Re: outlook express security

From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 12/19/02


Date: Thu, 19 Dec 2002 13:52:50 -0500
From: "Michel Gallant (MVP)" <neutron@istar.ca>

The default attachment settings does not directly affect the
"launching and displaying a web page from mail ..", but the
new default settings for OE6 should take care of that:
In:
   Tools | Options | Security
with the "Restricted Sites Zone" selected, this prevents any active
scripting (which includes pop-up windows which are scripted).
I just verified this (by sending a script to myself, including a popup
window and embedded alert JScript statement. Also, with Restricted
Sites Zone selected (and with the settings therein NOT modified),
html meta-redirects also are prohibited (in both preview, and separate
window view for OE6 sp1.

----- WARNING ----
If you select "Internet Zone" in OE6 settings, active scripting
will be enabled (including in Preview pane); also automatic meta-redirects
within the Preview pane will be enabled. Thus, make sure you are
using "Restricted Sites Zone", and that the settings for that zone are not
altered.
(p.s. Netscape Messenger has a handy global'ish setting for locking down
 that mail client :-)

 - Michel Gallant
   MVP Security
   JavaScience Consulting
   http://pages.istar.ca/~neutron

adam wrote:

> Does this function also prevent IE from launching and
> displaying a web page the mail message is pointing to?
>
> A lot of spam messages today contain an IE 'trigger'
> causing automatic connection to an unwanted web page - a
> very annoing function. I would love to know how to prevent
> this.
>
> Adam
>
>
> >-----Original Message-----
> >You can also choose which attachments OE allows access to
> >and still use this
> >very good safety measure for other unwanted file
> >type/attachments
> >
> >In IE6....Start >>> Settings>>>Folder options>>>file
> >types>>>edit>>>check
> >"confirm open after download" which will deny access to
> >the particular file
> >type and from being saved etc.....uncheck to allow access
> >to that file type
> >and those attachments with that particular file type and
> >it will come thru
> >as a normal attachment with full access.....you can also
> >add new file types
> >if you wish
> >
> >
> >> Tools Options Security Uncheck Do not Allow Attachments
> >
> >
> >
> >>-----Original Message-----
> >>When I receive ANY attached file and try to open it,
> >>Outlook Express defaults to a message that says "OE
> >>removed access to the following unsafe attachments."
> Not
> >>sure if they mean virus or otherwise, but I can not seem
> >>to override or eliminate that default. Please advise.
> >>.
> >>
> >.
> >



Relevant Pages

  • Re: worm/virus impact
    ... I've checked my settings in both OE and the file type ... The worm was executed, but it was run under a limited ... > to enable the ability in Outlook Express to block unsafe attachments. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: outlook express security
    ... And sorry for displaying a fake return e-address. ... >The default attachment settings does not directly affect ... >Sites Zone selected (and with the settings therein NOT ... >>>and those attachments with that particular file type ...
    (microsoft.public.security)
  • Re: [Full-disclosure] Administrivia: A new home for FD
    ... I shouldn't have to "fix" my settings for the damn list! ... Please check any attachments for viruses and defects ...
    (Full-Disclosure)
  • Re: attachments blocked
    ... I'm not using a firewall as far as I know. ... I use Norton Internet Security. ... I went through all of those settings and I don't notice anything that would ... attachments on emails from friends. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: worm/virus impact
    ... Jim, thanks for the response. ... I've checked my settings in both OE and the file type ... The worm was executed, but it was run under a limited ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)