TechByter Worldwide

Speak softly and carry a large microphone

 

Sep 04, 2016

Out, Damned Spam

In 2013, I described an anti-spam application called Mail Washer Pro. Although I liked it a lot, somehow it didn't get re-installed during a system upgrade. In July, after deciding that I had had quite enough of the spams about surface protection products and "professional" organizations for women only (and for which I was "pre-approved"), I started looking for solutions. It was then that I rediscovered Mail Washer Pro and found that the 2013 installation key still worked for the latest version.

What a relief!

Unlike many anti-spam applications that insert themselves into an email application, Mail Washer Pro is designed to be used before your email application picks up messages. The setup process will automatically turn off most email applications' automatic email retrieval function. The point is to allow Mail Washer Pro to download just enough of a message to determine whether it's friend or foe, to delete the foes, and then to download only the good messages to your computer.

Mail Washer Pro allows you to view messages before they get to your computer so you can determine if they’re really spams, scams or good email.

Press ESC to close.For example, here's a message that offers me a "membership" in NPW, which is supposed to be National Professional Women (or something like that). I checked and found that I am not a woman. I may or may not be a professional. But look at the link!

"DailyViralStories" doesn't seem like a site that I would want to visit. This may be a standard run-of-the-mill spam, but it could also be a scam of some sort -- possibly a link to a "drive-by" site that will attempt to plant malware on my computer.

Mail Washer Pro's learning function has already rated this message -22 and a filter I created added -200 points, so the message is marked as spam. I'll tell you more about filters in a moment.

Here's a message about a class-action lawsuit that names Angie's List as the defendant. The message is considered to be good because ...

  1. Content analysis finds no problems and sets the rating as 100. Ratings range from 200 (definitely good) to -200 (definitely spam).
  2. The address is not on my friends list, so there's no change to the rating.
  3. The address is not on my blacklist, so there's no change to the rating.
  4. The origin of the message is not suspicious, so there's no change to the rating.
  5. No custom filter was activated, so there's no change to the rating.

Press ESC to close.One of Mail Washer Pro's most impressive features is its ability to rate messages based on numerous conditions. These can be plain-text rules or, for those who are willing to spend a tiny amount of time to learn about regular expressions, they can be very powerful rules.

I haven't enabled the application's language filter yet. This filter allows users to specify that any message containing a specific word should have its rating adjusted.

The list of words is a most impressive list of profanities.

Press ESC to close.I've created some of my own filters and the "ladies" filter is a good example. Messages claiming to be from National Professional Women, which seems to be attempting to look like the National Association of Professional Women, have started coming to my in-box. I've created a filter that marks messages as "-200" when any of the following conditions are met:

  1. The subject contains any of these: "ladies", "for women only", or "pre-accepted invitation".
  2. The body contains: "females-only leadership organization". This condition will be expanded as I learn more about the scam.
  3. The "from" component includes: "Network of Professional Women". This condition will be expanded as I learn more about the scam.

By the way, if you're interested in this particular scam, here are a few references:

When Mail Washer Pro washes your email, it deletes spam -- but not really. Depending on the settings you establish, deleted messages will still be available for a while. I've set 7 days, but the default is longer. Why would you want to keep deleted messages? That's easy: You might tell the program to delete something you really wanted to keep.

If that happens, open the Recycle Bin tab to display deleted messages and use the search window to find the message you want to keep. Click the deleted message you want to restore and then click the Restore button. The message will be restored to your in-box and available to your email application.

Press ESC to close.The program's configuration settings are impressive. I have scheduled mail checks every 10 minutes. You can link the application with nearly any email application and choose to have that application open immediately after you wash mail.

Any number of email accounts can be checked. I have set up 5 accounts. You can specify white-lists (messages will be considered good regardless of content) and blacklists (messages will always be considered spam).

Fortunately, Mail Washer Pro includes extensive on-line documentation and a PDF file that users can download. It's an application that works well without modification, but users can adjust the numerous settings to make it even better.

Press ESC to close.Users also have the ability to delete messages from Mail Washer Pro without labeling them as spam. This may happen if you routinely receive reminder that you want to continue receiving, but that you don't need to download and store.

Once you've noted the presence of such a message, just press the D key or click the trash can. The message will still be marked "Good" or "Friend", but it will be deleted when you clean the mail.

