A Microsoft Office (Excel, Word) forum. OfficeFrustration

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » OfficeFrustration forum » Microsoft Outlook » Outlook Express
Site Map Home Register Authors List Search Today's Posts Mark Forums Read  

email in HTML format



 
 
Thread Tools Display Modes
  #1  
Old December 11th, 2009, 07:06 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Kate
external usenet poster
 
Posts: 54
Default email in HTML format

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate

  #2  
Old December 11th, 2009, 07:16 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Bruce Hagen
external usenet poster
 
Posts: 7,956
Default email in HTML format

I don't agree with that 100% It is attachments and links that are the
culprits 99.99% of the time.

Tools | Options | Read. Check: Read messages in plain text and you won't see
any HTML.

Tools | Options | Security. "Block images........." stops SpyBots in spam
when reading in HTML. (Not a virus).

With all that said, if you have a decent up-to-date AV program, your risk is
minimal. This is a good program to keep and run once a week or so. It checks
for any Malware you may have picked up, usually from a Website.

Malwarebytes Anti-Malware 1.40
http://www.download.com/Malwarebytes...-10804572.html
--
Bruce Hagen
MS-MVP [Mail]
Imperial Beach, CA


"Kate" wrote in message
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate


  #3  
Old December 11th, 2009, 07:49 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Kate
external usenet poster
 
Posts: 54
Default email in HTML format

Thanks for that, Bruce. I already have Malwarebytes installed, plus
AVG Free, and have also blocked images from appearing, so I guess I am
pretty-much covered. Still, if I do not recognise the sender of an
email, I always `save to desktop` and scan with AVG, just in case, and
all emails with attachments get scanned, regardless of who they`re
from (I didn`t install AVG`s automatic Email Scanner - too
disruptive). But, then, I don`t get a lot of emails, so it`s not a
big chore. Incidentally, do you know if can .pdf files be infected?

Thanks again
Kate

"Bruce Hagen" wrote in message
...
I don't agree with that 100% It is attachments and links that are the
culprits 99.99% of the time.

Tools | Options | Read. Check: Read messages in plain text and you
won't see any HTML.

Tools | Options | Security. "Block images........." stops SpyBots in
spam when reading in HTML. (Not a virus).

With all that said, if you have a decent up-to-date AV program, your
risk is minimal. This is a good program to keep and run once a week
or so. It checks for any Malware you may have picked up, usually
from a Website.

Malwarebytes Anti-Malware 1.40
http://www.download.com/Malwarebytes...-10804572.html
--
Bruce Hagen
MS-MVP [Mail]
Imperial Beach, CA


"Kate" wrote in message
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate



  #4  
Old December 11th, 2009, 07:57 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Bruce Hagen
external usenet poster
 
Posts: 7,956
Default email in HTML format

You seem to have everything under control. AFA pdf files, I suppose it is
possible, but I have not run across it in these newsgroups.
--
Bruce Hagen
MS-MVP [Mail]
Imperial Beach, CA


"Kate" wrote in message
...
Thanks for that, Bruce. I already have Malwarebytes installed, plus
AVG Free, and have also blocked images from appearing, so I guess I am
pretty-much covered. Still, if I do not recognise the sender of an
email, I always `save to desktop` and scan with AVG, just in case, and
all emails with attachments get scanned, regardless of who they`re
from (I didn`t install AVG`s automatic Email Scanner - too
disruptive). But, then, I don`t get a lot of emails, so it`s not a
big chore. Incidentally, do you know if can .pdf files be infected?

Thanks again
Kate

"Bruce Hagen" wrote in message
...
I don't agree with that 100% It is attachments and links that are the
culprits 99.99% of the time.

Tools | Options | Read. Check: Read messages in plain text and you
won't see any HTML.

Tools | Options | Security. "Block images........." stops SpyBots in
spam when reading in HTML. (Not a virus).

With all that said, if you have a decent up-to-date AV program, your
risk is minimal. This is a good program to keep and run once a week
or so. It checks for any Malware you may have picked up, usually
from a Website.

