"View->AutoPreview" and security in Outlook 2003

[Malzbier]

Hello,

i try to find out if the AutoPreview function in Outlook 2003 is a security
risk in such a way that active content is eventually executed when
autopreview is active while the user only sees the first 3 or 4 lines of the
mail.

In "http://office.microsoft.com/en-us/outlook/HP011205081033.aspx“ they
write that in the Reading Pane potentially malicious scripts or attachments
are not activated or opened automatically.

So the Reading Pane shouldn't be a security risk, but what about AutoPreview?
The article HP011205081033 only discusses the Reading Pane but not the
AutoPreview.

mfg
M. Metzger

 

[Roady [MVP]]

AutoPreview is not a security risk either.

 

[Malzbier]

Hello Roady,

thank you for your quick answer.
Thats all i wanted to know.
So i don't have to take care of our users preview settings.

mfg
M. Metzger

 

[Roady [MVP]]

You're welcome!

Hello Roady,

thank you for your quick answer.
Thats all i wanted to know.
So i don't have to take care of our users preview settings.

mfg
M. Metzger

 

[VanguardLH]

Hello,

i try to find out if the AutoPreview function in Outlook 2003 is a security
risk in such a way that active content is eventually executed when
autopreview is active while the user only sees the first 3 or 4 lines of the
mail.

In "http://office.microsoft.com/en-us/outlook/HP011205081033.aspx´ they
write that in the Reading Pane potentially malicious scripts or attachments
are not activated or opened automatically.

So the Reading Pane shouldn't be a security risk, but what about AutoPreview?
The article HP011205081033 only discusses the Reading Pane but not the
AutoPreview.

mfg
M. Metzger

AutoPreview shows the first few lines of an e-mail in plain text.
That's "plain text". There are no scripts in plain text. There are no
images in plain text (to use as web beacons). There's just plain text.

For those of us still using a pre-2003 version of Outlook (so we don't
have the option to block external images which could be web beacons),
AutoPreview mode is one step more secure than Preview mode. Outlook
should be configured to use the Restricted Sites security zone (which
should be at its High setting level) which prevents scripts from
running. Web beacons is the remaining means of tracking if you open an
e-mail but OL2003+ has an option to prevent them (but OL2002 does not
hence the choice to use AutoPreview mode instead of Preview mode).

 

[Malzbier]

Hello VanguardLH,

thank you for your answer.
I have outlook configured to use the Restricted Sites security zone (under
Tools->Options->Security) but there's no site recorded. The dialog box that
comes up under "zone settings->sites" is empty.
Is that normal or is that Restricted Sites security zone not till then
meaningfull when something is listed there?

mfg
M. Metzger

 

[Roady [MVP]]

That is normal; Outlook will run in the Restricted Sites security zone so
also all its calls to the Internet.
The list of URLs you can add is there to specify which sites will always
runs in the Restricted Sites zone regardless of the zone that the
application is running in.

 

[Malzbier]

Hello Roady,

thank you for the quick answer.

mfg
M. Metzger

 

[Roady [MVP]]

You're welcome!

Hello Roady,

thank you for the quick answer.

mfg
M. Metzger