Preview Pane allows viruses in.

L

Linda

My tech advisors have told our users that "when the
preview pain is used in outlook, it opens the email even
though the envelope icon in the main window shows that the
mail is unread. This allows spam and viruses to enter our
network."

Is this true?
 
R

Roady [MVP]

Depends on a several things; the version of Outlook and whether or not your
admins do enough to secure the network (spam filters on the server, firewall
and virusscanner).

Versions Outlook 2000 with security update and up do not allow scripts to
run in the Preview Pane and even blocks attachments that contain scripts.
Run your Outlook in the Restricted Sites security environment and you should
be save for virusses excecuting themselves.

With Outlook 2003 comes Picture Blocking which means that by default Outlook
doesn't download pictures from the Internet. This will prevent spammers from
seeing that your address is "alive".

Outlook 2003 also holds a spam-filter itself.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tips of the month:
-Create your own fully customized Toolbar
-Creating a Classic View in Outlook 2003
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
 
D

Diane Poremsky [MVP]

Did your tech advisors also advise you to install Antivirus software on the
mail server? That is one of the single most important steps to take to avoid
viruses.

Do you have all the latest IE patches installed? This is another very
important way to prevent problems.
Do you have the latest patches for your version of outlook? If yes, do you
allow users to bypass attachment blocking? Keeping Outlook up-to-date and
only opening the attachment blocks when you specifically need an attachment
will provide almost 100% protection even in OL98, the least secure version.

For more information, see http://www.slipstick.com/emo/2004/up040204.htm and
http://www.slipstick.com/outlook/esecup.htm
 
V

*Vanguard*

"Linda" said in news:[email protected]:
My tech advisors have told our users that "when the
preview pain is used in outlook, it opens the email even
though the envelope icon in the main window shows that the
mail is unread. This allows spam and viruses to enter our
network."

Is this true?
Click to expand...

The suggestion to add anti-virus software is very good. However, it is
to compensate for users that open attachments without regard to their
source or to perform a check on them before running them. Getting an
e-mail with an attachment with a virus won't run that virus unless YOU
run that attachment. That means you had to select that attachment, opt
to save that attachment, and then choose to run that saved file. That's
a lot of prompts and actions to go through to claim it was accidentally
executed. Anti-virus software is a safety net to thwart a user from
accidentally shooting themself in their foot with a gun they didn't know
was loaded, but it cannot stop the user from accepting the gun
(selecting the attachment), sliding off the safety (saving the file),
and pulling the trigger (running the saved file) just so they can see
what happens. Despite all the safety measures that can be employed
using software, invariably it comes down to the user as the last
defense. Nothing stops a user from running an attachment if they so
choose.

Besides the other suggestions, check the security level your e-mail
client is configured to use (Tools -> Options -> Security). It should
be set to the Restricted Sites security zone. Then look in the Internet
Options applet to ensure that the Restricted Sites security zone is
configured to its High (default) setting. This will prevent any scripts
or ActiveX objects from running that are included in an HTML-formatted
e-mail.

However, none of the security zones will block web bugs which are linked
images that must be loaded from a server when rendering an
HTML-formatted e-mail. A unique image file can be inserted in an
HTML-formatted e-mail. When you open the e-mail to have its HTML
rendered to display it for you, your client must retrieve the linked
image from whatever server was specified. When the server gets the
request, it can record that request for the image file. The sender then
can see that the unique image was requested. Since the sender used a
unique image, they can lookup what e-mail was used that included a link
to that particular image file. You may never see the image; it can be
tiny and use the same foreground color as the background. Spammers use
web bugs. So do e-mail services like MsgTag to find out if a recipient
opened your e-mails (they borrowed the technique of web bugs from
spammers who have been using them for years). You need to have your
mail server strip out linked images or use an anti-spam product that
will do it for you unless you don't care about spammers finding out
their crap got to your valid AND monitored e-mail account. If you don't
want to employ anti-spam software to prevent web bugs (and other crap)
in your e-mails, turn off the Preview pane and guess from the headers as
what are good and bad e-mails.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Open E-mail Preview Pane Being Vulnerable to Viruses 1
Preview Pane & Viruses 1
Outlook Preview Pane 1
Preview Pane 2
Disable Preview Pane? 3
Hang with Preview pane on 2
Keep 'Mark as unread' in bold while viewing the preview pane 1
Messenger icon in Preview Pane 1

Top