CrexTechs Blog

Many of us use Outlook or Outlook Express as our "local mail client."  With Outlook you must download your mail from your Internet Service Provider onto your computer.  (Windows 7 no longer supports any local mail client such as Outlook Express or Thunderbird. However if you purchase Office you can still use Outlook).

At CrexTechs we recommend you do not use a "local mail client" such as Outlook for the following reasons:

1) The very act of downloading mail onto your computer leaves you vulnerable to mail born viruses and malware. You could be downloading viruses, spyware and other malware contained with your email along with spam and other unwanted advertising.

2) Not only does your email have to be filtered, it must also be scanned.  Your service provider has filters that catch some of the bad stuff but not everything.  Vipre (CrexTech's recommended Antivirus/Junk protection) or other anti-virus programs scan each piece of email as it is downloaded to help insure that is safe.  Scanning for viruses during downloading is affective and absolutely necessary but ...

3) ...you will notice that downloading and scanning takes time and robs you of computing power just when you are  getting down to business. You will notice this slowdown on "High Speed" Internet, but if you have dial up Internet Service this process becomes down right painful.

Why does it have to be so slow?

Every email needs to be scanned, including attachments.  Some of these files, ones you may not even want, can be very large and will really slow you down as they are downloaded and scanned.  So if you use a "local mail client" plan to give Vipre time to do its thing.  Go get a cup of coffee or chat with your kids.

Or, you can do what we recommend....

CrexTechs recommends reading your mail on-line.  Here is why and how:

Why: You will be safer and you will not have to spend time waiting for your mail, even the stuff you don't want, to download and be scanned.

How: You can access your mail through your Internet Service Provider on their website or you can set up an email account through Google (Gmail) or Yahoo or any other trusted web portal that offers email.  These email accounts are almost always free of charge.

CrexTechs recommends Gmail:

1) It is easy to switch over and you will enjoy the functionality.

2) Gmail in particular has a great spam and junk mail filter which you can train to reduce junk mail to near zero!

What about your contacts?

You can export your contact list from Outlook into a file that you can then import into your new email account.  The data is not always perfectly imported so you may have to spend a little time inputting some of your contacts.  However, if you send out an email from your old account to everyone on your contact list, giving them the new email address and asking them to send you an email at that address, you will be able to easily add them to your contact list on the new account.

Or, you can keep your old account and receive your email from your old account through your new Gmail account.  You will need to configure your old account POP or IMAP to have this mail sent to your Gmail or Yahoo mail account. For a small fee, CrexTechs can help you with this process .

And here is another advantage to using a web based email provider.  You can access your email and your contacts and use your familiar interface from any computer in the world!

One more "word" to the wise (or one less word):   No matter what mail system you use - DO NOT USE WORDS FOR YOUR PASSWORD! It is best to use a mix of letters, numbers, and symbols. Such as your initials with letters numbers and symbols #jlsdjd2010 (two persons initials and a significant year plus a symbol.)

This comes directly from the Vipre newsletter.  This is so so so important that I have cut and pasted it here.  Some of the details below are for networks but home users are vulnerable.  So read on [comments in red are from me].

Rogue Antivirus Product Wars
All antivirus companies are being hit with the next wave of malware: Rogue antivirus tools like Antivirus 2010. This code throws messages on the user's screen that they are infected, and "download here to get rid of the malware."  Sure enough, that gets the Trojan installed.

Our CEO Alex wrote about this: "For what it's worth, as someone who is on the inside of an AV company and is intimately familiar with these threats, the reality is that no AV vendor, ESET, McAfee, Sunbelt, Sophos, Symantec, etc. can give you 100% coverage against it.

These new fake antivirus variants are some of the most vicious, polymorphic Trojans this industry has seen. They use extremely complex obfuscation techniques which make detection quite challenging by even the best antivirus engine. Many of these rogues are also service-side polymorphic. That means every time an exe is downloaded, it's recompiled on the server-side into a different piece of code.   [this means it is mutating so anti-virus programs have a harder time detecting it when it is downloaded on to you machine]

And, there are about 75,000 new tier-1 pieces of malware coming out every day. So your AV vendor, realistically, is only going to be one layer of protection, no matter what the sales guy might say. (That being said, AV is a must. Just look at viruses like Conficker, Sality, Virut, etc. These are viruses that the industry does a pretty good job at, and if they get into your network and you don't have endpoint protection, it's quite messy.)

Key things to do are:

1. No Admin Privs. Try to run as many users on Limited User accounts as you can (always difficult, I know). It won't stop all infections, but it does make a difference -- probably 80% reduced infection vector. [this is for networks]

2. Patch aggressively. The key exploit vectors right now are PDF and Flash, then Windows/IE. When I browse the web, I obsessively check Adobe and Flash to make sure I'm fully patched, and I constantly check Windows update. It really is an absolute must. [Do your Windows, Adobe Reader and Flash updates but be careful....read on]

3. Educate yourself. The vast majority of infections these days are caused by social engineering. A user will get a funny video link on Facebook or some other social networking site, click on it, and it will say that they need to "install a special codec", or "update Flash". Or they will be doing a Google search and a malware site will have attached itself to an innocent keyword. The user will click and start getting crazy warnings that their machine is infected. This is the malware trying to get the user to install. If something does not look right, it probably is not right - DON'T CLICK ON IT! [if something starts downloading, shut off your computer immediately using the on/off button.  Pull the plug if you have to.  It takes too long to do start/shutdown.  By then the download will have completed. Then try to remember what you were doing just before the download started.  This will be where the malware was hiding waiting for you to click on something then boom, it started downloading onto your machine.]

4. Do malicious web filtering. There are tens of thousands of pieces of malware daily, but only a few thousand new malware sites a day. Many endpoint protection tools, including ours[Vipre], offer malicious web filtering.

5. Submit malware files to AV vendors. Most, if not all, AV vendors take customer submissions very seriously, and the internal escalations are always senior to anything else.

[6. Talk to your kids and other users in your household. Tell them what to watch out for, and if in doubt shut down immediately. ]