the main Windows 8.1 Anti-spam tools. What is spam and how to deal with spammers on the Internet What does the word SPAM mean?

Anti-spam tools. What is spam and how to deal with spammers on the Internet What does the word SPAM mean?

This is a new Kaspersky Lab product designed for comprehensive home computer protection. This program provides reliable protection against viruses, hackers and spam at the same time. The Kaspersky Anti-Spam module is one of the elements of this home computer protection system. First of all, it should be noted that Kaspersky Anti-Spam is not a standalone product and does not work separately from Kaspersky Personal Security Suite. To some extent, this can be called a disadvantage, since users cannot use Kaspersky Anti-Spam separately, but comprehensive protection also has its undoubted advantages.

Anti-virus protection and firewall have been reviewed on the pages of our publication more than once. Therefore, in this article we will focus exclusively on the operation of the anti-spam module.

The basis of Kaspersky Anti-Spam is the intelligent SpamTest technology, which provides: fuzzy (that is, triggered even in case of incomplete match) comparison of the scanned message with samples - messages previously identified as spam; identifying phrases typical for spam in the text of the letter; detection of pictures previously used in spam emails. In addition to the criteria listed above, formal parameters are also used to identify spam, including:

"black" and "white" lists that the user can maintain;
various features of mail message headers typical for spam, for example, signs of falsification of the sender's address;
tricks used by spammers to deceive mail filters - random sequences, substitution and doubling of letters, white-on-white text, and others;
checking not only the text of the letter itself, but also attached files in plain text, HTML, MS Word, RTF and others.

Installing the anti-spam module

The module is installed during the installation of Kaspersky Personal Security Suite. When choosing the installation parameters, a user using mail clients other than Microsoft mail programs may not install the module for Microsoft Outlook.

It should be noted that Kaspersky Anti-Spam scans any correspondence received via the SMTP mail protocol. Thanks to this, it can filter out spam in any email program, but more on that below.

Integration into Microsoft Outlook Express

The program does not have its own interface as such. In Microsoft Outlook Express, the Kaspersky Anti-Spam module is integrated as a menu and as an additional panel.

We can note some inconvenience when using this panel, though not connected with the antispam module itself. Due to the principles of the mechanism Microsoft programs Outlook Express Kaspersky Anti-Spam panel cannot be docked in a convenient location for the user. Each time you start the program, the panel will appear the third in a row. You will have to constantly move it to a convenient place or come to terms with this state of affairs.

Program operation

When receiving mail, Kaspersky Anti-Spam analyzes incoming mail. When spam is detected, the message is marked with a special label [!! SPAM] in the Subject field and placed in the Deleted Items folder. Messages recognized as not spam are not marked with anything and are processed by the mail program in accordance with the established rules. If the program is not sure that the message is spam, then the [?? Probable Spam] and the message is placed in the Inbox folder for acceptance by the user final decision... In addition, the program uses two more types of labels: - for letters with obscene content and - for automatically generated letters, for example, letters from mail robots.

Thanks to such labels, you can organize the operation of Kaspersky Anti-Spam with any other mail program. It is enough to create rules in the mail client to sort messages by these labels. In Microsoft Outlook itself, such folders are created with one click of a button in the antispam module settings window.

Training program

The program can be trained in two ways: by classifying the messages received by the user as spam - not spam, and by downloading updates from the Laboratory's server. The first method allows you to train the program for the user's personal mail, the second - to quickly respond to massive phenomena of spam on the Internet.

When launched for the first time, Kaspersky Anti-Spam will extract address book Microsoft Outlook all addresses to be added to the "Friends List". All letters from these addressees will be treated by the anti-spam module as not spam and will be passed without checking. Subsequently, the user can edit this list by adding or removing addressees to it. In addition to the "Friends List" there is also the "Enemy List". Any correspondence received from addressees from the "Enemy List" will be unambiguously assessed as spam.

Add recipients to the lists of friends or enemies is done by simply pressing a special button on the Kaspersky Anti-Spam panel. Training is also carried out there. If you skip a spam email, you just need to click the "This is spam" button. A window will appear in which the user must tell the program what to do with this message.

The "Send as an example of spam" command generates a letter to Kaspersky Lab with a message about spam for further training. This command can be neglected. You can also neglect adding the author to the enemies, but you should definitely add the letter to the spam samples. This is how the program is trained for personal correspondence.

