did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780764575914

Blocking Spam & Spyware For Dummies®

by ;
  • ISBN13:

    9780764575914

  • ISBN10:

    0764575910

  • Format: Paperback
  • Copyright: 2005-04-01
  • Publisher: For Dummies
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $26.99 Save up to $0.81
  • Buy New
    $26.18
    Add to Cart

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

Supplemental Materials

What is included with this book?

Summary

Fight back and save money with these expert tipsFind out what spam and spyware cost your company, and how to stop themWhether yours is a one-person business or a multi-million dollar corporation, here's help giving spammers and spies the bum's rush. Two veterans of the spam wars help you analyze your situation, choose the right solutions, set up and maintain them, and even show the bean-counters why such defenses are essential.Discover how to Understand how spammers get addresses Calculate the cost of spam and spyware Re-engineer your business processes Select spam and spyware filters Manage implementation and maintenance

Author Biography

Peter Gregory, CISA, CISSP, is a career IT guy who has worn just about every hat that could be worn in the Data Processing/Information Systems/Information Technology business. Peter has IT experience in government, banking, nonprofit, legalized gambling, and telecommunications. The Usenet-E-mail-Internet bug bit him in the mid 1980s. He has spent the past eleven years in two wireless telecom companies, working in positions where he develops security policy, security architecture, and security emergency response teams, and is a security consultant in general.
His passion for computers is matched only by his dedication to helping people know how to use information systems — from personal computers to mainframes — more effectively and safely. He achieves this through his speaking appearances at security conferences, in ComputerWorld and other online publications, and through a security consulting company that he cofounded in 2002.

Michael A. Simon works as a computer security consultant in the Seattle area and the northwestern U.S. with clients in banking, e-commerce, health care, and biotechnology. Mike has been working in IT security for around 20 years and wrote his first programs on punched cards for an IBM mainframe in the early 1980s. Although he doesn’t get much chance to exercise his skills in COBOL or Fortran these days, he keeps a deck of blank IBM punch cards around just in case.
For the last 10 years, Mike has been working for the company that he cofounded with Corwin Low when the Internet was more innocent, and convincing people of security’s importance was a difficult task. Mike keeps busy assessing new threats for his clients, lecturing at Seattle University and the University of Washington, and advancing the public service goals of Northwest Security Institute, a non-profit that he helped to found.

