14 total posts
Click on the following link: http://cybercoyote.org/security/prevpane.htm If you do this, to be extra safe you are also supposed to scan "each" and every email with your antivirus program. As an FYI, I did this, but I decided I didn't like it. So I changed it back. Too much trouble. Yes you might be safer, but I have my antivirus and antispyware programs and I scan often so I feel safe. I have been "clean" for quite some time now. Of course, even if you open emails from just people you know, which is what I do, you could still get a virus.
The problem is...
The latest IE exploit is NOT stopped by any scanner, antivirus or firewall. This exploit extends into OE by virtue that OE uses IE components to render the view.
Preview is a great open door for these new threats.
Links about this exploit:
Be wary of reading the sites listed with Internet Explorer lest you trip over a "bad" site. Remember that this exploit can be in email form and with preview enabled, your machine is at risk.
I understood what you said, but
the spam blocker on my earthlink OE program stops everything that is "not" from my "address list" and puts "them" in a separate folder, where I usually tell them that it is spam and they get rid of those emails. I never actually get to a 'preview' unless "I" want to. Are you saying that I'm still not protected?
Hopefully, Microsoft will come out with a patch soon. There of course will always be attacks of some sort. I noticed "Donna" in the V&S forum wasn't putting any patch's in and just waiting for Microsoft, although I understand that you can and maybe should disable scripting. Your advise Bob is, I am sure better, just not something I elect to do at this time.
No. Not safe (in my opinion.)
You are relying on your trusted friends won't be infected and slip your machine a mickey.
The exploit I noted is currently unpatched and not being stopped by any firewall, antivirus or such. You become the stopping force.
Your machine, your choice.
Disabling scripting is a good idea or the third party patches but even with those in place we can keep digging up exploits like rocks when you dig postholes in your yard.
To dismiss being vigilent since "of course will always be attacks of some sort" is your choice. I've made mine and as such mostly watch others and their machines have issues. Mine are boring...
(NT) Your Right, Bob. Thanks, my computer is boring also.
Thank you for the exchange.
By tossing it back and forth the hope is that others lock it up a bit tighter.
Pre-screen your mail
For quite some time, I have been using Mailwasher...a little utility that's free for a single email account.
It allows you to pre-screen the header and text portions of the email body, then gives you the option of deleting, bouncing and blacklisting emails.
It does it while the emails are still on the server, so you never need to actually retrieve an unwanted email to your computer.
To use it effectively, let it run in your system tray. It will notify you when new emails arrive. Be sure to disable your email client's "automatically retrieve email' feature, so you get a chance to look at them first.
It has saved me a lot af time and trouble.
To answer the specific question. . .
In IE, click View, Layout tab, uncheck the Preview pane.
Oulook Express not IE
I think you meant to say in Outlook Express, View, Layout Tab, Preview
Some Place Along the Line ... Enough is Enough
I never have been one of those who winces at every blurb about every new virus that comes along. I'm not a defeatist either. I have surrounded myself with all the bells and whistles I can find and trust. After that, I have to rely upon those programs and a little common sense.
I have yet to be hit by a "nasty" not that I am not more or less vulnerable, but I am over these on-line terrorists controlling my life. They are just like the real live terrorists who keep us on edge constantly by doing nothing.
I suggest you do what I have done. Research the best protection no matter the costs and then forget it. Enjoy the Internet and what it can offer. You can scare yourself everyday with a new this or that which is going to eat up your system or you can enjoy your computer. The choice is up to you.
Now if you are one of those who download a fantastic program like Pest-Patrol or a Norton product and don't keep it updated, you deserve what you are going to get. For the rest of us, just enjoy what technology has to offer. Enough is ENOUGH!!
Enough is NOT enough.
"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available."
No known firewall, antivirus stops this exploit.
"In the first half of March -- prior to the release of code showing attackers exactly how to exploit a previously unknown (and currently unpatched) flaw in IE -- Secure Science tracked a single hacker group stealing between 1.5 and 2 megabytes of text data from victims each day (a small novel might take up about 1 megabyte of text data). The company found that a data cache of that size usually contains a mix of roughly 1,000 credit card numbers or login credentials for Web mail and online banking sites."
You can avoid all this by closing the preview and using other browsers.
Use a web service to preview first.
I check my email using a web service before opening my email client software. I recommend www.mail2web.com where you can preview (by default) any message as text and only by clicking 'view as HTML' will the any code within the message be rendered or executed. I delete all emails I don't need to save before ever opening my client, so I know nothing I don't want will get read.
Get the Big Target off your back
Years ago when you bought your computer you could only buy software form the computer maker, there was no choice. Later when a choice became possible I and many other savvy administrators would buy software from many different sources. The primary reason was you could buy the best application for the job, the secondary reason was security. True it was sometimes a pain in the neck getting them to co-operate with each other but the up and coming hackers and virus writers had a harder time. I still hold by this philosophy, I removed all of outlook from my systems and use other email systems. There are many around like Eudora, Pegasus and Thunderbird, there are many more. None of these suffer from the same problems that Outlook does, they don't share microsoft code (another plus). I also have disabled IE, I've not found a way of removing it altogether as some software uses some of it's code ( not smart Adobe).
For a browser use Firefox or Opera, although they have flaws they are not as bad as IE and they are a smaller target.
By not using Microsoft applications it takes the Big Target off of your back. Sure it requires a little extra work but just think of losses and the work you'd have to do if you are hit by one of these malware attacks.