|
Business Edition/ESET Smart Security/Antispam module
Push Installation Requirements and Checklist
NOD32 Remote Administrator allows remote installations from the Remote Administrator Console to any workstation on the network with a Windows NT/ 2000/XP/2003/Vista operating system. This function is called a Push installation. The steps in this document describe the main requirements for configuration of this process.
While installation to standardized networking environments is relatively simple, problems can arise due to differences in architecture and configuration from network to network.
The following can be used both as a requirements check list for configuring a push installation as well as a trouble-shooting guide during the remote installation process. Verifying each of the tasks below is strongly recommended before performing the first trial installation on the client's network:
1.
The workstation where you are trying to install NOD32 client remotely must answer a ping from the computer where Remote Administrator Server is installed.
2.
If both the workstation and the server are in a mixed environment of Domain and Work Group (or if the server where Remote Administrator is installed has Windows 2003), the Use simple file sharing (located under the Tools → Folder Options → View) option should be disabled.
3.
Both the server and the workstation must have the TCP/IP protocol installed.
4.
Workstation must have the shared resource ADMIN$ activated (Start → Control Panel → Admin Tools → Computer Mgmnt → Shared Folders → Shares).
5.
The user performing the remote installation must have administrator rights.
6.
The user with administrator rights cannot have a blank password.
7.
The firewall on the network must not block communications or file-sharing between the servers and the workstation.
8.
The (Remote Administrator) server must allow data reception through ports 2222, 2223, and 2224. If the server has any of these ports blocked, communication with the workstations is not possible.
9.
For WinNT/2000/XP/2003 operating systems, verify the following:
-Client workstations are visible in both the server and the workstation connection.
-“File & Print Sharing for Microsoft Networks” must be enabled (Control Panel → Network Connections → Network → Properties)
-The Remote Procedure Call (RPC) service needs to be running on the target.
-The Remote Registry service needs to be running on the target.
-The RPC Locater service should be set to “manual” and need not be running.
10.
IMON should not be enabled on your server. IMON's primary functions are to control HTTP communication (web-browsing) and detect possible infiltrations encountered through using internet email (POP3). Given that the server will not be used as a typical workstation, it's recommended that the module be disabled. NOD32's other modules will provide your server with back-up layers of protection against these threats.
11.
If installing onto WinNT/2000/XP machines via logon script or email, a logon name and password must be defined in the RA console. To set it up, click the Remote Install tab and in the Set Default Logon for E-mail and Logon Script, click the Logon button.
If your network configuration meets these requirements, remote installation will be accomplished without communication problems between the server and the workstations.
Email, Spamming, Hoaxes, Phishing
Awareness of Email
Email, or electronic mail, is a modern form of communication with many advantages. It is flexible, fast and direct. Email played a crucial role in the proliferation of the Internet in the early 1990's. Unfortunately, due to the relative ease with which sender addresses can be disguised, email and the Internet leave room for illegal activities such as spamming.
Broadly categorized, spam includes unsolicited advertisements, hoaxes and proliferation of malicious software – malware. The inconvenience and danger to the user is increased by the fact that the costs of sending email are next to zero, and authors of spam have many tools and sources available to acquire new email addresses. In addition, the volume and variety of spam makes it very difficult to regulate. The longer you use your email address, the higher the possibility of it ending up in a spam engine database.
Some hints for prevention:
If possible, don’t publish your email address on the Internet
Only give your email address to trusted individuals
If possible, don’t use common aliases – with more complicated aliases, the probability of tracking is lower
Don’t reply to spam messages which have already made it into your inbox
Be careful when filling out Internet forms - especially beware of checkboxes such as “Yes, I want to receive information about ... in my inbox.”
Use specialized email addresses – e.g., one for your work, one for communication with your friends, one for online purchases, etc.
From time to time, change your email address
Use an antispam solution such as ESET Smart Security's Antispam module
.
Advertisements
Internet advertising is one of the most rapidly growing forms of advertising in the world. A significant percentage of internet advertising uses email as a means of contact. Its main marketing advantages are zero cost and high level of directness/effectiveness. What’s more, messages are delivered almost immediately. Many companies use email marketing tools to communicate with their current and prospective customers. In some cases such advertising is legitimate, as many users may be interested in receiving commercial information about some products.
