Malicious Hypertext Markup Language in Preview Panes

[DRobe]

We have recently moved to Outlook 2003 and I really like
the ability to view a full e-mail using the new preview
pane capabilities.

Our netwprk administrator came by, saw that I had the
preview pane turned on and freaked out. He sent out a
message to all users and stressed the inportance of
keeping these options tunred off.

With such an awesome new look, has MS taken advanced
steps to prevent the Malicious Hypertext Markup Language
from being a problem? Or do we get this nifty new look
without the cool abilities?

Please comment with something that I can pass along to my
rightfully paranoid net admin.

Thanks.

 

[Sue Mosher [MVP]]

Was there something in the preview pane that sent your admin out of his
skin? And how does seeing it in the preview pane differ from viewing the
same thing in an open message?

Outlook 2003 has strong protection against malicious HTML (stronger than
many other mail programs), even in the preview pane -- HTML script doesn't
run, external content doesn't load, and, with IE patches fully up to date,
known Internet exploits can't be exploited.

 

[DRobe]

Sue,

I believe that he is still in the mind set that was
established when this became a problem. There has really
been little published in the way of bringing into light
the improvement of the Outlook client against malicious
code. Maybe this needs to be something that is
emphasized in the Microsoft online community, espcecially
on the Microsoft Office web site.

I want to enjoy the new features in the latest Microsoft
products, but without it becoming a big deal to our
Network Administrator.

I will definitely forward the information you have given
me.

Thank you, Sue, for the fast response!!!!

 

[Sue Mosher [MVP]]

We've been writing about it for years, literally years, as has Microsoft.

 

[DRobe]

Here's a comment from the network admin:

"That is good. However, this comes from the same company
that stated that buffer overruns are impossible anymore
with XP."

Now, I see that you aren't even with Micorosoft, so my
suggestions may have to be directed to the folks there.

Thanks for your help.

 

[Sue Mosher [MVP]]

Since it sounds like he won't take anyone's word for anything, you might
suggest that he visit http://www.gfi.com/emailsecuritytest/ and test for
himself.
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[DRobe]

Sue,

You are awesome! I'm reading your article on the Windows
Network & .NET Magazine site and I'm convinced that with
all the right structure and tools in place we're in good
hands with Outlook 2003.

I'll pass that article along.

Thanks again!

-----Original Message-----
Since it sounds like he won't take anyone's word for anything, you might
suggest that he visit

http://www.gfi.com/emailsecuritytest/ and test for

 

[Guest]

Sue, thank you for the link to the email security test! Can you tell me if these tests will work on a Mac with OS X?

Thanks,
Twinkyz

 

[Sue Mosher [MVP]]

The security tests do not involve running software on the client, so the o/s
is immaterial. Messages will be sent to the address you provide illustrating
known security vulnerabilities but in a harmless fashion.
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

Sue, thank you for the link to the email security test! Can you tell me

if these tests will work on a Mac with OS X?

 

[Guest]

Thank you so much

Twinkyz