advertisement
I get quite a few questions from readers about computer issues and it made me realize that either I don't know anything [quite possible] or the answers are not as straightforward as they seem. So rather than try to answer the questions myself I have farmed them out to a panel of tech experts, who, obligingly, have provided answers confirming both counts: The answers are not straightforward, and yes, I don't know anything. Here's a selection of questions, collated from your e-mails, and answers. Fuller answers can be found on my blog [
http://loosewire.blogspot.com].
HOW CAN SOMEONE SEND SPAM WITH MY E-MAIL ADDRESS AND NAME IN THE "FROM" FIELD?
This is a common complaint from readers, who are alarmed to discover that their e-mail address is being used to send spam. Either they find out from friends that they seem to be sending out rubbish, or they receive bounced e-mails saying "no such user exists." To do this, the experts say, is relatively easy. As Wu-chang Feng, a computer-science professor at the Oregon Health and Science University, puts it, the protocol designed by academics in the early days of the Internet to enable any e-mail to get from A to B, called SMTP, does not try to authenticate the sender. "Academics are a trusting bunch of folks," he says. The bottom line: While there's not much you can do about it, it has become so common you are unlikely to face a lynching from your friends.
IF I VISIT A WEB SITE CAN THE PERSON WHO OWNS IT SEE IT WAS ME?
All the experts seem to agree that the least a Web site can learn from you is your IP, or Internet Protocol, address, which would tell them what country you are in and which Internet Service Provider or company you are accessing the Internet from. Then things get a little murkier: Web sites can place blobs of text called cookies on your computer which will give them a better idea of who you are and what you do. For example, if you return to that Web site, you may well be greeted by name -- culled from the personal details you entered in your browser options. As Matt Bishop, a professor of computer science at the University of California, Davis, suggests, "give a bogus name. Then the bogus name will be logged." Other tricks: the Web site may use bits of code called "Web bugs" which could figure out which Web site or page you've just come from and next go to. That's about all they can learn for now, this side of the law. But, as Greg Shipley, chief technology officer at U.S.-based security consultants Neohapsis Inc., points out, with the rise of registration services such as Microsoft Passport things might get worse: "In short, it is difficult to attach a name with an IP address right now, but if certain companies have their way, we may not be safe for long."
IS THERE ANY WAY FOR A SOFTWARE MANUFACTURER TO SCAN MY COMPUTER TO SEE WHETHER I'M USING PIRATED VERSIONS OF THEIR SOFTWARE?
Of course, I am not condoning the use of pirated software, but this does raise privacy issues. Some say that there is no way any information can go back to their company without you approving it. But in fact you may well already have done so, since by using the software you have committed yourself to a licence you probably never read. As Jean Camp from Harvard University says: "If you use Microsoft [or Adobe or any other proprietary software provider] who knows what is being transmitted? After all, look at the permissions you give the company in the end-user agreement." Joe Fisher, director of information technology at U.S.-based e-mail-security consultants Tumbleweed Communications, says that manufacturers can zoom in on you using information in your licence data. "When the application makes the licence request, it will also include the IP address of the computer it's using. The manufacturer can use this IP address information to track you down." In some cases, says John Myung , vice-president of product marketing at U.S.-based on-line security consultants RedCannon Security, companies are already doing this: Hewlett-Packard printer software, he says, "sends a message back to HP when you are getting low on ink" which he says could be used, quite legally, to flood you with spam on ink cartridges. HP says that while some of its software does monitor ink levels in its cartridges and can order refills, this can only be done with the user's approval and does not involve HP sending any marketing materials to the user.
IS THERE ANY WAY I CAN CHECK WHETHER A PROGRAM ON MY COMPUTER IS TRANSMITTING INFORMATION ABOUT MY BROWSING HABITS AND OTHER DATA OVER THE INTERNET?
Given the answers to the question above, I and quite a few readers were hoping that there was a program out there which would help figure out what kind of data was being sent back to headquarters. There doesn't seem to be. Right now, the best you can hope for is to install a firewall such as Zone Alarm [
www.zonelabs.com] which at least lets you decide which programs access the Internet and when. Another suggestion: AdAware from LavaSoft [
www.lavasoftusa.com] does a great job of removing cookies and sleazy programs that may or may not be transmitting information about you.
Write to me at
jeremy.wagstaff@feer.comMore expert answers at
http://loosewire.blogspot.com---
UNDER THE WIRE
The Latest Software and Hardware Upgrades, Plug-Ins and Add-Ons
A Virtual Brain
I got some interesting feedback after my column on X1 [
www.x1.com] [Hard-Disk Hide & Seek, July 17], the program which indexes your hard drive for you. Some readers waxed lyrical about other products: Wilbur Indexer [also free, from
http://wilbur.redtree.com/]; something called Vision from Scopeware [http://
www.scopeware.com/]; and The Brain [
http://www.thebrain.com/], which doesn't so much index your hard drive as connect your thoughts -- or Web sites, files or whatever -- in a hierarchical structure that mirrors your brain. I haven't tried the first two, but while I found The Brain intriguing, I guess in the end I was looking for something that didn't so much mirror my brain but improve on it. The software's effort to place your present thought uppermost, and relegate everything else below it in importance to the deep background, left me confused and lost. A bit like my real brain, come to think of it.
