The Business of Editing: Playing It Safe

Some time ago I wrote about my experience with ransomware (see Business of Editing: URLs, Authors, & Viruses, The Business of Editing: Backing Up Is Easy to Do, and Articles Worth Reading: More on Ransomware). As I made clear in the first essay, I attacked the problem aggressively and prepared for disaster.

Sandboxie

Recently I took yet another step. This step is ideal for those of you unable or unwilling to invest in the type of computer setup I did, which I admit is not cheap. But this step is very inexpensive — it cost me $20.50 (the price was €15 and this was the conversion price). More important than the price is the protection I gained.

Sandboxie is a great way to access the Internet in protected mode. Sandboxie is for more than accessing the Internet, but that is all I use it for. Sandboxie opens programs and browsers in a “sandbox,” which means that anything that gets downloaded doesn’t get downloaded to your computer where it can do harm; it gets downloaded into a sandbox.

I use Internet Explorer as my web browser. I have now set it so that when I open IE, it opens in a sandbox. When I download, for example, client files from an FTP site, Sandboxie asks me whether I want to first open the files in a protected sandbox or save them to my hard drive. Basically, what Sandboxie is doing is setting off space on my hard drive as protected space that prevents malware from accessing my real files. Should it turn out that I have downloaded malware, I can instruct Sandboxie to delete it, knowing that the malware never got the chance to compromise my hard drive.

How important is this? The impetus for my looking for a program like Sandboxie was news reports about Cryptolocker. Cryptolocker is ransomware of the most vicious type. It attacks your data files and encrypts them. You either pay the ransom or never get access to your data files. Apparently even the data recovery companies, which charge several thousand dollars to recover data, are unable to break the encryption or if they can, not for a reasonable price and not for anything close to the price of Sandboxie.

In speaking with my computer technician about Cryptolocker, he said I had two choices should I get infected: pay the ransom or completely reformat my hard drive and reinstall all files (assuming I have backups of all of the data files). Both are expensive alternatives to Sandboxie.

Paying the ransom is problematic. They do send you the decryption key but they also leave on your computer the means to reencrypt. I have heard of instances where several months later that is what happened — renecryption with a new ransom demand.

Reformatting the hard drive is also problematic because it takes quite a bit of time and it assumes that (a) your backups are current and so you do not lose any information, (b) that your backups aren’t of encrypted files, and (c) that the backup doesn’t include Cryptolocker or similar ransomware malware.

This video from Sandboxie explains how it works:

It is pretty hard to go wrong for €15. The only thing I do not like is that the license is for one computer and for one year. I mind the one year less than the one computer limitation, but the bottom line is that this is very inexpensive protection from a very serious — and potentially very costly — problem. Sandboxie does offer a 30-day trial period; I tried it for 5 minutes and bought it.

Startpage

The other thing that I dislike about the Internet is that whenever I look for something online, I am leaving a trail for spammers; there is a lack of privacy. So I have started using Startpage, for my searches.

Startpage is free. Basically it is an overlay to Google. Instead of directly running a search through Google, you run it from Startpage. Information about Startpage is available here.

All searches and website accesses done via Startpage are done from Startpage’s servers, so it is Startpage’s IP address that is seen, not yours. And cookies are downloaded to Startpage’s proxy servers, not to your computer.

There are limitations. For example, it doesn’t support JavaScript, which means some features on some websites are not usable. But Startpage gives you an option to connect direct rather than via its proxy servers. (For a video on Startpage Proxy Servers, click here.)

This is an excellent free service. Check it out.

Richard Adin, An American Editor

Advertisement

Business of Editing: URLs, Authors, & Viruses

One of the things I most dislike about editing is the need to check author references. Aside from the mishmash manner in which the references are provided (e.g., it is not unusual to find two journal cites, one following the other, in completely different formats), I find that I am becoming increasingly angry at having to check URLs.

The Internet Age has brought many positive things to our world, but one negative is that authors increasingly cite URLs as a reference. Aside from the transience of URLs, they present a hazard to the editor who has to verify them.

Checking URLs has become expensive for me. Why? Because the links provided have become dangerous.

Twice in the last 3 months, I have inadvertently (i.e., unknown to me) downloaded ransomware (malware) to my computer as a result of clicking an author’s reference URL cite. Each of those incidents cost me several hundred dollars to remedy. In addition, my antivirus/antimalware software has protected me against another half dozen potential threats.

I’m not so angry about the threats against which I was protected by my antivirus software as I am about the ransomware ones that cost me money to cure. Fortunately, I have a local computer expert (the person who built and maintains my computers) who is willing to put me at the top of the list when I have a problem. Of course, it also means I pay for the service — and clients are unwilling to reimburse that expense.

What happened is that I clicked on a URL, found it was not good, and then moments later found that I could not access my computer’s primary screen — instead, I was faced with a demand for $300 to unlock my computer. Apparently, this is a regular scam. Sometimes the demand is labeled as coming from the FBI, sometimes it is from Homeland Security. According to my computer expert, if you pay the $300, you get a code to “unlock” the screen but then, sometime down the road, it locks up again and another demand for payment is made.

At least this bit of malware is less vicious than it could be. It only blocks access to the screen; it doesn’t attack data files.

I would be less angry about this if I thought the authors even cared a little bit, but considering that 75% of the URLs cited in the reference list in the latest project were either invalid (the URLs returned “Error 404: File Not Found” errors) or took me to clearly irrelevant sites, I have little faith in the idea that the author cares that at least one of the listed cites caused major problems for me — and would do the same for the reader who decided to check the cite.

We all know that the Internet can be a dangerous place. For the young, it is a source of never-ending bullying; for the elderly, it is a way to lose life savings; and for editors who have to check the validity of a cited URL, it is a way to infect one’s computer and suffer financial loss.

I am also mad at myself for getting caught by this malware twice. I am very careful about how I use the Internet and I make sure that I use up-to-date protection software. I even use the “pro” versions so that I get hourly updates. I also avoid likely troublesome sites. And for years I never suffered an invasion of malware.

Getting caught twice in 3 months is making me wonder what else I can do. It is hard to avoid the risk exposure when I have to check URLs as part of my job. And there is no way to know (at least not that I am aware of) in advance that a particular URL is going to make me wish I was retiring.

One colleague suggested that I simply not check URLs. Unfortunately, I cannot see an ethical way to do that. Instead, I am thinking of adding a clause to my “contract” that basically says, “client warrants that all URLs cited in the manuscript are virus- and malware-free. In the event that verifying a cited URL causes a virus or malware attack on my computer and/or network, client agrees to pay the cost of expert removal plus for my lost work time.”

I suspect that few clients would be willing to accept such a clause, especially if the client is a publisher or service provider rather than the author. But I need to do something, and the additional clause seems the best option at the moment. It would at least make my client aware of the potential for the problem.

For those of you who are interested in seeing what this particular virus is about, here is a link to Yoo Security. Should you get the virus, getting rid of it is a problem because you can’t easily access your desktop and rebooting doesn’t get around the problem. I suggest that you go now to your antivirus software’s website and search for ransomware under Support. There should be an article that tells you the steps you need to take to rid your computer of this malware. Print it and save it. Even if you can’t do it yourself, it may save you some money when you have someone else do the fix.

Have you experienced virus or malware attacks from client files? How did you deal with it?