Re: Spyware, Viruses via HTML in Email
From: JW (JustPostYourReply_at_ToTheNewsGroup.pls)
Date: 07/17/04
- Next message: _Mark_: "Re: Encryption"
- Previous message: Ed H: "Re: Encryption"
- In reply to: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Next in thread: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Reply: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Jul 2004 00:43:18 -0500
Click on Tools, then Options.
There's a check box labeled "Read all messages in plain text".
I like Spybot S&D, and use it with the purchased version of SpySweeper. I
think the PC World article I referred to recommended using Spybot S&D in
conjunction with AdAware Plus/Pro. They are good at catching spyware and
attempts to change the registry. There's no need to use both SpySweeper and
AdAware Plus/Pro.
I don't know if JavaScript, VBscript and ActiveX can be run from Email
messages displayed in Outlook Express using HTML. Although they can be used
for spying, they can also be used for a wide range of constructive (e.g.
enhancing the web site experience) and destructive purposes (e.g. wrecking
your operating system), so they fall into a more broad category called
"mobile code", instead of spyware. To stop JavaScript, VBscript and
ActiveX, I rely on 3 defenses.
I set ZoneAlarm Pro to block all Mobile Code (JavaScript, VBscript, ActiveX
objects, integrated MIME objects, etc.). If this prevents a web site from
functioning properly, then I go to the Site List tab, and change Block to
Allow only for that single web site, if I trust it. For me, I have found
this method easier than turning it on and off in Internet Explorer, not to
mention all the Security Vulnerabilities uncovered in IE in the last year.
Second, I never use an Admin account to surf the wild wild web. Much too
dangerous, since any crippleware would run with the same privileges as the
account you log in with. I use a Limited Account for surfing.
Third, I use NTFS permissions to block all access except Read/Execute, to
the folders named \Windows and \Program Files, by accounts in the group
named Users. (Admin accounts keep full control.) I've not heard of anybody
else doing this, but I glad I do. Since I set up auditing in XP Pro, I can
see failed attempts every day by some vermin from somewhere, trying to
monkey with my \Program Files or \Windows folders. Sometimes trying to
change files (e.g. explorer.exe). Sometimes trying to uninstall stuff. All
recorded in the Event Log as Failed Attempts.
In the way of disclaimers, all the defenses in the world will not guarantee
100% security. Experts will tell you there is no such thing as a
hacker-proof computer, just like experts will tell you there is no such
thing as a burglar-proof house. It's all a matter of deterrents. Given a
choice, which house would a burglar choose ? A house with no fence, no
dogs, no cars, no lights on, no sound, and windows wide open ? Or a house
with an electric fence, 2 trucks in the driveway with shotgun racks, German
Shepherds barking, lights flickering, stereos blaring, and bars on all the
windows ?
"Roberts" <staREMOVEtHISllone@erNO_SP4Mols.com> wrote in message
news:OgZWzt0aEHA.2544@TK2MSFTNGP10.phx.gbl...
Wow ! Thanks for the heads up !
I had a feeling that HTML in an email was just as risky as visiting a web
site. I suppose JavaScript and ActiveX can be run from both. I'm unable to
figure out how to look at email as text only using Outlook Express. Is this
possible?
As for memory resident spyware what do you think of Spybot S&D with its
immunize function? Do you think that AdAware Plus/Pro and the purchased
version of SpySweeper by WebRoot will work well with each other or is this a
case where more is not better?
--r
"JW" <JustPostYourReply@ToTheNewsGroup.pls> wrote in message
news:OQ5a%23$oaEHA.2932@TK2MSFTNGP10.phx.gbl...
> HTML script embedded in HTML can do just about anything. It can spread
> viruses, worms, and Trojan horses. It can open back door ports for
hackers
> to come in. It can harvest your keystrokes (passwords, account IDs). In
> other words, it can do things far worse than annoying pop up ads. Your
> anti-virus program might stop the infection, but might not.
>
> In a recent test by PC World comparing security products, Norton AV caught
> 97.5% of 14,288 Trojan horses used in the test, according to PC World.
(See
> http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp). That
> still leaves you vulnerable to only 357 known Trojan horses. To make
> matters worse, Trojan horses can carry worms or viruses. Will your
> AntiVirus program stop the worms and viruses ? Maybe. There's always the
> risk of your PC being infected by a formerly unknown virus/worm, Before
(a)
> the AV software vendor makes an update available, and (b) you download the
> AV update.
>
> Moral of the story. Never never open Email displayed using HTML. Either
> open it as text only, or do what I do. I read Email displayed using the
> remote IMAP server, without ever downloading it to my PC. Another tip: If
> you're using anti-spyware, be aware that many free versions do Not have a
> memory resident component that proactively filters and stops spyware as it
> enters. These free versions are only intended to clean up the mess, After
> the damage is Already done.
>
> The purchased versions do have a memory resident component that
proactively
> filters and stops spyware as it attempts to enter. As with many things in
> life. You can (a) save money now and waste time later, or (b) invest a
> little money now and save a lot of time and misery later. Don't risk
> unnecessary grief. Choose AdAware Plus/Pro, or the purchased version of
> SpySweeper by WebRoot (the most recent winner of PC Magazine's Editors'
> Choice Award http://www.webroot.com/)
>
>
>
> "Roberts" <staREMOVEtHISllone@erNO_SP4Mols.com> wrote in message
> news:uQv2ehmaEHA.972@TK2MSFTNGP12.phx.gbl...
> Is it possible/likely to get
>
> 1) Spyware
> 2) Adware
> 3) Virus
>
> from email opened in Outlook Express containing HTML? I have all the
latest
> MS security and critical updates and I use Norton Internet Security w/ its
> firewall and Norton AV. All of these have the latest updates. I also use
the
> built-in Windows XP firewall.
>
> I don't use AOL.
>
> TIA
> --R
>
>
>
- Next message: _Mark_: "Re: Encryption"
- Previous message: Ed H: "Re: Encryption"
- In reply to: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Next in thread: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Reply: Roberts: "Re: Spyware, Viruses via HTML in Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
