TMG-L Archives
Archiver > TMG > 2002-05 > 1020614471
From: "Caroline Gurney" <>
Subject: Re: [TMG] OT - anti-virus "superstition"?
Date: Sun, 5 May 2002 17:01:11 +0100
References: <LOBBKOOEANNIIOJMJAELAEJKEAAA.earbar@netway.com> <5.1.0.14.0.20020504063811.009f9aa0@pop.sprynet.com> <5.1.0.14.0.20020504212852.009ff6e0@pop.sprynet.com> <009b01c1f416$51e981c0$f79bf243@reed>
With the greatest respect, I think there is a danger in those who don't use
OE themselves trying to advise Theresa Greene Reed on safe use of the
program.
She does need to the Preview Pane as, without it, as she rightly points out,
reading e-mails becomes extremely tedious. It also becomes more dangerous
as, without the Preview Pane, she actually needs to open them to read them
(or jump through hoops viewing the message source for each one).
There are 2 dangers of which she needs to be aware. The first is opening an
attachment containing a virus. The second is a malicious script being run
automatically when she views an HTML message.
So far as attachments are concerned, a bang up to date AV program is her
first line of defence (& from what she says it seems to be working well).
The second is to use OE 6.0 & check the option under Tools > Options >
Security which says: "Do not allow attachments to be saved or opened that
could possibly be a virus". Thirdly, use an OE message rule to filter all
messages with an attachment into a separate mailbox where they can be
handled separately from the rest of her mail. It is than easy just to turn
off the Preview Pane when viewing this mailbox. For mail in this box, even
if the sender is as respectable a person as Darrell Martin or Caroline
Gurney <g>, check the message & attachment out first by rightclicking &
selecting Properties > Details > Message Source. Fourthly, if the message &
attachment seem kosher, she will need to turn off the security setting which
prevents her saving the attachment (step 2 above) and save it to somewhere
convenient (I use the Desktop) where she can rightclick & choose Scan with
(name of AV program).
As for the second danger, of malicious scripts running automatically from an
HTML e-mail viewed in the Preview Pane, a patch to eliminate this
vulnerability was issued by Microsoft many months ago. If all Windows
Updates have been applied, this should be covered. I can't speak for other
AV programs but NAV 2001, which I use, also runs Script Blocking as part of
its Auto-Protect function. Finally, scripting can be turned off in Internet
Explorer (which is what OE uses to run the script) but this can interfere
with browsing in other contexts.
Caroline Gurney
Portsmouth, UK
This thread:
| Re: [TMG] OT - anti-virus "superstition"? by "Caroline Gurney" <> |