More on Spam
From the We Already Knew That But It's Still Interesting Department, FrontBridge Technologies Inc., which calls itself "a trusted provider of e-mail protection and secure messaging services" [as opposed, presumably, to those Distrusted Providers of E-mail Protection], has "revealed the top 10 deceptive subject lines that spammers use to entice their target recipients into opening spam e-mails."
So now you know. Actually, buried in all this glaring obviousness is an interesting point. The use of these kinds of tactics has increased, FrontBridge says, more than 50% in the first six months of the year.
网络安全问题惹人烦
最近,有读者问我几个关于电脑的问题,让我感到要么自己对电脑一窍不通,要么就是它们没那么容易回答。因此,我请教了技术专家,他们的回答证实了以上两点:即答案没那么简单,而我也的确对此一无所知。以下是读者通过电子邮件提出的问题及答案的节选。全文刊登在在我的网志(http:loosewire.blogspot.com)上。
问:有人怎么以我的名义、用我的电子邮件地址发送垃圾邮件?
答:读者对此的抱怨很多,他们会很惊讶地发现,自己的电子邮件地址被用来发送垃圾邮件。他们或是从朋友那里得知这一情况,或是收到被退回的邮件,里面说"不存在这个用户"。专家们说,要做到这一点很容易。俄勒冈卫生及科学大学(Oregon Health and Science University)的计算机教授冯五常(Wu-chang Feng,音译)解释说,在互联网发展早期,学术界制定了名为SMTP的技术协议,允许从用户A发送任何电子邮件到用户B,但不必证实发件人的真实身份。他说,专家们总是对人充分信任。不过,虽然你对这种行为无能为力,但由于它过度泛滥,人们对此已司空见惯,朋友们不会因此而给你脸色看。
问:如果我访问一个网站,该网站能否发现我的身份?
答:几乎所有专家都认为,这个网站至少能知道你的IP(Internet Protocol,即网络协议)地址。IP地址能告诉他们你在哪个国家、通过哪个ISP(Internet Serive Provider, 即网络服务供应商)上网。之后的事情就有些模糊不清了:网站可能在你的电脑内识别出小串字符,即通常所说的"cookie",并藉此获得更多有关你的身份和职业的个人信息。例如,如果你再次访问该网站,你的名字也许会出现上欢迎页面上--无疑是从你在浏览器选项上输入的个人信息中采集的。加州大学(University of California)的计算机教授麦特?比什(Matt Bishop)建议:"起个假名,然后用这个假名注册。"其他的花招还有:部分网站也许会采用所谓的"网络爬虫"(Web bug)编码,这些爬虫"能弄清楚你刚刚登录了哪些网站或网页,以及下一步打算登录的网站。以上是在法律范围内,网站能够自行搜集到的信息。但正如网络安全咨询服务公司Neohapsis Inc.首席技术长施普利(Greg Shipley)所说的,随著Microsoft Passort等注册服务数量的增长,情况也许会有所恶化:"简而言之,如今通过IP地址确认用户名仍存在难度,但如果某些公司有办法做到,长此以往,我们可就没那么安全了。"
问:软件开发商是否能扫描我的电脑,以了解我是否使用了盗版软件?
答:我当然不赞成使用盗版软件,不过这个问题事关个人隐私。一些人认为,在不经得你同意的情况下,信息无法传回软件商那里。但实际上,你可能早已同意这么做了,因为在使用软件的时候,你已经对使用许可证作了承诺,虽然你也许根本没看过。. 哈佛大学(Harvard University)的简?凯普(Jean Camp)说:"如果你使用微软公司(Microsoft)(或Adobe等其他享有专利的软件供应商)提供的软件,谁知道什么信息被传送了回去?看看你在终端用户协议中作了哪些许诺吧。"电子邮件安全咨询公司Tumbleweed Communications信息技术主管乔?费什(Joe Fisher)说:"在申请获得使用许可证时,需要透露所用电脑的IP地址。软件开发商可以通过这个IP地址来追踪你。"网上安全咨询公司RedCannon Security副总裁约翰?梅格(John Myung)说,在某些情况下,软件商早已这么做了。他说,当你使用的惠普(Hewlett-Packard)打印机墨粉不够时,其软件会向惠普发回相关信息。他称,这一信息可被用来(非常合法地)向你散布无数关于墨盒的信息。惠普表示,虽然该公司的某些软件的确在监控墨粉的多少,并能要求填充,但只有在用户同意的情况下才会这么做,而且公司也不会向用户散布任何营销信息。
问:能否通过某种方法,让我确认电脑上的程序是否在通过互联网传播有关我的浏览习惯等信息?
答:鉴于上述几个问题的答案,我和许多读者都希望能有一个程序帮助用户了解哪些信息被传送了出去。但实际上没有这样的程序。目前,最好的办法是安装一个防火墙,如Zone Alarm (
www.zonelabs.com)等,因为它们至少能让你决定哪些程序在什么时间可以联入互联网。另一个建议是:LavaSoft(
www.lavasoftusa.com)的软件AdAware能有效删除cookie和其他可能传播你的个人信息的可疑程序。
