"View->AutoPreview" and security in Outlook 2003

  • Thread starter Thread starter Malzbier
  • Start date Start date
M

Malzbier

Hello,

i try to find out if the AutoPreview function in Outlook 2003 is a security
risk in such a way that active content is eventually executed when
autopreview is active while the user only sees the first 3 or 4 lines of the
mail.

In "http://office.microsoft.com/en-us/outlook/HP011205081033.aspx“ they
write that in the Reading Pane potentially malicious scripts or attachments
are not activated or opened automatically.

So the Reading Pane shouldn't be a security risk, but what about AutoPreview?
The article HP011205081033 only discusses the Reading Pane but not the
AutoPreview.

mfg
M. Metzger
 
Hello Roady,

thank you for your quick answer.
Thats all i wanted to know.
So i don't have to take care of our users preview settings.

mfg
M. Metzger
 
You're welcome! :-)



Malzbier said:
Hello Roady,

thank you for your quick answer.
Thats all i wanted to know.
So i don't have to take care of our users preview settings.

mfg
M. Metzger
Click to expand...
 
Malzbier said:
Hello,

i try to find out if the AutoPreview function in Outlook 2003 is a security
risk in such a way that active content is eventually executed when
autopreview is active while the user only sees the first 3 or 4 lines of the
mail.

In "http://office.microsoft.com/en-us/outlook/HP011205081033.aspx´ they
write that in the Reading Pane potentially malicious scripts or attachments
are not activated or opened automatically.

So the Reading Pane shouldn't be a security risk, but what about AutoPreview?
The article HP011205081033 only discusses the Reading Pane but not the
AutoPreview.

mfg
M. Metzger
Click to expand...

AutoPreview shows the first few lines of an e-mail in plain text.
That's "plain text". There are no scripts in plain text. There are no
images in plain text (to use as web beacons). There's just plain text.

For those of us still using a pre-2003 version of Outlook (so we don't
have the option to block external images which could be web beacons),
AutoPreview mode is one step more secure than Preview mode. Outlook
should be configured to use the Restricted Sites security zone (which
should be at its High setting level) which prevents scripts from
running. Web beacons is the remaining means of tracking if you open an
e-mail but OL2003+ has an option to prevent them (but OL2002 does not
hence the choice to use AutoPreview mode instead of Preview mode).
 
Hello VanguardLH,

thank you for your answer.
I have outlook configured to use the Restricted Sites security zone (under
Tools->Options->Security) but there's no site recorded. The dialog box that
comes up under "zone settings->sites" is empty.
Is that normal or is that Restricted Sites security zone not till then
meaningfull when something is listed there?

mfg
M. Metzger
 
That is normal; Outlook will run in the Restricted Sites security zone so
also all its calls to the Internet.
The list of URLs you can add is there to specify which sites will always
runs in the Restricted Sites zone regardless of the zone that the
application is running in.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AutoPreview 3
Outlook 2003 1
autopreview is different from open message. how to see all? 2
AutoPreview and Web Bugs 4
Outlook XP with AutoPreview issues 3
Can see reply text in autopreview, but not in reading pane 2
autopreview lines in OUTLOOK? 1
Different handling of message in Autopreview and Previewpane inOutlook for custom form 1

Back
Top