Why not use preview pane in Outlook / Express?
Crystal
Status: Curious
Joined: 27 Sep 2003
Posts: 6
Reply Quote
What is the problem with using the OUTLOOK split screen features that automatically opens your emails. I remember reading that you should not to do this and not to let others do it on the office network. But I cannot exactly remember why.
I do this all the time (though I have been asked not to) but I need to know the exact reason why you're not supposed to do that.
Back to top
erikZ
Status: Contributor
Joined: 30 May 2004
Posts: 148
Reply Quote
This is one of the number one ways virus writers get their viri to spread around the planet at record speeds.

When you preview an email, you are not 'previewing' it, that's an extremely misleading term. What is happening is that Outlook or Outlook express is requesting the almost full display capacity of internet explorer, which is now fast becoming legendary for it's massive and severe security holes.

These security holes, among other things, allow jpeg images to contain programs such as viruses, trojans, or other backdoors. This is the latest MS security hole in Internet Explorer. Last month there was a big one where any website that was hacked into could inject some code into your system that would exploit another hole in Internet Explorer that would allow the hacked website to insert a program into your computer that would allow hackers full access to your computer.

These are just two of the more well known recent exploits, all Internet Explorer only issues, and Outlook uses internet explorer to render the email.

So when you preview any message, you are basically opening that email in Internet Explorer, and if it's a message that has a linked image to a malicious website, and your system is not patched, antivirus protection upto date etc, you now are the proud new host to yet another so called zombie pc, taken over by spammers and hackers to use as bases to further spread their spam and viruses.

:: Quote ::
CERT [U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.] recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions. [full article - washington post]


This is one of the biggest problems on the web today, such 'owned' machines are bought and sold on the hacker/spammer black market, in groups.

The reason it's so easy for them to do this is that people use Internet Explorer and Outlook Express/Outlook.

This is why the federal government recently came out and said consumers and corporations should seriously consider dropping Internet Explorer and switching to Mozilla Firefox.

I'm waiting to fully recommend firefox until it's new 1.0 release is finalized, after that I'm going to strongly advise all my clients to permanently switch. It's a superior browser anyway.

I've been using only Firefox and its predecessors for about 4 years now, and I don't have any problems with any of these issues.

Also, the latest version of thunderbird, also from mozilla, is becoming increasingly improved, that's a first rate email client, currently at version 0.8. Once a few minor bugs get worked out, mainly in importing emails from outlook/express, I'll be recommending that clients switch. Again, this is a superior product to Outlook Express, but still a bit rough around the edges.

Personally, I'm in the middle of the process of just dumping Windows altogether, I don't even want to think about these kinds of issues to be honest, or pay ridiculous licensing fees etc. I'm currently experimenting with a Linux system, more to learn the ins and outs for now, but with the goal of doing a full switch from Windows 2000 to Linux (Yoper Linux in this case) in the coming months. Linux is still not a fully viable option for standard desktop users, but it is if there is no requirent to install new software all the time, that is, the standard corporate desktop setup works quite well on Linux.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours