Kate wrote:

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate

There are lots of users that keep spewing out "info" that is outdated by
many years. Development for OE stopped way back in 2002 (with one change in
SP-2 Windows XP). The "info" this boob recited is older than that (I saw
their reply and rolled my eyes).

If you render HTML-formatted e-mails under the Restricted Sites security
zone (the default) and if the Restricted Sites security zone is at its
default settings (or higher) than nasties, like scripts, inside of
HTML-formatted e-mails cannot run.

That does not address the possibly of web beacons that can be used to track
that an e-mail got opened, the IP address that opened it, when it got
opened, how many times it was opened, etc. OE, by default, will block
external links, like to image or sound files that can be used as web
beacons.

Under the default setup of OE (render HTML under Restricted Security zone
and block external content), the remaining danger is what *YOU* do with the
e-mail. Clicking on links in HTML e-mails (which may go to somewhere else
than they show) or extracting attachments are actions you commit and you are
responsible for. No e-mail client can overcome the users commitment to
ignorantly or deliberately hurt themself.

In OE, hover the mouse pointer over a URL link and check the status bar to
see where that link really goes. Don't accept e-mails or extract files from
them them when sent by an unknown sender (or anyone if you don't need that
file and/or weren't expecting it, and even then you should be scanning it
and perhaps even testing it, if an executable, inside a virtual machine).

There have been exploits in image file formats to proliferate malware but
that is not the fault of the e-mail client. The image rendering is
performed by image libraries back in the OS. Those have happened, got
closed, but could possibly happen again. You could configure OE to always
read your e-mails in plain-text mode if you are paranoid. Fact is, most
e-mails have no reason for using HTML format as their content is just text.
Those that splatter graphics all over inside their e-mails are using
distraction to hide that they haven't much content. Like greeting cards
with pictures, borders, glitter, and other garbage, they have very little to
actually say.

Food for thought, there, Vanguard.
We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it. His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it? So, I can either (a) ask him not to send any more, which may
offend him; (b) select the `read emails in plain text` option and
then not be able to see what he has sent sometimes; or (c) continue to
keep to the Restricted Sites zone/block external content and hope
for the best!

Kate

"VanguardLH" wrote in message
...
Kate wrote:

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate

There are lots of users that keep spewing out "info" that is
outdated by
many years. Development for OE stopped way back in 2002 (with one
change in
SP-2 Windows XP). The "info" this boob recited is older than that
(I saw
their reply and rolled my eyes).

If you render HTML-formatted e-mails under the Restricted Sites
security
zone (the default) and if the Restricted Sites security zone is at
its
default settings (or higher) than nasties, like scripts, inside of
HTML-formatted e-mails cannot run.

That does not address the possibly of web beacons that can be used
to track
that an e-mail got opened, the IP address that opened it, when it
got
opened, how many times it was opened, etc. OE, by default, will
block
external links, like to image or sound files that can be used as web
beacons.

Under the default setup of OE (render HTML under Restricted Security
zone
and block external content), the remaining danger is what *YOU* do
with the
e-mail. Clicking on links in HTML e-mails (which may go to
somewhere else
than they show) or extracting attachments are actions you commit and
you are
responsible for. No e-mail client can overcome the users commitment
to
ignorantly or deliberately hurt themself.

In OE, hover the mouse pointer over a URL link and check the status
bar to
see where that link really goes. Don't accept e-mails or extract
files from
them them when sent by an unknown sender (or anyone if you don't
need that
file and/or weren't expecting it, and even then you should be
scanning it
and perhaps even testing it, if an executable, inside a virtual
machine).

There have been exploits in image file formats to proliferate
malware but
that is not the fault of the e-mail client. The image rendering is
performed by image libraries back in the OS. Those have happened,
got
closed, but could possibly happen again. You could configure OE to
always
read your e-mails in plain-text mode if you are paranoid. Fact is,
most
e-mails have no reason for using HTML format as their content is
just text.
Those that splatter graphics all over inside their e-mails are using
distraction to hide that they haven't much content. Like greeting
cards
with pictures, borders, glitter, and other garbage, they have very
little to
actually say.

Food for thought, there, Vanguard.
We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it. His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it? So, I can either (a) ask him not to send any more, which may
offend him; (b) select the `read emails in plain text` option and
then not be able to see what he has sent sometimes; or (c) continue to
keep to the Restricted Sites zone/block external content and hope
for the best!

Kate

"VanguardLH" wrote in message
...
Kate wrote:

In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I
tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate

There are lots of users that keep spewing out "info" that is
outdated by
many years. Development for OE stopped way back in 2002 (with one
change in
SP-2 Windows XP). The "info" this boob recited is older than that
(I saw
their reply and rolled my eyes).

If you render HTML-formatted e-mails under the Restricted Sites
security
zone (the default) and if the Restricted Sites security zone is at
its
default settings (or higher) than nasties, like scripts, inside of
HTML-formatted e-mails cannot run.

That does not address the possibly of web beacons that can be used
to track
that an e-mail got opened, the IP address that opened it, when it
got
opened, how many times it was opened, etc. OE, by default, will
block
external links, like to image or sound files that can be used as web
beacons.