Since Kaspersky Anti-Spam does not integrate into other mail clients, it can be trained in these programs only through updates received from the Laboratory's server. Unfortunately, this training option does not provide an opportunity to train the program for the specifics of personal mail.

Settings

In the program settings, you can: specify the location of the module bases, if the user wants them to be stored in a non-standard place; disable or enable filtering; set update parameters and view statistics.

The Kaspersky Anti-Spam module provides fairly complete protection of user's mail from spam. Like any other program, it requires training. And while this training is going on, it is possible that correct emails are mistakenly recognized as spam and vice versa. A relative disadvantage is that the module does not allow deleting messages on the server that are clear spam. The user still has to spend his traffic on these unnecessary letters. On the other hand, with this approach to filtering spam, no valuable message is lost. In all other respects, Kaspersky Anti-Spam deserves the most serious attention, especially considering the module's integration with other programs that ensure the security of the user's computer.

According to statistics, more than 80 percent malware penetrate the local network through e-mail. The mail server itself serves as a tasty morsel for hackers - having gained access to its resources, the attacker gets full access to the archives of emails and lists of email addresses, which allows him to get a lot of information about the life of the company, the projects and work being done in it. Eventually, even lists of email addresses and contacts can be sold to spammers or used to discredit a company by attacking those addresses or writing fake emails.

At first glance, spam is much less of a threat than viruses. But:

a large flow of spam distracts employees from completing their tasks and leads to an increase in non-production costs. According to some reports, after reading one letter, an employee needs up to 15 minutes to get into a working rhythm. If more than a hundred unsolicited messages arrive per day, then their need to view them significantly disrupts current work plans;
spam contributes to the penetration of malicious programs into the organization disguised as archives or exploiting vulnerabilities in email clients;
a large flow of letters passing through the mail server not only impairs its performance, but also leads to a decrease in the available part of the Internet channel, an increase in the cost of paying for this traffic.

With the help of spam, some types of attacks using social engineering methods can be carried out, in particular phishing attacks, when a user receives letters disguised as messages from completely legal persons or organizations with a request to take any action - for example, enter a password to his bank card.

In connection with all of the above, the e-mail service requires protection without fail and in the first place.

Solution Description

The proposed solution for protecting the enterprise mail system provides:

protection against computer viruses and other malicious software distributed by e-mail;
protection from spam, both entering the company by e-mail and spreading over the local network.

Modules can be installed as additional modules of the protection system;

protection against network attacks on the mail server;
anti-virus protection of the mail server itself.

Solution components

The mail services protection system can be implemented in several ways. The choice of a suitable option is based on:

company policy information security;
operating systems, controls, security systems used in the company;
budget constraints.

The right choice allows you not only to build a reliable protection scheme, but also to save a significant amount of money.

As examples, we will give the options "Economical" and "Standard"

The Economy option is built on the Linux operating system and maximizes the use of free products. Option composition:

anti-virus and anti-spam subsystem based on products from Kaspersky Lab, Dr.Web, Symantec. If a company uses a demilitarized zone, it is recommended to move the mail traffic protection system into it. It should be noted that products designed to work in a demilitarized zone have more functionality and greater capabilities to detect spam and attacks than standard ones, which improves network security;
a firewall subsystem based on the iptables2 firewall and management tools standard for the Linux operating system;
Snort-based attack detection subsystem.

Mail server security analysis can be done using Nessus

The solution based on the "Standard" option includes the following subsystems:

a subsystem for protecting mail server and mail gateway services from malware based on solutions from Kaspersky Lab, Dr.Web, Eset, Symantec or Trend Micro;
firewalling and attack detection subsystem based on Kerio Firewall or Microsoft ISA.

Mail server security analysis can be done using XSpider

Both of the above options do not include IM and Webmail protection modules by default.
Both the “Economical” and the “Standard” options can be implemented on the basis of FSB and FSTEK certified software products, which allows them to be supplied to government agencies and companies with an increased level of security requirements.

Benefits of the proposed solution

the solution provides reliable protection against the penetration of malware and spam;
the optimal selection of products allows you to implement a protection scheme that takes into account the needs of a particular client.

It should be noted that a full-fledged protection system can only function if the company has an information security policy and a number of other documents. In this regard, Azone IT offers services not only for the implementation of software products, but also for the development of regulatory documents and audit.