However, many companies send unsolicited bulk commercial messages. In these cases, email advertising crosses the line and becomes spam. The amount of unsolicited commercial email has become a serious problem, and shows no signs of abating. Use of the ESET Smart Security's Antispam module
is an essential aspect of protecting your email address from spam messages.
Hoaxes
A hoax is a message spread across the Internet. Usually it is sent via email and sometimes via communication tools like ICQ and Skype. The message itself is often a joke or Urban Legend.
Computer Virus hoaxes try to generate fear, uncertainty and doubt (FUD) in the recipients, bringing them to believe that there is an "undetectable virus" deleting files and retrieving passwords, or performing some other harmful activity on their system.
Some hoaxes are meant to cause emotional embarrassment to others. Recipients are usually asked to forward such messages to all their contacts, which perpetuates the life-cycle of the hoax. There are mobile phone hoaxes, pleas for help, people offering to send you money from abroad, etc. In most cases it is impossible to track down the intent of the creator.
In principle, if you see a message prompting you to forward it to everyone you know, it may very well be a hoax. There are many specialized websites on the internet which can verify whether an email is legitimate or not. Before forwarding, perform an internet search on any message you suspect of being a hoax.
Phishing
The term phishing defines a criminal activity which uses techniques of social engineering (manipulating users in order to obtain confidential information). Its aim is to gain access to sensitive data such as bank account numbers, PIN codes, etc. Access is usually achieved by sending email masquerading as a trustworthy person or business (financial institution, insurance company).
The email can look very genuine, and will contain graphics and content which may have originally come from the source that it is impersonating. You will be asked to enter, under various pretenses (data verification, financial operations), some of your personal data – bank account numbers or usernames and passwords. All such data, if submitted, can easily be stolen and misused.
It should be noted that banks, insurance companies, and other legitimate companies will never request usernames and passwords in an unsolicited email.
What is the ESET Smart Security Antispam Module?
Antispam behaviour and user interaction
The Antispam module detects unsolicited email in two ways. The first is through a basic set of rules which are designed to automatically filter unwanted email. These rules are by default included in the installation of the program. It is updated along with the virus signature database updates. Second, it is by means of the Bayesian filter. The Bayesian filter can be trained on a per-user basis. The user manually marks a sufficient number of incoming emails as legitimate messages or as spam.
If you regularly receive spam from a certain address, you can add it to Blacklist. If you wish to designate that messages from a certain address will never be marked as spam, add the address to Whitelist. By default, the sender address in outgoing messages are automatically added to the Whitelist.
The following section is intended to explain how to proceed when an unsolicited message arrives.
An unsolicited message has come to my inbox, what should I do?
If the message has not been filtered by the program, it is most likely an unknown type of unsolicited email and should be marked as spam. To do this, click Spam located on the Eset Smart Security Toolbar.
A message was marked as spam, but it's not spam
If a legitimate email was classified as spam, the message must be reclassified. Select Not Spam on the Eset Smart Security Toolbar.
I receive spam from a certain address on a regular basis
In the event that you consistently receive spam from a certain address, you can add the address to the Blacklist. To add an address to the Blacklist, right-click on the email address and in the Eset Smart Security context menu select Add to Blacklist. The list of addresses added to Blacklist can be viewed in the main antispam protection setup window. To add/edit/delete an entry, right-click in the window.
Antispam marks messages from an address which is trusted
You can add addresses you consider trusted to the list of trusted addresses (Whitelist). All addresses marked as trusted will be handled as not spam. To add an address to the list of trusted addresses, right-click on the email address and in the Eset Smart Security context menu select Add to Whitelist.
Bayesian filter
Bayesian spam filtering is a very effective form of e-mail filtering used by almost all antispam products. It is able to identify unsolicited e-mail with a high degree of accuracy. The Bayesian filter can be trained on a per-user basis.
