered spam).

Top-Level Domains To Avoid

One of my filters marks for deletion any message received from one of several top-level domains (TLD). Top-level domains include "com", "org", and "gov". In recent years, a small boatload of new TLDs have been established and many of them seem to have attracted spammers and scammers.

One of my filters has three lines to catch messages from these TLDs:

• \.accountant|\.bid|\.buzz|\.click|\.club|\.country|\.cyou|\.date|\.download|\.gdn|\.guru
• \.jetzt|\.icu|\.kim|\.loan|\.men|\.mom|\.monster|\.party|\.pro|\.racing|\.ren|\.review
• \.site|\.stream|\.top|\.trade|\.vip|\.wang|\.win|\.work|\.xin|\.xyz

A period (.) in a regular expression means "any character", so a literal period needs to be "escaped" with the backslash character. The vertical bar (|) separates individual components that will be matched. The two most common sources of spam sent to me are "icu" and "xyz". I have never received a valid message from any sender using either of those TLDs. I've not received any messages from most of those TLDs, so I consider them to be suspect until they prove otherwise. MailWasher will mark messages from each of these domains as spam, but I'll have the opportunity to review the subject line and, if needed, the text of the message before downloading it.

Several anti-spam resources provide lists of the most questionable TLDs, including SpamHaus, PCWorld, and KrebsOnSecurity.

Managing Spam On The Server

Those who receive mail through their own domain (such as techbyter.com) and have access either to the server's control panel or secure shell have additional options.

The most common control panel for servers is CPanel. The exact configuration varies from between hosting services, but the CPanel's email section will probably have an item labeled Filters or SpamAssassin. Enabling SpamAssassin allows the server to mark new email messages with a calculated spam score, and when that score meets or exceeds the spam threshold score, the message will be marked as spam and placed in a separate spam folder for you to review. You can also have the server automatically delete messages that have been identified as spam.

The default spam rating is 7, and it's possible to modify the rating system. The more useful areas for many are the whitelist and blacklist sections. Addresses added to the whitelist section will never be marked as spam and addresses added to the blacklist will always be marked as spam.

Users can modify the whitelist and blacklist sections either with the web interface or, for those who have secure shell (SSH) access to the server by directly editing user_prefs which will be found in the .spamassassin subdirectory of the user's home directory (~). Adding an individual item to the whitelist or blacklist is usually faster with the web interface, but secure shell access that allows direct editing of the user_prefs file is faster when adding multiple items to either list.

SpamAssassin is from Apache and the full documentation is on the website.

Even though I have full access to the server, I prefer to have MailWasher examine mail. My primary reason for this is that SpamAssassin will either place suspected spams in a special location that I would need to check or automatically delete messages deemed to be spam. Placing suspected spams in a separate location is cumbersome and automatic deletions are dangerous. A simple mistake in a listing or a filter could accidentally delete an important message.

We'll probably never rid ourselves of spam, but MailWasher can reduce the annoyances.

 Keep the mailbox clean with MailWasher

MailWasher is free, but has limitations. The pro version costs $50 per year (commonly discounted to $38) and can be installed on three computers. Users of the pro version also receive quick and competent support when they need it.
Additional details are available on the FireTrust website.
The cat rating scale ranges from 0 cats (worst) to 5 cats (best).

Short Circuits

You Can't Detect Malware That Isn't There

Criminals have found a new way to make everyone's online life just a bit harder. Now they can deliver malware in a way that makes it invisible to protective applications.

When your computer connects to a malicious website, the computer's antivirus application analyzes what's being sent to the computer. At the enterprise level, most organizations have applications that analyze inbound and outbound traffic to identify malware, but what if the malware isn't there? That's exactly the challenge that's being thrown at us now.

 Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

Image provided by CERN >>>

Websites are far more complex than they were in the early days of the web. At first, websites were all text. No graphics. No fancy typefaces. No interactive features. By today's standards, it was really boring. But it was safe.

Modern websites send a lot more to your computer than just basic text, and HTML5 is a lot more capable than the original HTML developed by Tim Berners-Lee in 1989 at CERN, the European Organization for Nuclear Research. Visit a website now and you'll receive complex HTML code that can be manipulated by the browser, Javascript code that will be interpreted by the browser, and a variety of graphics files.

When malware is hidden, applications that analyze the code conclude that there's nothing to see. Nothing to be concerned about. Just move along, folks — nothing to see here!

Image provided by Menlo Labs >>>

But Cybersecurity company Menlo Labs says malware can be smuggled onto your computer in pieces that appear to be harmless, and then assembled on the computer to stage an attack. The HTML5 download attribute can pull down a seemingly legitimate file along with a group of Javascript components, each of which appears non-threatening.

Menlo Labs says that the browser became the place where work happens starting in 2020 when companies told employees to work from home to avoid the covid pandemic. But that only worsened an already hazardous situation. The Menlo Labs report says "business users reported spending 75% of their workday either working in a web browser or attending virtual meetings” even before the pandemic.

HTML smuggling delivers malware by effectively bypassing various network security solutions, including sandboxes, legacy proxies, and firewalls. The malware is delivered to and assembled on the weakest part of even well-defended business systems because no solutions exist to block malware that it can't see.

Visit the Menlo Security website to read the full report.

A New Windows Power Toys App Hints At New Features

The Microsoft PowerToys app has been around since Windows 95. Starting with Vista, there were no changes for more than a decade, but a new iteration adds useful features that may eventually be incorporated into Windows.