Table of Contents

Introduction 1(1)
About This Book
2(1)
Why We Combined Spam and Spyware
2(1)
How This Book Is Organized
3(2)
Part I: Understanding the Problem
3(1)
Part II: Justifying and Selecting Spam and Spyware Filters
3(1)
Part III: Deploying Your Chosen Solution
4(1)
Part IV: Maintaining Your Defenses
4(1)
Part V: The Part of Tens
4(1)
Conventions Used in This Book
5(1)
Defining Spam, Spyware, and Malware
5(1)
Foolish Assumptions
6(1)
Icons Used in This Book
6(1)
Where to Go from Here
7(1)
And the Latest Breaking News
8(1)
Write to Us!
8(1)
Part I: Understanding the Problem
9(60)
Spam and Spyware: The Rampant Menace
11(26)
Knowing How Spam and Spyware Affect the Organization
11(5)
Increasing e-mail volume
12(1)
Draining productivity
12(2)
Exposing the business to malicious code
14(1)
Creating legal liabilities
14(2)
No Silver Bullets: Looking for Ways to Fight Back
16(6)
Adding a spam blocker
16(4)
Keeping spyware away from workstations
20(1)
Other good defense-in-depth practices
21(1)
Understanding the role of legislation
21(1)
Taking Stock of Your Business
22(5)
Talk with people
22(1)
Conduct a survey
23(1)
Understanding your architecture
24(1)
Taking users' skills and attitudes into account
25(1)
Evaluating available skills in IT
26(1)
Working within your budget
26(1)
Justifying Spam and Spyware Control
27(1)
Choosing Anti-Spam and Anti-Spyware Solutions
28(4)
Types of anti-spam solutions
29(1)
What are the key features?
30(1)
Choosing the right model
30(2)
Sizing for now and the future
32(1)
Making the Solution Work
32(5)
Creating a good plan
33(1)
Setting up a trial
33(2)
Training users
35(1)
Taking your solution live
36(1)
Maintaining the system
36(1)
The Spyware Who Loved Me: Stopping Spyware in Its Tracks
37(16)
What Is Spyware?
37(3)
An information collector
38(1)
An information transgressor
38(2)
How Spyware Gets In
40(2)
Finding holes in the Web browser
40(1)
Tagging along in e-mail
41(1)
Hiding in software downloads
41(1)
Peer-to-peer file sharing
42(1)
How Spyware Gets Information from Your Computer
42(3)
Hijacking cookies
43(1)
Executing programs
43(1)
Reading the Clipboard
44(1)
Accessing the hard drive
44(1)
Spoofing well-known Web pages
44(1)
Logging keystrokes
45(1)
Fighting Back
45(4)
Testing for vulnerabilities
45(1)
Patching vulnerabilities
46(1)
Scanning and removing spyware
47(1)
Preventing spyware from getting a foothold
48(1)
Choosing and Using Spyware Blockers
49(4)
Understanding the changing market
49(1)
Training users and getting their help
50(1)
Finding a product that deploys easily
51(1)
Using spyware blockers
52(1)
Understanding the Enemy: What Really Spawns Spam
53(16)
Understanding How Spammers Get E-Mail Addresses
53(5)
Harvesting from the Internet
54(1)
Buying and stealing addresses
55(1)
Directory service attacks
56(2)
Giving Filters the Slip: How Spam Messages Seep into Your Inbox
58(6)
Poisoning Bayesian filters
59(1)
Hash busting
60(1)
Snowflaking messages
61(1)
Forging From: and Received: headers
61(1)
Relaying to hide message origins
62(2)
The Economics of Spam
64(2)
Making money with spam e-mail
65(1)
A black market of bots for relaying spam
65(1)
Spam's New Attitude: The Convergence of Spam and Viruses
66(1)
Advancing the War to New Fronts: Instant Messages and Text Messages
67(2)
Part II: Justifying and Selecting Spam and Spyware Filters
69(64)
Calculating ROI for Your Anti-Spam and Anti-Spyware Measures
71(18)
Understanding Activity-Based Costing
73(2)
Helpdesk example
73(1)
Cost-of-e-mail example
74(1)
As simple as ABC?
75(1)
Understanding Fixed and Variable Costs
75(1)
Volume-of-E-Mail Model
76(3)
Using industry statistics
76(1)
Surveying your users
77(1)
Estimating your e-mail costs
77(2)
Employee-Productivity Model
79(2)
Estimating wasted time
79(1)
Turning hours into dollars
80(1)
Additional support calls because of spam and spyware-induced problems
81(1)
Risk-Avoidance Model
81(3)
Risks from chronic exposure to obscene, violent, and hate material
82(1)
Risks from Web-site-borne malicious code
82(1)
Risks from phishing scams
83(1)
Qualitative Justifications
84(1)
Executive frustration
84(1)
Employee grumblings
85(1)
Learning through networking
85(1)
Models for Justifying Spyware Filters
85(4)
Helpdesk support calls
86(1)
Potential loss of corporate information
86(1)
Potential loss of custodial data
87(1)
Potential loss of employees' private information
87(2)
Developing the Battle Plans
89(18)
Assessing Your Situation
89(4)
Knowing thy present architecture
90(2)
Knowing thy bandwidth
92(1)
Knowing Your Business Objectives
93(1)
Developing Requirements