More detailed information about the services provided, you can get by contacting the specialists of our company.

- € 55-250 million annually. 60% world mail traffic.
50-75% from all Russian mail traffic. Modern antispam tools filter 85-98% of spam. The global market for antispam filters and services in 2004 was approximately $ 500 million (IDC estimates).
Most antivirus vendors have included anti-spam components in their products. There were several purchases of anti-spam software vendors by anti-virus companies during the year (notably the $ 340 million purchase of BrightMail by Symantec). In Russia, antispam filters have been installed by most of the holders of public mail services and most of the providers, which made it possible to remove the urgency of the problem of spam for their clients. The undoubted leader in Russia in terms of sales and the number of protected mailboxes is the Spamtest technology.
1. PREVENTION The # 1 anti-spam tool is to protect your email address. No spammers will know your address - there will be no spam. Highlight your address on the network, you will have to throw it away and start a new one, it will only be a matter of time. And, as a result, tell all your friends and partners a new address again, and you may lose a number of contacts. To prevent this from happening Get two email addresses. One address for long-term contacts (do not shine it on the network).
Another address for making contacts, using the network (chats, message boards, etc.).
Then there should be no spam on the first address, because it is not known on the network.
When spam goes to the second address, just throw it away and start a new one.
2. CHOOSING A NAME People tend to get the most concise address. Let's say sergey@ mail.ru is cool and what a pity that all simple addresses are already taken. Rest assured that on [email protected] spam is pouring in without stopping. It's cool to have a laconic name for the site, but you still have to tell the email address to everyone personally, let it be from numbers or an original, not a hackneyed word. By the way, for this purpose the leading mail gmail.com registers names of at least 6 characters. All short names have long been included in spam lists.
3. HTML SPECIAL CHARACTERS The simplest and most commonly used method of protecting against spiders is to encode the email address using special HTML characters. Instead of a dog - @ ... But today this method is hopelessly outdated.
Robots can easily find such addresses.
4. JAVASCRIPT On the Anti-Spam Code Generator page, you can generate your own script. Since these scripts for hiding the address are crafted, they are very motley and there are no programs that would be able to fetch email from JavaScript. It is the most reliable address protection on the network today.
5. ANTISPAMMERS But, what if you are lit up, or you are so famous that it is impossible for you not to get noticed, then you cannot do without an anti-spammer. There are many antispam programs that you can download online.
What I do not advise.
I came to the conclusion that all these antispams are small and weak, and a sensible antispam cannot be handled by a person, only a reputable company, such as Gmail.com, can do that. Their spam remains on the server, you can always go in and correct it. So my strong advice: get yourself a mail on Google.
I have never seen a better spam filter, all spam remains on the server, which, if desired, can always be viewed and corrected. Antispammers do not completely solve the problem, but make life easier in the problem.
6. POCKET PC AND WAP Spam has reached this level, but today there are fairly reliable means of protection. Therefore, the development of this issue is not relevant.

Introduction to the problem

We all know what spam is because we have either encountered it or read about it. We all know how spammers collect email addresses. It is also no secret that spam cannot be completely defeated. The problem is how to maximally protect users leaving their contact details on your site with minimal effort.

Previously tested methods of protection

The biggest threat mailboxes represent programs that download sites and take postal addresses from the text of the pages. They either only rock your site or roam like search engines, all over the web. If your site is small, the protection of this autocorrect text is quite enough:

] + href =) ([""]?) mailto: (+) () @ ".
"() (+. (2,4)) 2 ([>]) ~ i", "1" mailto: [email protected]"
onMouseover = "this.href =" mai "+" lto: 3 "+" 4 "+"% 40 "+" 5 "+" 6 ";" 7 ", $ text);?>

Unfortunately, it won't work if you have a large site. Let's say spectator.ru, the author of which was one of the first to use this method. If I were a spammer, I would have climbed into personal settings, checked the "do not show ears" checkbox, 1000 reviews per page, and caught the cookies by Proxomitron. Then, with a rocking chair or a php script, I would download the pages with comments (substituting cookies with settings) and using a regular expression, I would catch the addresses. I would get a small base for advertising mailing.

There were a couple of other protection methods, in which the mailto: link is automatically replaced with some other one, but the effect remained the same - when you clicked on it, the system client would create a letter to the desired address. Both of them did not stand up to criticism.

