Outlook Preview Pane and Virus Attachment Infection

[Guest]

Hello, I am in the IT field and I am confused whether previewing an email can
infect you with a virus. I cannot seem to get a clear answer after talking to
5 different people. Most say you should not preview messages because it can
launch viruses, but my understanding of attachments does not jive with that
concept. I believe previewing is the same as opening the email. I
understand that in order to view the attachment, you can choose to download
and view it, otherwise the Preview pane will not show the content of the
attachment. If the attachment is a .exe type virus for example, the exe will
not run unless I choose to open it, so how can a preview window launch the
exe? Or perhaps current vectors are more creative and can infect me in other
ways more creative than the just cited simple exe example? If you view the
file, you do not execute the attachment...that has been my experience.
However, if the message itself has embedded code, then it is a different
matter. Am I correct? Please help.

Andy

 

[Fuzzy Logic]

Hello, I am in the IT field and I am confused whether previewing an
email can infect you with a virus. I cannot seem to get a clear answer
after talking to 5 different people. Most say you should not preview
messages because it can launch viruses, but my understanding of
attachments does not jive with that concept. I believe previewing is
the same as opening the email. I understand that in order to view the
attachment, you can choose to download and view it, otherwise the
Preview pane will not show the content of the attachment. If the
attachment is a .exe type virus for example, the exe will not run unless
I choose to open it, so how can a preview window launch the exe? Or
perhaps current vectors are more creative and can infect me in other
ways more creative than the just cited simple exe example? If you view
the file, you do not execute the attachment...that has been my
experience. However, if the message itself has embedded code, then it
is a different matter. Am I correct? Please help.

Andy

There are other ways to get infected besides attachments. For example the current .ANI issue
<http://www.microsoft.com/technet/security/advisory/935423.mspx> can infect you without opening an
attachment. The biggest factor in these types of infections is wether you view the message in plain text or not.
It's highly unlikely you will be infected if you preview messages in plain text. If you render the HTML their is a
potential to get infected.

 

[Harry Johnston]

There are other ways to get infected besides attachments. For example the current .ANI issue
<http://www.microsoft.com/technet/security/advisory/935423.mspx> can infect you without opening an
attachment. The biggest factor in these types of infections is wether you view the message in plain text or not.
It's highly unlikely you will be infected if you preview messages in plain text.

Unfortunately I'm not sure that's true; the recent Animated Cursor vulnerability
cannot be mitigated by viewing messages in plain text in Outlook Express. Also
in Windows Vista while viewing messages in plain text mitigates the
vulnerability, you're exposed if you reply or forward the message. (Huh???)

I personally recommend using Mozilla Thunderbird instead of the various
Microsoft mail clients. Of course, it is still subject to security bugs but
overall the security history is better.

Harry.

 

[Lanwench [MVP - Exchange]]

Hello, I am in the IT field and I am confused whether previewing an
email can infect you with a virus. I cannot seem to get a clear
answer after talking to 5 different people. Most say you should not
preview messages because it can launch viruses, but my understanding
of attachments does not jive with that concept. I believe previewing
is the same as opening the email. I understand that in order to view
the attachment, you can choose to download and view it, otherwise the
Preview pane will not show the content of the attachment. If the
attachment is a .exe type virus for example, the exe will not run
unless I choose to open it, so how can a preview window launch the
exe? Or perhaps current vectors are more creative and can infect me
in other ways more creative than the just cited simple exe example?
If you view the file, you do not execute the attachment...that has
been my experience. However, if the message itself has embedded code,
then it is a different matter. Am I correct? Please help.

Andy

See replies to your other post. I see that you're using the web interface to
the groups, which is pretty clumsy at best. Try using a newsreader client,
such as Forte
Agent, Thunderbird, or even Outlook Express, instead. It's a lot easier to
do nearly everything that way and you won't as often run into problems with
duplicate posting, etc. You can mark messages to be watched, filter the
views so you can see replies to your posts easily, and search.

The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like; no authentication is required.

(cribbed shamelessly from a post by Malke Routh)

Here's information on Usenet and using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm

http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/

 

[Fuzzy Logic]

Unfortunately I'm not sure that's true; the recent Animated Cursor
vulnerability cannot be mitigated by viewing messages in plain text in
Outlook Express. Also in Windows Vista while viewing messages in plain
text mitigates the vulnerability, you're exposed if you reply or forward
the message. (Huh???)

The OP asked about Outlook not Outlook Express.

If you forward the message the harmful content is passed on but doesn't affect you.

 

[Harry Johnston]

The OP asked about Outlook not Outlook Express.

He might have meant either. Anyway, the point is that viewing in plain text
isn't a cure-all.

If you forward the message the harmful content is passed on but doesn't affect you.

That's not what Microsoft's security bulletin says.

Harry.

 

[Fuzzy Logic]

He might have meant either. Anyway, the point is that viewing in plain
text isn't a cure-all.


That's not what Microsoft's security bulletin says.

Harry.

This is what it says:

Note While reading e-mail in plain text on Windows Mail in Windows Vista does mitigate attempts to exploit the
vulnerability it does not provide mitigation if forwarding or replying to e-mail messages sent by an attacker.

----

It's not clear but I have tested it with Outlook 2003 on Windows XP Pro and it doesn't affect me. I always view
my messages in plain text as the default. When you forward the message it's converted to plain text but the
attachments are still there. The recipient may be vulnerable if they don't read the message in plain text. This is
essentially what I said in the first place. Things may be different if you are running Vista.

 

[Guest]

Thanks to FuzzyLogic and Harry. I think I have a better feel for things now
and it basically means that Reading emails in plain text may be safer, but
not totally.



-Andy