The functionality is based on the following principle: In the first phase, the process of learning takes place. The user manually marks a sufficient number of messages as legitimate messages or as spam (normally 200/200). The filter analyzes both categories and learns, for example, that spam usually contains words “rolex” or “viagra”, and legitimate messages are sent by family members or from addresses in the user’s contact list. Provided that a greater number of messages was processed, the Bayesian filter is ablee to assign to each message a certain “spam index” and thus decide on whether it is spam or not.
The main advantage is its flexibility. For example, if a user is a biologist, all incoming e-mails concerning biology or a relative fields of study will generally receive a lower probability index. If a message includes words that would otherwise qualify it as being unsolicited, but it is sent by someone from a contact list, it will be marked as legitimate, because senders from a contact list decrease overall spam probability.
The server-side control
The server-side control is a technique for identifying mass spam e-mail based on the number of received messages and the reactions of users. Each message leaves a unique digital "footprint" on the server based on the content of the message. This footprint is a unique ID number which tells nothing about the content of the e-mail. Two identical messages will have identical footprints, while different messages will have different footprints.
If a message is marked as spam, its footprint is sent to the server. If the server receives more identical footprints (corresponding to a certain spam message), the footprint is stored at the spam footprints database. When scanning incoming messages, the program sends the footprints of the messages to the server. The server returns information on which footprints correspond to messages already marked by users as spam.
How to recognize spam
Generally, there are a few indicators which can help you identify spam (unsolicited bulk e-mails) in your mailbox. If a message fulfills some of the following criteria, it is most likely spam.
The sender address does not belong to someone you recognize
You are offered a large sum of money, but you have to provide a small sum first
You are asked to enter, under various pretenses, some of your personal data – bank account numbers, credit card numbers, social security number, usernames and passwords, etc.
The email is written in a foreign language
Product advertised is far below the retail price
Some of the words are misspelled in an attempt to trick your spam filter. For example, "vaigra” may be written as “viagra”, etc.
Inclusion of large blocks of text or images
If you do decide to purchase a product advertised in an unsolicted email message, please verify that the message sender is a reliable vendor.
Adding/Editing/Deleting a Whitelist entry
A Whitelist is a list of email addresses or domains which you have designated as legitimate email contacts. Messages from these contacts will not be automatically blocked, and will be successfully delivered to your inbox.
To more effectively filter spam, use your Whitelist in conjunction with a Blacklist. A Blacklist is a list of specific email addresses or domains considered to be associated with spam. For more information on Blacklists, click here.
Adding an email address to Whitelist
1.
Open ESET Smart Security by clicking the icon  in your Windows system tray or by clicking Start → All Programs → Eset → ESET Smart Security.
2.
Switch to Advanced Mode by clicking Toggle Advanced mode in the lower left corner of the main window, or by pressing CTRL + M on your keyboard.
Fig. 1-1
3.
In the left column, click Setup and then click Antispam module (See Fig. 1-2).
4.
The Antispam module will be displayed. In the middle of this window, click Whitelist (See Fig. 1-2).
Fig. 1-2
5.
The White list window will appear. From this location, you may Add, Edit, or Remove Whitelist entries. To add an email address to the Whitelist, click the Add button.
6.
The New Item window will appear. In the Email address field, enter the email address that is to be whitelisted. In the Name field, enter the company or individual associated with this address.
7.
If you wish to whitelist the entire email domain, select the Whole domain checkbox at the bottom of the window (See Fig. 1-3 below). This can be useful if you wish to allow email from all individuals in a specified organization.
Fig. 1-3
8. Click OK to finish..
Editing a Whitelist entry
1.
While at the White list window from step 5 above, select one or more currently whitelisted addresses to edit, and click the Edit button.
2.
The Item change window will appear, allowing you to change the email address or name of the entry. Click OK to finish. If you have selected multiple entries to edit, a new Item change window will continually appear until you have edited all selected entries (See Fig. 1-4 below).
Fig. 1-4
Removing a Whitelist entry
1. While at the White list window from step 5 above, select one or more currently whitelisted addresses to remove, and click the Remove button.
2. A dialog box will ask you to verify the action. Click OK to confirm the removal (see Fig. 1-6 below).
Fig. 1-5
3. Close the White list window when you are finished adding, editing, or removing entries.
|