Malwarebytes Anti-Malware 1.40
http://www.download.com/Malwarebytes...-10804572.html
--
Bruce Hagen
MS-MVP [Mail]
Imperial Beach, CA


"Kate" wrote in message
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate




  #5  
Old December 11th, 2009, 10:20 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Michael Santovec
external usenet poster
 
Posts: 2,356
Default email in HTML format

Make sure that OE is set to run in the Restricted Zone, which is the
default. This is set at Tools, Options, Security.

The restricted zone disables the potentially dangerous parts of HTML
(Scripting and ActiveX).

--

Mike - http://TechHelp.Santovec.us



"Bruce Hagen" wrote in message
...
I don't agree with that 100% It is attachments and links that are the
culprits 99.99% of the time.

Tools | Options | Read. Check: Read messages in plain text and you
won't see any HTML.

Tools | Options | Security. "Block images........." stops SpyBots in
spam when reading in HTML. (Not a virus).

With all that said, if you have a decent up-to-date AV program, your
risk is minimal. This is a good program to keep and run once a week or
so. It checks for any Malware you may have picked up, usually from a
Website.

Malwarebytes Anti-Malware 1.40
http://www.download.com/Malwarebytes...-10804572.html
--
Bruce Hagen
MS-MVP [Mail]
Imperial Beach, CA


"Kate" wrote in message
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate



  #6  
Old December 11th, 2009, 11:12 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
VanguardLH[_2_]
external usenet poster
 
Posts: 4,113
Default email in HTML format

Kate wrote:

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate


There are lots of users that keep spewing out "info" that is outdated by
many years. Development for OE stopped way back in 2002 (with one change in
SP-2 Windows XP). The "info" this boob recited is older than that (I saw
their reply and rolled my eyes).

If you render HTML-formatted e-mails under the Restricted Sites security
zone (the default) and if the Restricted Sites security zone is at its
default settings (or higher) than nasties, like scripts, inside of
HTML-formatted e-mails cannot run.

That does not address the possibly of web beacons that can be used to track
that an e-mail got opened, the IP address that opened it, when it got
opened, how many times it was opened, etc. OE, by default, will block
external links, like to image or sound files that can be used as web
beacons.

Under the default setup of OE (render HTML under Restricted Security zone
and block external content), the remaining danger is what *YOU* do with the
e-mail. Clicking on links in HTML e-mails (which may go to somewhere else
than they show) or extracting attachments are actions you commit and you are
responsible for. No e-mail client can overcome the users commitment to
ignorantly or deliberately hurt themself.

In OE, hover the mouse pointer over a URL link and check the status bar to
see where that link really goes. Don't accept e-mails or extract files from
them them when sent by an unknown sender (or anyone if you don't need that
file and/or weren't expecting it, and even then you should be scanning it
and perhaps even testing it, if an executable, inside a virtual machine).

There have been exploits in image file formats to proliferate malware but
that is not the fault of the e-mail client. The image rendering is
performed by image libraries back in the OS. Those have happened, got
closed, but could possibly happen again. You could configure OE to always
read your e-mails in plain-text mode if you are paranoid. Fact is, most
e-mails have no reason for using HTML format as their content is just text.
Those that splatter graphics all over inside their e-mails are using
distraction to hide that they haven't much content. Like greeting cards
with pictures, borders, glitter, and other garbage, they have very little to
actually say.
  #7  
Old December 12th, 2009, 01:37 AM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Kate
external usenet poster
 
Posts: 54
Default email in HTML format

Food for thought, there, Vanguard.
We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it. His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it? So, I can either (a) ask him not to send any more, which may
offend him; (b) select the `read emails in plain text` option and
then not be able to see what he has sent sometimes; or (c) continue to
keep to the Restricted Sites zone/block external content and hope
for the best!

Kate

"VanguardLH" wrote in message
...
Kate wrote:

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate


There are lots of users that keep spewing out "info" that is
outdated by
many years. Development for OE stopped way back in 2002 (with one
change in
SP-2 Windows XP). The "info" this boob recited is older than that
(I saw
their reply and rolled my eyes).