Meet the iron grip

Obviously, it is difficult to think of another method of protection besides the already tried one - providing a form on the site to send a message. Let's start designing it. The advantages of this method are obvious: no one will be able to get the addresses for their spam database from your site. It will not work to send messages by hiding their address, as spammers do - the web server will fix its IP address. Lists of public anonymous proxy servers are regularly updated, and it is easy to block access from them.

Form sender

Let's start with him, because this is the hardest part.

When installing a form sender on a website, it is important to protect it from hooligan attacks, which can be no easier than spam. Therefore, we will have to make great efforts in this direction.

First, we will protect ourselves from stupid double clicks and sending many identical requests. The idea is this: the message will not be sent if the user has not opened the page with the form before, and by opening the page with the form, you can send the message only once. This can be done using PHP's built-in sessions. When opening a page with a form, we will start a session in which we will save a variable, say $ flag. We will display the session identifier as a hidden element at the very end of the form. The user enters a message and submits the form. Upon receiving the form, the script starts a session and checks the existence and value of the $ flag variable. If the variable does not exist, then this is a second click, the letter is not sent and an error message is displayed. If there is a variable, and the form data suits us (the required fields are filled in), the script sends a letter and deletes the session.

Secondly, we will protect ourselves from smart bullies by writing down message logs. If the user submits a correctly filled form, the script will look in the logs and check what is there. So, you need to ban

* send messages to the same address more often than a certain period
* send the same text to different addresses
* and just use the form sender too often - say, no more than 10 messages per day per user

We display the session ID at the very end of the form so that the hacker needs to download the entire form and parse it, which is more difficult than just sending HTTP requests. Naturally, the sender will issue messages about errors in writing a message, a request to indicate a return address, etc.

The resulting sender code was too large to be included in the text. It is archived on the site. It seems that the script is running and sending messages.

Replacing addresses in text

Now the form sender is ready, and you need to replace all emails with links to it. Of course, you shouldn't do this manually. For myself, I wrote a script that automatically replaces addresses with links to the sender.

... Cons: more time for placing links (compensated by a catalog of links), the user, hovering over the link, does not see which address it will go to. (Dmitry Smirnov, "Ideal author's project, hypertextuality")

All the mentioned disadvantages can be easily eliminated if you use a code similar to the one that I will now describe and show.

There is nothing complicated here, if these are links, then "more time for placement" is not required. On my site, I use an engine script that is called by all pages, so it is not a problem to add or call a code that replaces addresses from it. Postal addresses are both written and written directly in the text of the pages, but before being displayed to the user, they are replaced with the desired text. Compiling a database of links or postal addresses is not a problem.

So what does an address substitute do. It looks for "mailto:" links in the text, selects addresses from them, sends a request to the database to count (count (*)) how many addresses from those on the page are in a special table. If there are new addresses on the page, then their number will be greater than the query result. In this case, a query is made, in which the values of addresses are selected, and those already existing in the table are excluded from the list. The remaining list is sent to the table with an INSERT query.

As for the ID addresses, in my opinion, it is better to use something that the site visitor could not pick up. Imagine, the link /email.php?id=10 leads to the sender? What a temptation to put in there 11, 12, etc. and try to send them all a message. Therefore, I decided to use the md5 hash from the addresses as identifiers. Hardly anyone will undertake to select a hash. In the case of a directory of links, you can do without ID, but then you have to select all values from the base, and to replace addresses with their hashes, everything is much easier.

A command of the form

] + href =) "." ([""]?) mailto :( [email protected]+ ".". (2,4)) 2 (. *?>) ~ Ie "," "12" /email.php?email= ". Urlencode (md5 (" 3 "))." "4" " , $ text);?>

... which replaces addresses with their hashes. I did not dare to replace the rest of the addresses in the text with links, but made a simple replacement with addresses like vasya_at_pupkin_dot_ru. The autocorrect code is also in the archive.

Outcome

Hiding email addresses from visitors is pretty easy. The autocorrect mechanism does not require additional effort, and you can write the pages of the site further as if nothing had happened. Difficulties arise when protecting the form sender from web bullies. This protection requires a lot of effort and complex code, so I have not yet started using the written code on the site. You can download the archive with a substitute for addresses and a form sender, but I beg you: do not put it on your site in the form in which you downloaded it, I myself do not know how reliably it works.