Outlook and viruses

[Danny J]

Hi folks,

Obviously viruses need to be run, however I have heard of virus infected
emails that need to be opened to infect a pc....not the attachment, the
email. If this is true then does the mail window which allows one to see an
email without opening it pose a risk? I do not open junk email, but it may
open in this window.

Thanks,

Danny

 

[neo [mvp outlook]]

Yes, HTML messages can be a risk in older versions of Outlook. One of the
first ones that I remember is the KAK worm. This bugger arrived as an
innocent HTML message that exploited an Active-X component on the machine to
place a file in a pre-determined place that would run the next time the user
started the machine.

Since you didn't mention what version of Outlook you are running and/or what
operating system it is on, YES, there are steps that you can take to
mitigate the risk. (By the way, Outlook 2002 and Outlook 2003 don't run
script behind html messages by default. So the preview/reading pane is a
much safer than say Outlook 98 or 2000.)

1) Make sure that OE/Microsoft Outlook are set to use the restricted zone
for active content. (See Security tab in each product)
2) Make sure that the restricted zone is locked down to not allow (disable)
or prompt.
3) Keep Internet Explorer, Operating System, and applications current on
patches
4) Run antivirus software with current signatures
5) Don't logon to the workstation with administrative previliges (applies to
NT4/2000/XP/2003). Ideally you want to logon with "user" previliges. This
one takes work because it really depends on the applications installed and
how they react when the user only has read/execute writes to the majority of
the system.