You might wish that Mail Washer Pro had a mobile version that could be synchronized with the desktop application. It does. There are versions for both Apple and Android devices. I haven't been able to test the Apple version, but I found the Android version not to be particularly usable. That's OK because I use the IMAP protocol on mobile devices, which means that no message is downloaded unless I specify that it should be.

Mail Washer Pro can be installed on 3 computers that run Windows and any number of portable devices.

5 Cats Hate spam? Here's relief.

Mail Washer Pro includes the features needed to eliminate the crap. It may take a few days for you to become acclimated to the 2-step process of checking email, but -- once you've done that -- you'll never look back.
Additional details are available on the Firetrust website.

Is the Maxthon MX Browser Worth a Gamble?

The Maxthon browser is a product of China. That might be enough for some people to write it off without going any further. After all, there are numerous books and articles by security experts that point out China's propensity to break into business and government computer systems. Still, we can't distrust everything unless we want to just disconnect our computers from the Internet, lock our doors, and stay inside.

The new MX5 version of the browser has some appealing features and Maxthon won CNET WebWare 100 Awards in 2008 and 2009, was #97 in PCWorld's list of the 100 Best Products of 2011, was one of the twelve browsers Microsoft presented in 2010 at BrowserChoice.eu, and was pronounced excellent by PC Magazine in 2014: "Loads of nifty browsing helper features, including video-ad fast-forwarding. Speedy performance. Two page-rendering engines (Webkit and Trident) for compatibility. Good support for new Web standards. Cloud syncing of tabs, passwords, and more. Do Not Track enabled by default."

I decided to give it a try.

Press ESC to close.The installer presents a happy face. Three of them, actually.

Recently I reported that security researchers from Fidelis Cybersecurity and Exatel discovered the browser sent "sensitive browsing and system data" to remote servers located in Beijing, China. This data included information about ad blocker status, websites visited, searches conducted, and applications installed.

Two features are at play here: The user experience improvement program sends back information about how well the browser works. That is common with many applications today. When users turned off the feature, though, the data continued to flow. Maxthon traced that to a bug in an old bit of software and fixed it. The other feature in play is the browser's security function that examines websites in the same way that many protective applications do and warns users when the site has a bad reputation.

Press ESC to close.Still, during the installation, I recommend choosing the Advanced option and then choosing for yourself whether you want a desktop shortcut (I turned that off), whether you want MX5 to be your default browser (I turned that off and even Maxthon recommends not selecting that option while the browser is still in beta), and whether you want to participate in the user experience improvement program (I left the UEIP enabled.)

Press ESC to close.To use MX5, you must create an account using either a cell phone number or an email address.

This is required because the browser will store some of your configuration information on-line so that you can synchronize the look and feel on different machines.

Even if you don't want to do this, you'll need to create an account.

Press ESC to close.MX5 uses both the Trident and WebKit rendering engines. Trident was developed by Microsoft and is used in Internet Explorer. WebKit is a fork of KHTML by Apple and is used in Apple Safari, Chromium, and Google Chrome. Microsoft Edge uses the EdgeHTML rendering engine, which is a proprietary version of WebKit. MX5 is the only browser that uses both.

Press ESC to close.As with most browsers, MX5 offers to save credentials. One difference is that it acts a lot like LastPass in that it encrypts credentials on your computer and also stores them in an encrypted file in the cloud. My preference is to continue using LastPass because it works across all browsers.

Press ESC to close.Maxthon, as I noted earlier, is a Chinese company with headquarters in Beijing and offices in Shanghai, Hong Kong, and San Francisco. As such, much of the development work is done by people who speak English as a second language. Sometimes that shows in the interface.

For example, hovering the mouse cursor over the proxy icon told me that I was actively using a proxy server, yet the Windows internet applet clearly shows that this is not the case.

For most users, the MX5 browser will present several handy features that other browsers don't have. For developers, some outstanding tools are built in.

Features for Developers

Most of the tools designed for developers can be added to other browsers with plug-ins, but they're simply included in MX5.

Press ESC to close.When I enabled Elements with a TechByter page on the screen, MX5 presented two columns of information at the right.

The left column is the HTML that contains the page's content.

The right column shows the cascading style sheet (CSS3) that applies to the section of code selected in the left column. At the bottom of the right column, the box model is shown for the selected text.

