|
Questions and misunderstandings regarding the (Microsoft) Outlook preview pane are common.
Hopefully, comments by Nick FitzGerald reproduced (with permission) below will help with these
questions:
"Can I get be infected by a email virus just by viewing it viewing it in the preview pane?"
"If so, how do I turn off the preview pane in Outlook?"
Short answer (Frederic): BubbleBoy and Kak can do that...
Nick FitzGerald elaborates with his answer (unedited ACV post below):
Indeed, but note that the preview pane, per se, **is not the problem**.
BubbleBoy, Kak, Sans and others exploiting other bugs since ***ALSO***
work if you simply **read** the message -- that is, by opening it in the
normal message reader by double clicking the message in the folder's
message list, etc.
Thus, disabling the preview pane is unlikely to help you. Things like
Kak and Sans have become very common and would have become almost as
widespread almost as quickly if the preview pane **did not exist**.
Messages bearing such viruses usually arrive from friends, family or
other acquaintances of the new "victim" in the usual course of Email
exchange between these people. That is, the messages come from others
who are, in some sense, "trusted" by the recipient and in messages that
are unlikely to raise any suspicion in the new "victim" -- replies to
previous messages from the victim, or other "normal" Email from the
sender. This is also why these viruses have been so successful.
So, turning off the preview pane won't save you much pain and may only
lead to a false sense of security. Much better to put IE's handling of
**all** of your Email (be it in the context of the preview pane or of
the main message reader) into a tightly restricted security zone which
will severely limit the potential success of all current *and future*
Email-borne viruses that depend on one or more of the plethora of
scripting and/or ActiveX bugs in various versions of IE. Some very
good advice on clamping down the security zone used by Outlook and OE
is available here (URL may wrap):
( Note: the URL Nick provided is no longer available. See instead:
How to Use Security Zones in Internet Explorer )
and some more general advice on better securing a typical end user
machine, written for the "security beginner", is available here: http://www.claymania.com/safe-hex.html
Nick FitzGerald
|