94(7)
What is a requirement?
94(2)
Collecting and organizing requirements
96(1)
Functional requirements
96(1)
Technical requirements
97(1)
Business requirements
98(3)
Developing or Updating Policy
101(1)
Re-Engineering Business Processes
102(3)
Managing user accounts
102(1)
Managing user workstations
102(1)
Helpdesk
103(1)
End-user training and orientation
103(1)
E-mail administration
104(1)
Network management
104(1)
Managing the data center
104(1)
Defining Roles and Responsibilities
105(2)
Evaluating Anti-Spam and Anti-Spyware Solutions
107(26)
Ensuring the Anti-Spam Cure Is Better Than the Original Spam
107(2)
Choosing a Spam-Filtering Platform: Software, Appliance, or ASP?
109(10)
Software solution
110(2)
Appliance solution
112(1)
Application Service Provider solution
113(3)
Client-side solution
116(1)
The solutions side-by-side
117(2)
Choosing Spyware Filtering: Workstation or Centralized?
119(4)
Workstation solutions
120(1)
Centralizing the anti-spyware solution
120(2)
Hybrid solutions
122(1)
Evaluating Information from Vendors
123(6)
Don't believe everything you hear
124(1)
Calling customer references
125(1)
Visiting a vendor's customer on-site
126(1)
Visiting vendor sites
127(1)
Other ways to obtain vendor information
128(1)
Evaluating Anti-Spam and Anti-Spyware Vendors
129(4)
Understanding vendors' long-term product strategies
129(2)
Twisting vendors' arms to get the deal
131(2)
Part III: Deploying Your Chosen Solution
133(74)
Training Users and Support Staff
135(14)
The Many Methods of Training
135(6)
Offering effective seminars
136(2)
Creating paper user guides
138(2)
Posting user guides online
140(1)
Training Users
141(3)
Looking at the technology from a user's point of view
142(1)
Explaining the filter to users
142(2)
Training Administrators
144(2)
Put yourself in administrators' shoes
145(1)
Including practice in the training
145(1)
Give slightly more than needed
146(1)
Training the Helpdesk Staff
146(3)
Anticipating user questions and issues
147(1)
Building a knowledge base
148(1)
Planning the Rollout
149(28)
Sketching Out a Plan
150(4)
Involving the right people
150(1)
Planning for disaster
151(2)
Keeping your objectives in mind
153(1)
Scheduling
153(1)
Allocating Resources
154(8)
Whose time do you need?
155(3)
Estimating time for key tasks
158(1)
Money, money, money
159(1)
Rounding up the hardware and software
160(1)
Working with outside resources
160(2)
Tracking Tasks
162(1)
Putting Together a Spam Filter Trial
163(10)
Developing measurable success criteria
164(1)
Performing tests
165(5)
Selecting users for a trial
170(1)
Evaluating trial results
171(1)
Incorporating lessons learned into your deployment plan
172(1)
Planning a Spyware Filter Trial
173(4)
Needed: Measurable tests and results
174(1)
Identifying false positives
174(1)
Users' chores
174(1)
Nondisruptive browser use
175(2)
Rolling Out to the Enterprise
177(16)
Implementing Spam Filtering
177(10)
Installing a software solution
178(2)
Plugging in a hardware solution
180(1)
Cutting over an ASP solution
181(1)
Taking care of the administrative details
181(5)
Measuring early results
186(1)
Implementing Spyware Filtering
187(2)
Starting with a trial installation
187(1)
Installing throughout your business
188(1)
Creating backout plans in case something goes awry
189(1)
Keeping Everything under Control
189(4)
Early warning signs of trouble
190(1)
Changing the plan in mid-sentence
191(1)
Testy testers
192(1)
Supporting Users
193(14)
Understanding Common Support Scenarios
194(3)
Gathering information for support scenarios
194(3)
Documenting support scenarios
197(1)
Equipping Support Staff with Tools and Knowledge
197(6)
Seeing what the user sees
198(3)
Knowledge
201(2)
Measuring the Support Effort
203(4)
Tracking numbers of calls
203(1)
Tracking types of calls
204(1)
Tracking the effort required to solve problems
205(2)
Part IV: Maintaining Your Defenses
207(60)
Everyday Maintenance
209(10)
Managing Quarantines
210(4)
Involving end-users
210(1)
Administrative maintenance
211(1)
Automating quarantine management
212(2)
Managing Whitelists
214(1)
Maintaining user whitelists
214(1)
Maintaining systemwide whitelists
215(1)
Managing Filter Rules
215(2)
Avoid specific rules that solve specific problems
216(1)
Monitor how effective specific rules are
217(1)
Managing Updates
217(2)
Updating filter rules
217(1)
Updating the software (or engine)
218(1)
Handling Thorny Issues
219(32)
Coping with Performance Issues
220(2)
Dealing with interruptions in mail service
220(1)
Law of Big Numbers
221(1)
Dealing with loss of productivity from spyware infestation