Any developer who's trying to figure out why something isn't being displayed quite as expected will be delighted by this view.

Press ESC to close.Choosing the Sources tab allows the user to inspect local and external CSS3 code and externally referenced Javascript.

TechByter Worldwide uses a typeface called Dosis that is served from a Google API server. What's being displayed is the CSS3 code that's retrieved from Google and embedded in the page.

The site also uses ShareThis, a service that allows visitors to share a reference to a TechByter Worldwide page. ShareThis loads its code to the page from a remote server.

Press ESC to close.This timeline view shows every element on the page, from the base html document (0821.html) to various jQuery and CSS components.

Press ESC to close.This is a similar view, but the numbers are different. That's because I've turned off caching. A developer might do this to understand how a new visitor would experience the page. The first time you visited TechByter Worldwide, your browser collected and retained some information. Javascript, CSS files, and images may all be cached on your computer so that pages load faster when you return. Pages load more slowly for a new user and this screen shows that.

Press ESC to close.Here is yet another view that shows how events are combined at load time. These views can be quite helpful.

I'm not going to give Maxthon a cat rating. It's a most interesting browser with numerous tools that developers will appreciate. There's no particular reason to suspect that it's any more dangerous than any other browser, but I understand that some users will probably not trust any software from China.

Although I don't expect Maxthon to be my primary browser anytime soon, I will use it at least occasionally.

Short Circuits

New Protections from Malwarebytes

The premium version of Malwarebytes has a new feature that will probably convince some users of the free system to pay the small registration fee.

Press ESC to close.The Malicious Website Protection module attempts to identify and block malicious domains and IP addresses by intercepting DNS queries made by any application on your computer. This could include queries from a browser, but would also include applications you might not think of such as security software, conferencing software, and any application that periodically checks for updates.

Normally these queries would be passed directly to your router and then to a nameserver, but the Malicious Website Protection module acts like a firewall, intercepts the queries, and identifies malicious traffic that could steal data.

It blocks traffic to and from domains and IP addresses that Malwarebytes considers dangerous or annoying. These include sites that host malware or potentially unwanted programs, tech support scammer sites, phishing scams, compromised sites, and illegal pharmacy sites.

Press ESC to close.If you use Skype, you'll probably see numerous alerts about blocked connections, but Skype continues to work. There's a relatively complex back-story, but essentially it comes down to this: Skype is a application that connects to various IP addresses to function. Sometimes those IP addresses are known to host malware, so Malwarebytes blocks it. Skype then finds another connection.

Several bits of information are shown:

  • Domain: Shows the domain that was requested, if available. If no domain is shown, the process probably requested the IP address directly.
  • IP: The IP address that is being blocked.
  • Port: The port on the system that was used for the contact.
  • Type: This shows the direction of the traffic.
  • Process: The application that tried to make the contact. If you don't recognize the file name, the cause might be adware (relatively benign) or some sort of malware.

If you are sure that the domain is safe or you want to visit a site despite the warning, the exclusion option allows you to do that without having to disable the protection entirely. Use this option with caution.

Exclusions may be set by IP address, domain, or application (process).

Because many domains can share an IP address, it's best to add a domain to the exclusion list instead of an IP address. And Malwarebytes says that users should "avoid giving a process free play at all times, because some malware is capable of injecting malicious code into trusted processes."

Attacking US Elections

You probably heard reports this week that voter registration systems in Arizona and Illinois have been hacked. And that could be just the beginning.

According to the Arizona Secretary of State, the FBI had became aware of the attack in June. The attack came from Russia, but failed to gain access to the voter registration system. The crooks were able to obtain log-in credentials for one elections official, though.

First reports of the break-ins came from Michael Isikoff of Yahoo News. An election official in Gila County probably was taken in by malware or a phishing message.

The Illinois attack was discovered in mid July by the State Board of Elections, which then warned county boards of the danger. Illinois reverted to paper-based systems for voter registration, but has now resumed electronic registration.

An announcement from the Illinois Board of Elections says there's no evidence that the crooks added, changed, or deleted information in the voter registration database, but they were able to retrieve some voter records. The investigation continues as the board attempts to determine how large the breach was.

As in many states, voter registration information records are public, so the crooks may not have obtained any information that wasn't otherwise available.