Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Securing your E-Mail client – Outlook Express Part 1

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

Securing your E-Mail client - Outlook Express

Outlook Express Security

In its default installation, Outlook Express is as secure (insecure?) as Internet Explorer, since they are really two different faces of the same core components. It must be said that newer versions of Outlook Express offer some added protection against viruses.

What is the alternative

The alternative would be to use free email clients like Thunderbird and Foxmail or even paid clients like TheBat.If you cannot avoid using OE, follow the tips below to secure it against Malware infiltration.

As with any Microsoft product the foremost recommendation is to be sure you have all the security updates installed.

Send and Receive in plain text only

OE uses Internet Explorer's HTML rendering engine to display the HTML email. HTML email can be used to track the email through the use of Webbugs. Webbugs are 1x1pixel invisible images that can transmit to the sender data like when the email was opened, to whom it was forwarded etc. Spammers use this technique to determine whether your email address is valid. Active content like ActiveX controls, Javascript, Java, animated GIFs are not supported by plain text email which makes it inherently safer. ActiveX controls embedded in HTML rendered email can be configured to download malware files to your system or even to open attachments automatically without your intervention.

Further, HTML email allows Malware authors to obfuscate links making them appear legitimate.

Open Outlook Express, click open the Tools menu and click Options to open the configuration window of OE.

Securing your E-Mail client - Outlook Express

In the Read tab check Read all messages in plain text.

Securing your E-Mail client - Outlook Express

Send messages immediately

Uncheck this option, it is available in the Send tab. This will prevent a malicious virus being automatically sent to everyone in your address book by making your outgoing messages to reside in the Outbox folder until you click the Send and Receive button on the toolbar.

Securing your E-Mail client - Outlook Express

Mail Sending Format

This setting configures how your outgoing mail is formatted. Select Plain Text in Mail Sending Format and also uncheck Reply to messages using the format in which they were sent.

Verify that OE uses the Restricted sites zone:

This setting is available in the Security tab. The bottom line is that OE should be using the Restricted Sites Zone and that the Restricted Sites zone setting should not allow activex, javascript or java. OE uses the Restricted sites zone by default in the recent versions.

Securing your E-Mail client - Outlook Express

Warn me when other applications try to send mail as me:

This setting is enabled by default. OE warns you when other programs attempt to send messages from your computer.

Securing your E-Mail client - Outlook Express

Do not allow attachments to be saved or opened that could potentially be a virus

Verify this setting is checked. This setting is enabled by default. This setting lets OE block the opening or saving of specific email attachments that might potentially contain a virus.

Outlook Express does not block all attachments indiscriminately. Afterall, some file types simply cannot contain a virus, such as a plain text or image file. To determine if an attachment might potentially contain a virus, Outlook Express checks the attachment's extension (the 3 letters after the filename) and sees if it is on the list of high-risk file types.These are the executable files such as *.exe (executable), *.pif(program information file), *.scr (screen saver), *.vbs (Visual Basic script), and 67 others. If the extension is high-risk, Outlook Express blocks all access to the attachment. If the extension is one of the 16 or so low-risk types, such as *.txt, *.bmp, *.jpg and *.gif, the attachment is not blocked. If the extension is neither high- nor low-risk, it is considered, not surprisingly, medium-risk. Outlook Express will then give you a warning if you try to open the attachment, but will not block it completely.

Outlook Express and Windows XP Service Pack 2: Several Problems or Superior Protection?

Description of how the Attachment Manager works in Windows XP Service Pack 2

Block images and other external content in HTML email:

This setting is enabled by default and is necessary if you are viewing your email in HTML format. This will block HTML that is pulled from a remote site when opening the email, striping out web bugs but preserves other HTML content.

Turnoff the Preview Pane

This feature is convenient but it also means web bugs and scripts contained in an email will also run automatically if you are viewing the email in HTML mode.

Click the View menu and click on Layout

email security-outlook express security

Uncheck Show preview pane.

email security-outlook express security

You can also add a toolbar button to quickly turn it on or off. Click on Customize Toolbar button in the layout window and select Preview from the available toolbar buttons and click Add to add the Preview button to your toolbar.

email security-outlook express security

email security-outlook express security

This concludes the Outlook Express Security Tutorial Part 1

Securing your E-Mail client – Outlook Express Part 2

{ 0 comments… add one now }

Leave a Comment