OT- A little computer help, please

[Barry in KC]

In my office, whenever I am in Outlook and get an an e-mail with a link (either from a friend or legitimate source), and I click on the link, a warning box comes up stating: "The operation has been canceled due to restictions on your computer. Please contact your system administrator."

 

We are networked, but this appears to affect only me and we don't have a SA.

 

Any thoughts?

[Fezmid]

In my office, whenever I am in Outlook and get an an e-mail with a link (either from a friend or legitimate source), and I click on the link, a warning box comes up stating: "The operation has been canceled due to restictions on your computer. Please contact your system administrator."

 

We are networked, but this appears to affect only me and we don't have a SA.

 

Any thoughts?

161133[/snapback]

 

You shouldn't be clicking links from emails. No, I'm serious.

 

You know how some people here hide the "Peter Pan Fairy" link and make it look like something else? That can be done in email as well. You should ALWAYS either type the link in manually into your webbrowser or cut and paste the link into your web browser. Never ever ever just click on a link (*especially* if IE is your default browser).

 

EDIT: Bruce Schneier is a very well-respected security guy in the IT field. Read his recommendations for home security:

http://www.schneier.com/blog/archives/2004...personal_c.html

 

Specifically:

E-mail:  Turn off HTML e-mail.  Don't automatically assume that any

e-mail is from the "From" address.

 

Delete spam without reading it.  Don't open messages with file

attachments, unless you know what they contain; immediately delete

them.  Don't open cartoons, videos and similar "good for a laugh" files

forwarded by your well-meaning friends; again, immediately delete them.

 

Never click links in e-mail unless you're sure about the e-mail; copy

and paste the link into your browser instead.  Don't use Outlook or

Outlook Express.  If you must use Microsoft Office, enable macro virus

protection; in Office 2000, turn the security level to "high" and don't

trust any received files unless you have to.  If you're using Windows,

turn off the "hide file extensions for known file types" option; it

lets Trojan horses masquerade as other types of files.  Uninstall the

Windows Scripting Host if you can get along without it.  If you can't,

at least change your file associations, so that script files aren't

automatically sent to the Scripting Host if you double-click them.

CW

[Barry in KC]

Be assurred that any link I want to open is secure. When I get the weekly Buffal Bills e-mails, I am even unable to open up any of the topics; ie, conversations with Mularkey, etc.

[Fezmid]

Be assurred that any link I want to open is secure. When I get the weekly Buffal Bills e-mails, I am even unable to open up any of the topics; ie, conversations with Mularkey, etc.

161156[/snapback]

 

Oh really, you are 100% sure that every link you want to open is secure? What if I forge an email and make it look like the weekly Buffalo Bills email, but change the embedded HTML? Forging email is trivial (I even broke into the U of Minnesota's Supercomputer lab with a forged email; I was working as a security admin there). You should never trust HTML in email.

 

But what do I know, I only do this stuff for a living.

 

CW

[Barry in KC]

Anyway, can you help me with my problem?

[stuckincincy]

You shouldn't be clicking links from emails.  No, I'm serious.

 

You know how some people here hide the "Peter Pan Fairy" link and make it look like something else?  That can be done in email as well.  You should ALWAYS either type the link in manually into your webbrowser or cut and paste the link into your web browser.  Never ever ever just click on a link (*especially* if IE is your default browser).

 

EDIT: Bruce Schneier is a very well-respected security guy in the IT field.  Read his recommendations for home security:

http://www.schneier.com/blog/archives/2004...personal_c.html

 

Specifically:

 

CW

161146[/snapback]

 

A bit confused here...could you please expand on why it is preferable to type a link in manually, or cut/paste it?

 

I very seldom click on a link, and if so, I inspect the properties first (I use a linux distro and Mozilla).

[Terry Tate]

Hey Fezmid, while we're on the subject of computer security, I have a relative who has asked me for computer help. Haven't looked at it yet, but the symptoms she describes are typical spyware/adware BS.

 

I thought I'd start by burning a copy of webroot spy sweeper (spybot) to take over there (not sure if I could even download it there). I've used adaware in the past, but I like spybot - do you believe both are necessary? Also, do you recommend hijackthis after running those two?

 

As far as security settings go, I plan on implementing all of the spybot shield settings, so she should do a little better in the future.

 

Thanks for your pc security input on this board and elsewhere on the site, I've made use of your advice often.

[Fezmid]

A bit confused here...could you please expand on why it is preferable to type a link in manually, or cut/paste it?

 

I very seldom click on a link, and if so, I inspect the properties first (I use a linux distro and Mozilla).

161178[/snapback]

 

This is why:

https://web.da-us.citibank.com/cgi-bin/citi...UseBVCookie=yes

 

Note that if I wanted to put some actual effort into it, I would mask what was shown on the browser bar so that it looked like the same thing as you clicked on. And no, I didn't copy all of the graphics files over either just so that it doesn't look good (also note the "THIS IS NOT CITIBANK!" at the top of my page). Please don't login to this site with your Citibank info...

 

Checking the properties is a good start. The only problem there is if someone buys a domain with a similar name just to confuse you. Whitehouse.gov vs whitehouse.com for example (do NOT go to whitehouse.com -- NOT WORK SAFE).

 

If PayPal sends you an email and says "click here to login to your account," NEVER EVER do that; type in paypal.com into your browser and go from there. Same applies for *any* links you receive in email.

 

To the original poster: I'm not going to help you be less secure. Sorry.

 

CW

[Terry Tate]

A bit confused here...could you please expand on why it is preferable to type a link in manually, or cut/paste it?

 

I very seldom click on a link, and if so, I inspect the properties first (I use a linux distro and Mozilla).

161178[/snapback]

A link can be disguised as one set of text (areallyfunnysite.com) but actually link to somewhere or something else (areallydestructiveprogram.exe). Viewing the properties could reveal this, while cutting/pasting the text, or manually typing it in to your browser would eliminate the possibility entirely.

[Fezmid]

Hey Fezmid, while we're on the subject of computer security, I have a relative who has asked me for computer help. Haven't looked at it yet, but the symptoms she describes are typical spyware/adware BS.

 

I thought I'd start by burning a copy of webroot spy sweeper (spybot) to take over there (not sure if I could even download it there). I've used adaware in the past, but I like spybot - do you believe both are necessary? Also, do you recommend hijackthis after running those two?

 

As far as security settings go, I plan on implementing all of the spybot shield settings, so she should do a little better in the future.

 

Thanks for your pc security input on this board and elsewhere on the site, I've made use of your advice often.

161204[/snapback]

 

I'm not familar with hijackthis... However, running both adaware and spybot S&D on a first run is probably advisable (just in case). After the first sweep through, I wouldn't think you need to leave both running.

 

No problem with the security stuff -- I love doing it. To those who havn't read my security presentation, you can check it out (for free) at: http://www.fezam.com/security - most people have to pay $20 for the class.

 

CW

[Barry in KC]

"To the original poster: I'm not going to help you be less secure. Sorry."

 

With all respect, I think you are assuming that I am clicking on links constantly. I only want to click on links that I know. I suspect someone could emulate my son's identity, or try to copy The Bills E-mail letter, but I think I'm fairly intelligent and can tell a high risk e-mail. Please let me make the decision on my security, if you would be so kind. If not, is there anyone else out there that would be willing to help me?

[Fezmid]

"To the original poster: I'm not going to help you be less secure.  Sorry."

 

With all respect, I think you are assuming that I am clicking on links constantly. I only want to click on links that I know. I suspect someone could emulate my son's identity, or try to copy The Bills E-mail letter, but I think I'm fairly intelligent and can tell a high risk e-mail. Please let me make the decision on my security, if you would be so kind. If not, is there anyone else out there that would be willing to help me?

161237[/snapback]

 

Really? What's your email address?

 

 

It only takes one bad link in an email to screw you over. But I'm sure someone will help you out, and then weeks/months/years later, you'll be posting on a message board asking for help on how to cleanup your computer.

 

CW

[stuckincincy]

A link can be disguised as one set of text (areallyfunnysite.com) but actually link to somewhere or something else (areallydestructiveprogram.exe). Viewing the properties could reveal this, while cutting/pasting the text, or manually typing it in to your browser would eliminate the possibility entirely.

161221[/snapback]

 

Thanks. I once railed against links in messages on this site entitled "Enjoy THIS! etc., but I was summarily ignored.

[34-78-83]

While Fezmid is dead on accurate with eveything he states here, it is not realistic to think that in a business environment all users are going to avoid clicking links and paste them into their browser. There are usually other security measures in place at most corporations to avoid most of the garbage out there, and on top of that, most of today's viruses that we find are nothing more than nuisances. Unfortunately, I do not have a direct solution to the error you are receiving. I have seen some other issues with clicking on links that are easily fixable but I haven't seen that particular error.

[Terry Tate]

I'm not familar with hijackthis...  However, running both adaware and spybot S&D on a first run is probably advisable (just in case).  After the first sweep through, I wouldn't think you need to leave both running.

 

No problem with the security stuff -- I love doing it.  To those who havn't read my security presentation, you can check it out (for free) at: http://www.fezam.com/security - most people have to pay $20 for the class.

 

CW

161223[/snapback]

Hijackthis is something I saw mentioned at www.bleepingcomputer.com, which if you haven't been to, you gotta check out - I think you would find it interesting to say the least. A huge amount of information available on security; a good forum to have at your disposal.

 

Apparently hijackthis will allow you to dig further if you still have problems after running adaware and spybot - as in editing the registry, which I have no plans on touching (at least yet). I've edited the registry on my machine a few times, but I'm not going there if I don't have to. For now, spybot and adaware it is!

[Barry in KC]

Really?  What's your email address? 

 

 

It only takes one bad link in an email to screw you over.  But I'm sure someone will help you out, and then weeks/months/years later, you'll be posting on a message board asking for help on how to cleanup your computer.

 

CW

161240[/snapback]

 

I promise that if you do help me, I will never, never, ever post on this board; or any other board on how to clean up my computer should I open an unsecure e-mail. You have my word.

[34-78-83]

here Barry:

 

http://support.microsoft.com/default.aspx?...kb;EN-US;325478

[Barry in KC]

While Fezmid is dead on accurate with eveything he states here, it is not realistic to think that in a business environment all users are going to avoid clicking links and paste them into their browser. There are usually other security measures in place at most corporations to avoid most of the garbage out there, and on top of that, most of today's viruses that we find are nothing more than nuisances. Unfortunately, I do not have a direct solution to the error you are receiving. I have seen some other issues with clicking on links that are easily fixable but I haven't seen that particular error.

161246[/snapback]

 

 

I appreciate that. What prompted me to ask for help was that I received an e-mail from the Sports Authority this morning. I've ordered from them before, and I need some new running shoes. Yes, I could cut and paste the website, but it is easier to click on the "footwear" tab.

[Fezmid]

I appreciate that. What prompted me to ask for help was that I received an e-mail from the Sports Authority this morning. I've ordered from them before, and I need some new running shoes. Yes, I could cut and paste the website, but it is easier to click on the "footwear" tab.

161276[/snapback]

 

It was easier to go through this whole thread than it was to cut and paste the link?!

 

CW

[theesir]

I copied and pasted your error messge into Google and got taken to the same page that 34-78-83 posted.

 

Google- all the same information, none of the lectures!!!