The third of my three updates to the 10-Step Security story I wrote back in 2005 covers steps seven through 10, which deal with e-mail safety. (Last week, I refreshed steps one, two, and three, which address , and steps four, five, and six that cover .)
Three years ago, e-mail was the source of most PC virus infections, but that's no longer the case. Now you're more likely to catch a piece of malware from a Web site, whether by downloading a file or simply by opening a booby-trapped page.
Does this mean you may now open e-mail messages and attachments without a second thought? Uh-uh.
The first of the four e-mail security tips in the original story warns against clicking links embedded in messages. That prohibition still applies. It's easy to spoof a link so that it looks like it leads somewhere other than its real destination. As the tip recommended, it's much safer to enter the URL in your browser's address bar manually, or to find your way to the page using the site's own navigation or search function.
Likewise, the advice in the eighth security step to scan attachments for viruses before opening them is as valid today as it was three years ago. Nearly every antivirus program and security suite scans all incoming e-mail and file attachments by default.
Some people will tell you that your e-mail client's preview pane--the topic of security tip number nine--poses no risk because it's much more difficult for malware to attack your PC simply by viewing a message. Even if this were the case, I would still close the preview pane in my e-mail program for privacy's sake.
The original article describes how to close the preview pane in Outlook Express, Outlook 2003, and Mozilla Thunderbird. The steps for doing so in Outlook 2007 are the same as in Outlook 2003.
I'm a big fan of viewing e-mail in plain text, the subject of the last of the 10 security steps. Using plain text is not just a way to block viruses transported via HTML mail. Plain-text messages may not always look so spiffy, but the files open fast.
I described how to set Outlook 2003 and 2007 to send and receive e-mail as plain text in afrom last month. To set Thunderbird to view incoming mail as plain text, click View > Message Body As > Plain Text.
To send mail as plain text in Thunderbird, click Tools > Account Settings, choose Composition & Addressing in the left pane, uncheck "Compose messages in HTML format," and click OK.
A final note on security software and wireless encryption
Two sidebars to the original 10-Step Security list the top security programs in various categories and recommend use of Wi-Fi Protected Access (WPA) to protect wireless networks.
Rather than using different programs for virus protection, spyware blocking, and other malware defenses, I prefer the suite approach. Using a combo security program reduces the chance of software conflicts, and if something goes wrong, you have only one vendor to deal with, for better or worse.
WPA provides sufficient protection for most home and small-office wireless networks, though you'll be safer if you upgrade to WPA2, if your network's router and other equipment support the later security standard. Using the older WEP security protocol is no longer sufficient because WEP is relatively easy to crack.
• Firefox 3.0.5
• Firefox 220.127.116.11
• Thunderbird 18.104.22.168
• SeaMonkey 1.1.14
As of the evening of December 21, 2008, I could update to Firefox 3.0.5 and SeaMonkey 1.1.14, but not to Thunderbird 22.214.171.124 (126.96.36.199 is available). To update Firefox and Thunderbird, click Help > Check for Updates. Visit the SeaMonkey Downloads & Releases page to update that program.