Steganos Security Suite 7 - FREE! Get a FREE fully-working copy of Steganos Security Suite 7 (worth £49.99) when you sign up to the Practical PC Newsletter.

Protect your privacy, encrypt and hide sensitive data and much more...
We hate SPAM as much as you do and we promise never ever to sell, rent, loan or give away your personal information. We fully conform to the USA CAN-SPAM rules. Here's our privacy policy.

Outlook - Useful or Security Risk?

David Dorn wonders whether Outlook users are aware of just how much maintenance it requires, and offers a few tips for their safety

Microsoft Outlook (the full product - not Outlook Express) is what you call 'feature rich' - an epithet to which some cynics add 'and security compromised'. How close such cynics are to the truth is up to the reader to decide, but my own view is that Outlook's programmability and innate links to 'things users ought never to play with' do tend to make it potentially more of a liability than an asset in the home.

Let me clarify that last bold statement. The salient part is 'in the home'. Quite why an ordinary PC owner would need the power of Outlook is, frankly, a little beyond me. As an email client it's a pain to set up - it works best with Microsoft Exchange Server, and there aren't many folks with enough computing firepower in their two-up-two-downs to warrant setting such a server up. As a PIM and Contact Manager it's fine - but who, in your average semi, needs that kind of thing?

Nope - its in business where Outlook has its foothold, and it's businesses that tend to have more of the 'always on' Internet links that make Outlook such a stonking liability when it comes to the likes of the I LOVE YOU and Nimda viruses.

Not that Outlook Express is immune from such things, of course, but in its latest incarnation (version 6, now shipping with Internet Explorer 6) it has all the security holes turned of - well, nearly all of them - while Outlook itself ships with its defaults set to 'sieve', it's so full of holes.

If you must

But if you must use either program (and I do like Outlook Express as an email client, I have to say) there are certain steps you should take before you let them loose on the 'Net.

Disable the 'auto preview' panes - get rid of them altogether. The methodology varies between versions, so press F1 and get them sorted. By doing this, you rob email-born nasties like Nimda of the ability to work without you explicitly opening the email containing them.
Uninstall Windows Scripting Host - it's unlikely you're ever going to need it, as a private user. Businesses may well have software than uses it and needs it, but us mere mortals? No. So bin it. That robs a whole load of 'functionality' from yet more Trojans and Viruses.
Install a firewall - We keep advising this. Go get Zone Alarm, get it installed and keep it running. If you don't like ZA, get another one. Just make sure you've got something between you and the Internet.

There you are - three basic steps to start off on the road to safety. There's more, though, that you can do once you've got those done and you're emailing in earnest.

Here's a tip. Reading emails that carry them can trigger some nasties. So, let's assume that you've received an email that you're unsure about. Normally, you just wouldn't open it, you'd delete it unread, but there's a doubt. It may actually be important.

Here's what to do.

First, check that you've set auto-quoting on (the facility that appends the text of an email you're replying to to your reply).
Next, check that you've set the quote marker to '>' - so that every line of the quoted email starts with '>'.
OK - without opening the email in question, just highlight it, and click on 'Reply'!

What you'll see is the text of the incoming email, each line preceded by a '>' (thus rendering any script that might be nasty inoperable) in an environment that doesn't (as far as we know) support scripting! You can read it, decide what's what, and check whether or not you need to do anything with it. Obviously, you won't open any attachments.

Nuggets

Maybe I shouldn't have used the word 'obviously' there. I'll tell you why. There is an acquaintance of mine who happens to own a company that is heavily dependent on its PCs. He's a devotee of Outlook - uses it all the time. He's got contact lists as long as your arm. If he gets hit by an email propagating worm, half the UK will get an infected email from his machine. He's connected 24/7, and Outlook is never closed. Of steps one to four above, I've persuaded him to do only step one and step four. The firewall, though, is taken care of by another organisation, over which I have no influence.

So, I've drummed it into him that he should never knowingly open an attachment. When a new nasty strikes, I ring him, and remind him - I get the news very quickly. I tell him 'Don't, under any circumstances, open any attachments'. He always replies that, yes, he knows, I've told him often enough. Do I think he's stupid?

You tell me...

So, not two days after Nimda went ballistic, I visit his office. He's all smiles. 'Look at what so-and-so sent me today', he says, playing about with his mouse. A video clip opens on his desktop - quite amusing, really.

'Oh', says I, 'did he send you a CD?'

You've guessed it...

'No- he emailed it to me'.

What a nugget!

David Dorn