221(1)
Setting Realistic User Expectations
222(9)
False negatives: ``Your inbox won't be spam free''
223(3)
False positives: When good mail looks bad
226(4)
Restricting Web browser configuration
230(1)
Identifying and Handling Business Issues
231(8)
Figuring out legal issues
231(2)
Uprooting hidden costs
233(1)
Preparing for ASP outages
234(1)
Developing skills to support the spam filter
235(3)
What about when spam actually works?
238(1)
Supporting spyware filters and scanning
239(1)
Stopping Deliberate Attacks
239(12)
Block Web bugs and other malicious content
240(3)
Don't make yourself a target for Joe Jobs
243(1)
Prevent spammers from verifying or listing e-mail addresses
243(1)
Make the Web spiders starve
244(1)
Viruses --- don't be part of the problem
245(1)
Shut out the robot army
245(2)
Educate users about spammy NDRs
247(1)
Protect users from phishing scams
248(1)
Be aware of single-target spyware
249(2)
Defense in Depth: Providing Layers of Protection
251(16)
Understanding Defense in Depth
251(1)
Deploying Security Patches
252(3)
Patches eliminate vulnerabilities
253(1)
Keeping pace with viruses and worms
253(1)
Patching made easier with dedicated tools
254(1)
Managing Anti-Everything
255(4)
Antivirus
256(2)
Anti-popup
258(1)
Filtering incoming e-mail attachment extensions
258(1)
Turning off VRFY on your e-mail server
259(1)
Managing Firewalls
259(3)
Intranet firewalls
259(1)
Filtering inbound as well as outbound
260(2)
Keeping One Eye on the Future
262(5)
Watching the spam-filtering market as it matures
262(2)
Emerging standards
264(2)
Watching the maturing anti-spyware market
266(1)
Part V: The Part of Tens
267(54)
Ten Spam-Filtering Solutions for the Enterprise
269(10)
Brightmail AntiSpam 6.0
270(1)
Postini Perimeter Manager
271(1)
CipherTrust IronMail
272(1)
FrontBridge TrueProtect Message Management Suite
273(1)
Trend Micro Spam Prevention Solution
274(1)
McAfee SpamAssassin
274(1)
Sophos PureMessage
275(1)
Tumbleweed MailGate
276(1)
Proofpoint Messaging Security Gateway
277(1)
MailFrontier Gateway Server
278(1)
Ten Keys to Successful Spam Filtering
279(8)
Knowing Your Users
279(1)
Knowing the Product
280(1)
Matching the Product to the Users
281(1)
Training Users and Admins
282(1)
Preparing to Troubleshoot
282(1)
Preparing a Backout Plan
283(1)
Revisiting Your Policies
284(1)
Creating a Global Whitelist
284(1)
Testing the Solution
285(1)
Monitoring after You Deploy
285(1)
Epilogue: Reviewing Your Original Business Objectives
286(1)
Ten Spam-Related Issues Most Enterprises Face
287(8)
Users Don't Check Their Quarantines
287(1)
Users Don't Manage Their Whitelists
288(1)
Too Many Helpdesk Calls
288(1)
Important Messages Lost or Delayed
289(1)
The Filter Vendor Exited the Market
290(1)
If your solution is an ASP
290(1)
If your solution is in-house
290(1)
Your Filter Is No Longer Effective
291(1)
Spam That Makes It through the Filter Is Still a Liability
291(1)
Mail Delivery Becomes More Complex
292(1)
Your Internet Connection Seems Slow
293(1)
My Company's Products Smell Like Spam (Or, I Work for Hormel)
294(1)
Ten Spyware-Filtering Solutions for Businesses
295(12)
Ad-Aware Professional SE
296(1)
SpywareBlaster 3.2
297(1)
SpyBot - Search & Destroy
298(1)
eTrust PestPatrol Anti-Spyware
299(1)
Norton AntiVirus 2005
300(1)
McAfee Anti-Spyware Enterprise Edition Module
301(1)
Panda Platinum Internet Security 2005
302(1)
SpyHunter
303(1)
Yahoo! Anti-Spy Toolbar
303(1)
Microsoft Windows AntiSpyware
304(3)
Ten Online Resources for Resolving Spam and Spyware
307(6)
The Spamhaus Project
307(1)
Coalition Against Unsolicited Commercial Email (CAUCE)
308(1)
Internet Privacy For Dummies
309(1)
The SPAM-L Tracking Spam FAQ
309(1)
Federal Trade Commission (FTC)
310(1)
SpywareInfo
310(1)
Spychecker
311(1)
GetNetWise
311(1)
ScamBusters.org
312(1)
Anti-Phishing Working Group
312(1)
Ten Keys to Successful Spyware Filtering
313(8)
Understanding the Problem
313(2)
Educating Your Users
315(1)
Updating Your Policies
315(1)
Choosing Products Wisely
316(1)
Planning the Installation Judiciously
317(1)
Testing Your Solution Thoroughly
317(1)
Equipping the Helpdesk
318(1)
Monitoring after Implementation
319(1)
Reporting to Management
319(1)
Watching the Product Market
320(1)
Appendix A: Spam- and Spyware-Filtering Project Plan
321(6)
Appendix B: Spam- and Spyware-Filtering Project Requirements
327(14)
Common Requirements
328(7)
Spam-Specific Requirements
335(3)
Spyware-Specific Requirements
338(3)
Appendix C: Glossary
341(8)
Index 349

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program