Re: Outlook Express & Security

From: Panda (brisk)
Date: 10/03/03 

Date: Fri, 3 Oct 2003 17:54:51 -0400

It's possible, but only with unpatched
Outlook versions. The bug was discovered and
fixed in 2001 (2 years ago). But many users
are not updating.

For your reference:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

I suggest to set under Outlook Security option:
Restricted Zone
Disable Attachments
Warn when programs send email...

And if you can, for Read option choose "Read message
in Plain Text only".

I happily live with the following IE options:
In IE settings, Security, for Internet:

Disable:
1. Run components not signed with Authent.
2. Download unsigned Activex
3. Initialize and script ActiveX controls not marked safe...
4. Font download
5. Access data sources across domains
6. Drag and drop or copy and paste files
7. Installation of desktop items
8. Launching programs and files in IFRAME
9. Userdata persistence
10. Allow paste operations via script

Note: All of the above Disabled.

Prompt:
1. Download signed ActiveX controls

Set to High safety:
1. Java permissions
2. Software Channel Permissions

Prompt for user name and password:
1. User authentication

"melvin" wrote in message news:077301c389f6$8c56e150$a101280a@phx.gbl...
> Hello;
>
> I have just read,(outside these MS Newsgroups), one can
> initiate virus infection by just clicking on a piece of e-
> mail in Outlook Express...you do not have to open an
> attachment on some inbound e-mail, according to the
> article. I am a novice and could not follow the thread of
> the argument.Is this true? It sounds false to me from what
> I have learned in this security Newsgroup. Did I miss this
> warning? I admit being somewhat paranoid about viuses, and
> very paranoid about worms. Hopefully, you will excuse me
> for posting any false alarm.
>
> melvin

Relevant Pages

  • Re: OE 6 Help please
    ... If you know how to read my email addy, ... MS MVP - Outlook Express ... Security, there was definitely a bad install. ... Confirm that everything is working as it was prior to the download. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Help Please (Was Re: Test)
    ... After clicking on this newsgroup to download messages what has ... Outlook Express and Internet Explorer are *not secure* products. ... GOOD ADVICE (ESPECIALLY FOR MICROSOFT USERS) ... likely to remain security risks into the future... ...
    (sci.astro.amateur)
  • Windows Update - Unsafe ActiveX control
    ... I just tried to download the latest Microsoft security update by using the ... Windows update utility in Internet Explorer. ... After this I enabled "Download Signed ActiveX Controls" and "Run ActiveX ...
    (Bugtraq)
  • Total ActiveX rejection
    ... "Your security settings do not allow Web sites to use ActiveX controls ... I have enabled all activeX abilities, turned off ALL security, turned off ... but I'm getting desperate because I cannot download any updates for XP, ... When I click on "Information Bar Help", it just gives me the standard useless ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: OE 6 Help please
    ... firewall problem was a coincidence, but when you get SP2 up and running, go ... MS MVP - Outlook Express ... Security, there was definitely a bad install. ... Confirm that everything is working as it was prior to the download. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)