[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Report excerpt - What can be done?



PureBytes Links

Trading Reference Links

What is the advantage of using Outlook or Outlook
Express over using the core application "Windows
Messaging?"  WM does not have exotic features, but
at the same time, that makes it very robust against
all sorts of spoofs and attacks.

I've been using WM for years and the only complaint I
have is that it leaves garbage in the mail that makes
others think there is an attachment.  But I presume
Outlook does the same.

I also use Pegasus Mail at times, which is very clean 
and has fewer vulnerabilities.

So why use a mail reader like Outlook with as many 
security holes as Swiss Cheese?

- mark





----------
From: 	Chris Baker
Sent: 	Sunday, April 01, 2001 7:35 AM
To: 	omega-list@xxxxxxxxxx
Subject: 	RE: Security Report excerpt - What can be done?

Here's my suggestions to help prevent these types of problems:

1. Outlook has an optional patch that, when applied, will
automatically block an .exe, .vbs or other attachment that might
contain a virus.   For example if someone sends me an e-mail with an
attached .vbs file and I open the e-mail, Outlook will display
"Attachment xxx.vbs Blocked".   There is no I you can access the
attachment anywhere on my system.   The types of attachments that are
blocked can be modified in the Registry.   (The patch isn't available
for Outlook Express.)

2. You can use your firewall to block html for your e-mail reader
program.   Text and attachments in HTML e-mail's appear fine, but
LINKS that automatically execute are blocked.   I've had html blocked
for Outlook for some time.  The only problem is links to pictures
embedded in such e-mails as news stories don't appear.   Blocking html
has the added advantage of removing links from HTML e-mail with those
distracting advertisements that appear at the bottom of some e-mails -
I only see the text.

3. You can set what "Security Zone" Outlook or Outlook Express uses
for e-mail.   I've found even when I block html, Active-X programs can
still be included in HTML e-mails.  My security settings prevent those
from executing automatically.

> -----Original Message-----
> From: DH [mailto:catapult@xxxxxxxxxxxxxxxxxx]
> Sent: Saturday, March 31, 2001 8:23 PM
> To: Omega List
> Subject: Re: Security Report excerpt - TAKE THIS SERIOUSLY
>
>
>