I'm studying information science in graduate school, so I'm used to thinking and talking about computer security issues all the time. Better built-in software can help protect computer users, but what's really most effective is for individual users to protect themselves. Here's some advice on how to keep your computer from being zombified:

1) Make sure you have up-to-date antivirus software, and scan your computer regularly. You don't have to open e-mails to get viruses: having your unprotected PC connected to the net for 20 seconds is enough to get it infected with something. If you don't want to pay for a Norton antivirus subscription, download AVG free, which works very well. Even if you're a Mac user, you should have some kind of active protection, since there are Mac viruses out there after all. I use ClamXav.

2) Get anti-spyware software. Spyware is kind of like a computer virus: it gets into your computer surreptitiously and does stuff you don't want it to do. Some forms of spyware track your browsing activity and send it to e-mail spammers, while others cause you to get hit with popup ads. Some forms of spyware are almost as bad as viruses. Programs like Spybot are good for getting rid of this stuff.

3) Turn off port 25 on your computer. Basically, port 25 is what e-mail servers use to send messages: you don't need it for anything you do on your personal computer. (If you do, you are tech-savvy enough not to need this list.) Hackers who use botnets like the ones described in the article often send spam messages out of port 25 on computers they control. Turn off port 25, and you won't be sending someone else's spam! Use your computer's help utility to find out how to change your port settings.

4) Learn how to spot scams. The Anti-Phishing Working Group (APWG) has a good guide on how to spot, avoid and report scams here. The practice of "phishing," or using fraud to make people give up their personal information and/or money, can be used for identity theft as well as spreading viruses and spyware.

5) Use secure passwords. A lot of password-cracking software relies on extensive dictionaries of words, so don't use dictionary words to write your passwords or phrases. Break up the words or phrases with numbers. Of course, you want to remember your password, so it should mean something to you - but not to anyone who doesn't know you.

I hope this advice will be helpful to some of you. Please seek further sources of information wherever you can!

Is there some way to tell if your computer is being used as a zombie? Also, if I turn off port 25, how does that affect my real outgoing email?

@Moboman:

Is there some way to tell if your computer is being used as a zombie? Also, if I turn off port 25, how does that affect my real outgoing email?

Antivirus software can sometimes detect the presence of zombie software, but the best tool is firewall software. Install a good firewall package on your machine (unfortunately, they are usually pricey.) You can also use network monitoring software on an external firewall to detect and profile suspicious traffic.

Note that the inbuilt firewall software that comes free with Windows XP is deliberately crippled, and does not support blocking outgoing ports. Windows Vista's firewall does support outgoing port blocking. So to block port 25 on XP, you need additional firewalling software or an external firewall.

Blocking all traffic on port 25 will block legitimate email. You can create an exception to fix this. Windows Firewall allows per-program exceptions, and in more featureful software, you can supplement this with a per-site exception that allow you to connect to your own email server, but no others.

Oh, I forgot something really useful! You can search for suspicious connections with the netstat command:

netstat

in windows or unix. There are a number of graphical "netstats" if you don't like or aren't used to a command line. The output of netstat looks like this:

Active Connections

Proto Local Address Foreign Address State
TCP valency:3696 slate.com:http ESTABLISHED
TCP valency:3697 210.9.72.169:http ESTABLISHED
TCP valency:3698 umpass.browsermedia.com:http SYN_SENT

If you see a line like:

Proto Local Address Foreign Address State

TCP valency:3699 mail.inet.com:smtp ESTABLISHED

or

TCP valency:3699 mail.inet.com:25 ESTABLISHED

Then you have an active Simple Mail Transfer Protocol connection going. This is the protocol that is used to transfer email on the internet. If you always have a connection going even when your email program isn't sending mail, or have dozens of these connections going at any one time, this is suspicious, and usually indicates you are infected with a bot.

Hey thanks. I do have Symantac software installled and run it wqeekly, and install updates as they are posted. THe reason for my question is that I sometimes get a message in my inbox that appears to be a delivery failure message. I don't know the email address of the supposed bounce, and I didn't send it. Also, there typically is an attachment in the email. My first thought is that this is a clever ruse to get someone to open the attachment and deliver a virus/trojan horse/worm/etc. My other thought was that maybe my machine got zoombied for a spam campaign and this is an address that bounced. And ,no, there is no record of that address or any other strange ones in my "SENT" box. ANy thoughts?

MM