Under the default setup of OE (render HTML under Restricted Security
zone
and block external content), the remaining danger is what *YOU* do
with the
e-mail. Clicking on links in HTML e-mails (which may go to
somewhere else
than they show) or extracting attachments are actions you commit and
you are
responsible for. No e-mail client can overcome the users commitment
to
ignorantly or deliberately hurt themself.

In OE, hover the mouse pointer over a URL link and check the status
bar to
see where that link really goes. Don't accept e-mails or extract
files from
them them when sent by an unknown sender (or anyone if you don't
need that
file and/or weren't expecting it, and even then you should be
scanning it
and perhaps even testing it, if an executable, inside a virtual
machine).

There have been exploits in image file formats to proliferate
malware but
that is not the fault of the e-mail client. The image rendering is
performed by image libraries back in the OS. Those have happened,
got
closed, but could possibly happen again. You could configure OE to
always
read your e-mails in plain-text mode if you are paranoid. Fact is,
most
e-mails have no reason for using HTML format as their content is
just text.
Those that splatter graphics all over inside their e-mails are using
distraction to hide that they haven't much content. Like greeting
cards
with pictures, borders, glitter, and other garbage, they have very
little to
actually say.

Kate wrote:

We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it.

Users of Incredimail are like this. They bloat their e-mail to 3 times, or
more, its size with garbage strewn within their message of little content.
They're interested in glitz rather than content.

His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it?

That "assurance" doesn't even extend to the e-mail itself (for any
attachments in it). Think about it. Any spammer or malcontent can append
text to their e-mails claiming they are clean. You're going to trust
someone else's claim that their e-mail is uninfected? Not only is the
anti-virus signature worthless, it makes the sender look really stupid.
There are some boneheads here in Usenet that think appending some AV sig to
their post means anyone is going to give a gnat's fart about it.

So, I can either (a) ask him not to send any more, which may offend him;

Anyone that puts you on their mailing list, like for jokes, birthdays, etc,
and who won't remove you from that list is NOT your friend. If you ask and
they refuse, tell them they are blacklisted and then add them to your
blacklist. I someone keeps hitting your hand with a hammer and you ask them
to stop but they don't, you're not going to pull your hand away?

(b) select the `read emails in plain text` option and then not be able to
see what he has sent sometimes;

Whatever he *said* (text) will still be visible. All the glitz will be
gone.

or (c) continue to keep to the Restricted Sites zone/block external
content and hope for the best!

That's an okay setup, too. Alternatively, you can configure OE to always
read e-mails in plain-text mode but when you decide that you want to see
someone's e-mail in HTML mode then just use the View - Message in HTML menu
or just hit Alt+Ctrl+H to switch to HTML view mode (for just that message).

Kate wrote:

We have a friend who regularly forwards emails to us which he has been
sent, and which originated from who-knows-where, and they often
contain links to animations, slideshows and such like, and/or are
plastered with "pictures, borders, glitter, and other garbage", as you
put it.

Users of Incredimail are like this. They bloat their e-mail to 3 times, or
more, its size with garbage strewn within their message of little content.
They're interested in glitz rather than content.

His emails always have the AVG message that it contains no
viruses, but that assurance doesn`t extend to any external links, does
it?

That "assurance" doesn't even extend to the e-mail itself (for any
attachments in it). Think about it. Any spammer or malcontent can append
text to their e-mails claiming they are clean. You're going to trust
someone else's claim that their e-mail is uninfected? Not only is the
anti-virus signature worthless, it makes the sender look really stupid.
There are some boneheads here in Usenet that think appending some AV sig to
their post means anyone is going to give a gnat's fart about it.

So, I can either (a) ask him not to send any more, which may offend him;

Anyone that puts you on their mailing list, like for jokes, birthdays, etc,
and who won't remove you from that list is NOT your friend. If you ask and
they refuse, tell them they are blacklisted and then add them to your
blacklist. I someone keeps hitting your hand with a hammer and you ask them
to stop but they don't, you're not going to pull your hand away?

(b) select the `read emails in plain text` option and then not be able to
see what he has sent sometimes;

Whatever he *said* (text) will still be visible. All the glitz will be
gone.

or (c) continue to keep to the Restricted Sites zone/block external
content and hope for the best!

That's an okay setup, too. Alternatively, you can configure OE to always
read e-mails in plain-text mode but when you decide that you want to see
someone's e-mail in HTML mode then just use the View - Message in HTML menu
or just hit Alt+Ctrl+H to switch to HTML view mode (for just that message).

"Kate" ???????/???????? ? ???????? ?????????:
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate
HI! May name is Sveta, e-mail in HTML
__________ Information from ESET Smart Security,
version of virus signature database 4678 (20091211) __________

The message was checked by ESET Smart Security.

http://www.esetnod32.ru






__________ Information from ESET Smart Security, version of virus signature database 4678 (20091211) __________

The message was checked by ESET Smart Security.

http://www.esetnod32.ru

Uzytkownik "Kate" napisal w wiadomosci
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate CO JEST??

Uzytkownik "Kate" napisal w wiadomosci
...
In the ms.public.windowsxp.help_and_support NG, a reply to a query
mentioned that just opening an HTML-formatted email that contains
malicious software can be enough to infect a computer. How can I tell
if an email is formatted in this way when it arrives in my Inbox,
please? Is it obvious?

Thanks
Kate CO JEST??