PowerToys for Windows 95 offered 15 tools for power users. These included TweakUI that allowed users to modify settings that were otherwise only accessible by directly modifying Windows Registry. There were other tools that opened Cabinet files (installer files used by Microsoft) like standard files, added "Command Prompt Here" to context menus in the Windows Explorer, allowed users to play audio CDs from the Taskbar.

 Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

PowerToys wasn't updated for Vista, and remained dormant for a dozen years until it was dusted off, updated, and released for Windows 10 users. It's definitely not your father's PowerToys, to paraphrase an automobile commercial that you might be old enough to remember. If not, it's unimportant. But here's the reference anyway: Not Your Father's Oldsmobile. Even the article about the ancient ad is from 13 years ago.

The latest version omits most of the functions that were included in the Windows 95 version, either because they've been incorporated into the operating system or are no longer needed. An option allows PowerToys version 0.43 to start when Windows starts. This is important because many of the features are available only when the app is running.

What's included:

• Awake is handy when you're running an application that needs no input from you, a backup job is a good example of this. The computer can go to sleep or hibernate if it receives no user input and that's a problem for backup jobs. Enabling Awake mode ensures that the computer will not doze off at an inopportune time.
• Color Picker adds a tool for identifying colors and providing their HEX and RGB values. There are plenty of free tools that perform this function, but having it built in to PowerToys means it's always handy.
• FancyZones adds a window manager and a series of templates so that users can create complex arrangements on the screen. Users can also create their own custom layouts. Microsoft offers detailed documentation for using FancyZones.
• File Explorer SVG Preview adds support for scalable vector graphic images to the File Explorer. SVG files are still less common than JPEG files, but they are being used more frequently because all browsers support the format, they are relatively small, and they are scalable. It also allows previewing Markdown files that are used by software developers.
• Image Resizer adds a context menu to File Explorer for quick and easy resizing of images. Instead of overwriting the images, the resizer automatically adds size information to the name and saves it to the same location by default.
• Keyboard Manager fixes a longstanding frustration for those who want to modify how the keyboard reacts to certain key presses. Until now, these changes had to be made with tedious Registry edits. Keyboard Manager doesn't modify the Registry. Instead it acts as an interpreter. This is a feature that few people will use, but it's one that those who do need it will appreciate greatly.
• PowerRename is far less powerful than my preferred file renamer, Bulk Rename Utility, but it has a simple and easy to understand interface. It even offers support for regular expressions, so it may be adequate for advanced users.
• PowerToys Run is a quick-launch utility that will remind Mac users of Spotlight in MacOS. It can be used to find folders, files, and applications.
• Shortcut Guide adds a full screen overlay that displays Windows key shortcuts. The default used to show this screen is the Windows key, shift, and the forward slash. (Shown above.)

If you'd like to give the new PowerToys a try, the version 0.41.4 can be downloaded from Microsoft's Github account. This app is essentialy in beta currently, so new versions are released frequently and you will encounter bugs.

Spare Parts

Windows 11 Release Date: October?

Microsoft will want computers that run Windows 11 to be in stores early enough for holiday shoppers, and Bleeping Computer has found evidence that the release date will be in October. That may seem like the company is cutting rather close, but it's not.

The "official" release date is still "the second half of 2021" and that could be as late as 31 December. Second-half updates have generally been released in October, but the 2019 update slipped to November. But even a major feature update of Windows 10 rarely garnered a lot of attention. With Microsoft's decision to rename the new version Windows 11, the pressure will be on to roll it out on time.

Microsoft provides new versions to manufacturers well before the release date so that computers with the new operating system can be purchased on the officials release date. An October release date would be better, but November would be OK presuming the release-to-manufacturing copies are provided to computer manufacturers in October.

For more insights, see the Bleeping Computer article.

How To Find Your Windows Product Key

I needed my Windows Product key the other day. The usual recommendations are to find the disc that came with your computer because the key will be printed on the packaging, but how many computers come with discs these days? Indeed, how many computers even have built-in disc readers? There must be a better way.

 Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

Many computers have Microsoft labels on the back or bottom that show the 25-character alphanumeric code. That may entail turning the computer off and turning it around (desktop systems) or turning it over (notebooks). Then you have to carefully copy the long code, making sure not to mix up zeros and letter O's, fives and letter S's, and ones and letter L's. And if you have a tablet computer, there's probably no label anywhere.

It's really not hard to find the key, and there are three easy options.

• You can open the Registry Editor and navigate to:
  Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
  You'll find the key's value in BackupProductKeyDefault.
• If the Registry makes you nervous, open PowerShell as Administrator and type:
  powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey"
  The key will be listed.
• Maybe you don't like long PowerShell commands. That's OK, too. Open Command as Administrator and type:
  wmic path softwareLicensingService get OA3xOriginalProductKey
  And the key will be listed there.

Using any of these three options, you can copy and paste the key without concern about typos.

Twenty Years Ago: Ricochet Ran Out Of Bounces

Metricom was in the process of terminating its Ricochet wireless data service. The company had already filed for Chapter 11 bankruptcy. Ricochet was the first company to offer high-speed data transmission without wires. It had expanded to about a dozen cities and attracted more than 50 thousand subscribers.

The service wasn't moving fast enough, though, and couldn't gain enough subscribers to survive.

Metricom auctioned its assets — including its network and licenses and dumped 280 employees with one week's severance pay. A few employees were retained through the end of October to assist with the shutdown.