Preview Pane - still risky?

G

Guest

Many years ago the "Company" adopted a policy of not allowing Preview
Pane use on client PCs due to risks associated with malicious code.
Users are required to first preview read the email headers (subject,
from, etc.) , then decide whether or not to open an email. Use of the
Preview Pane is a violation of policy.

With all the patches and security upgrades to Windows, Office,
Outlook, MS Exchange, and better AV, firewalls, etc. is previewing
messages in the Preview Pane still a risky practice? We're on a
relatively secure network with full-time AV running on all clients
(and severs and firewalls) with 100% management of all patches and
updates, so is there still a danger or may I safely recommend we allow
users to use the Preview Pane again?

What about Chilton Preview? Safe or not?

Thanks.

/Lac/
 
R

Roady [MVP]

Since the e-mail security update there is no way for automatic execution of
attchments. In fact all code execution is prohibited in the Preview Pane
making the Preview Pane even more secure than actually opening the mail.
Outlook 2002 and 2003 have this security feature built in. For previous
versions you can use the Office website to download and install the latest
updates.

--
Robert Sparnaaij [MVP-Outlook]
www.howto-outlook.com

Tips of the month:
-Navigation Pane Tips & Tricks
-Create an Office 2003 CD slipstreamed with Service Pack 1
 
V

_Vanguard_

No Spam said:
Many years ago the "Company" adopted a policy of not allowing Preview
Pane use on client PCs due to risks associated with malicious code.
Users are required to first preview read the email headers (subject,
from, etc.) , then decide whether or not to open an email. Use of the
Preview Pane is a violation of policy.

With all the patches and security upgrades to Windows, Office,
Outlook, MS Exchange, and better AV, firewalls, etc. is previewing
messages in the Preview Pane still a risky practice? We're on a
relatively secure network with full-time AV running on all clients
(and severs and firewalls) with 100% management of all patches and
updates, so is there still a danger or may I safely recommend we allow
users to use the Preview Pane again?

What about Chilton Preview? Safe or not?

Thanks.

/Lac/
Click to expand...

Make sure you configured to use the Restricted Sites security zone (and
that it is configured to the High setting). This will eliminate most of
the nasties that can be carried in HTML formatted e-mails. However,
that won't take care of web bugs; i.e., linked image files that require
you to connect to a server to retrieve the image, and which can be used
by a spammer to detect when you open their e-mail (by using a unique
image linked into your copy of their e-mail). This is how MsgTag works
(i.e., it borrowed this tactic from spammers).

You can chose to read all e-mails in plain-text mode but that sucks for
HTML-formatted e-mails because tabulation, colums, indentation, bulleted
and numbered lists, bolding, and other niceties are indeed helpful in
written communications. I use SpamPal with its HTML-Modify plug-in
which has an option to nullify any IMG tags within an HTML-formatted
e-mail. Embedded images are okay (regarding web bugs since they don't
get retrieved from some server) but if you find you gets lots of porn
and want the images gone then you can configure HTML-Modify to strip out
the embedded images, too. Some of the webmail providers now provide an
option to let you view an HTML-formatted e-mail without the images (and
you can click a button to show them, if you want), SpamPal's HTML-Modify
lets you do this for POP3 e-mail, so I would suspect there has to be
other products that could do the same. None of the Internet security
zones will block web bugs if you permit an HTML-formatted e-mail to be
rendered. HTML-Modify will also do much more regarding HTML-formatted
e-mails. I would not consider SpamPal a corporate solution against
spam. It probably could not handle the large load, but for a personal
or per-host local solution it works very well, and better than many
commercial anti-spam products, too. SpamPal is free.

--
__________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: lh_811newsATyahooDOTcom
*** and "=NEWS=" must be appended to the Subject.
__________________________________________________
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sent mail not showing in preview pane - using Pop account 2
Outlook 2003: Preview pane scanning attachments a Pain! 0
Globally disabling preview pane in OWA 2003 0
Preview pane and security 1
Altenate email viewing problem 0
Preview Pane 1
NEW-Unique? How do I make copies of received emails in Outlook 200 2
Preview pane still vulnerable?? 5

Top