If you render HTML-formatted e-mails under the Restricted Sites
security
zone (the default) and if the Restricted Sites security zone is at
its
default settings (or higher) than nasties, like scripts, inside of
HTML-formatted e-mails cannot run.

That does not address the possibly of web beacons that can be used
to track
that an e-mail got opened, the IP address that opened it, when it
got
opened, how many times it was opened, etc. OE, by default, will
block
external links, like to image or sound files that can be used as web
beacons.

Under the default setup of OE (render HTML under Restricted Security
zone
and block external content), the remaining danger is what *YOU* do
with the
e-mail. Clicking on links in HTML e-mails (which may go to
somewhere else
than they show) or extracting attachments are actions you commit and
you are
responsible for. No e-mail client can overcome the users commitment
to
ignorantly or deliberately hurt themself.

In OE, hover the mouse pointer over a URL link and check the status
bar to
see where that link really goes. Don't accept e-mails or extract
files from
them them when sent by an unknown sender (or anyone if you don't
need that
file and/or weren't expecting it, and even then you should be
scanning it
and perhaps even testing it, if an executable, inside a virtual
machine).

There have been exploits in image file formats to proliferate
malware but
that is not the fault of the e-mail client. The image rendering is
performed by image libraries back in the OS. Those have happened,
got
closed, but could possibly happen again. You could configure OE to
always
read your e-mails in plain-text mode if you are paranoid. Fact is,
most
e-mails have no reason for using HTML format as their content is
just text.
Those that splatter graphics all over inside their e-mails are using
distraction to hide that they haven't much content. Like greeting
cards
with pictures, borders, glitter, and other garbage, they have very
little to
actually say.


  #8  
Old December 12th, 2009, 02:41 AM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
VanguardLH[_2_]
external usenet poster
 
Posts: 4,113
Default email in HTML format

Kate wrote:

We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it.


Users of Incredimail are like this. They bloat their e-mail to 3 times, or
more, its size with garbage strewn within their message of little content.
They're interested in glitz rather than content.

His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it?


That "assurance" doesn't even extend to the e-mail itself (for any
attachments in it). Think about it. Any spammer or malcontent can append
text to their e-mails claiming they are clean. You're going to trust
someone else's claim that their e-mail is uninfected? Not only is the
anti-virus signature worthless, it makes the sender look really stupid.
There are some boneheads here in Usenet that think appending some AV sig to
their post means anyone is going to give a gnat's fart about it.

So, I can either (a) ask him not to send any more, which may offend him;


Anyone that puts you on their mailing list, like for jokes, birthdays, etc,
and who won't remove you from that list is NOT your friend. If you ask and
they refuse, tell them they are blacklisted and then add them to your
blacklist. I someone keeps hitting your hand with a hammer and you ask them
to stop but they don't, you're not going to pull your hand away?

(b) select the `read emails in plain text` option and then not be able to
see what he has sent sometimes;


Whatever he *said* (text) will still be visible. All the glitz will be
gone.

or (c) continue to keep to the Restricted Sites zone/block external
content and hope for the best!


That's an okay setup, too. Alternatively, you can configure OE to always
read e-mails in plain-text mode but when you decide that you want to see
someone's e-mail in HTML mode then just use the View - Message in HTML menu
or just hit Alt+Ctrl+H to switch to HTML view mode (for just that message).
  #9  
Old December 17th, 2009, 03:17 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
??????? ????????
external usenet poster
 
Posts: 1
Default email in HTML format


"Kate" ???????/???????? ? ???????? ?????????:
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate
HI! May name is Sveta, e-mail in HTML
__________ Information from ESET Smart Security,
version of virus signature database 4678 (20091211) __________

The message was checked by ESET Smart Security.

http://www.esetnod32.ru






__________ Information from ESET Smart Security, version of virus signature database 4678 (20091211) __________

The message was checked by ESET Smart Security.

http://www.esetnod32.ru




  #10  
Old March 4th, 2010, 12:51 AM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Lukasz L.
external usenet poster
 
Posts: 1
Default email in HTML format


Uzytkownik "Kate" napisal w wiadomosci
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate CO JEST??



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 08:36 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 OfficeFrustration.
The comments are property of their posters.