Site menu:



Home > TechFiles

How to Secure your E-mail against certain viruses

A HelpWithWindows TechFile

By: Arie Slob

After the outbreak of the Melissa & Love Letter worms, people are starting to realize that their mail readers are quite vulnerable when it comes to activating & spreading viruses/worms.

Let's take a look at Outlook-Express and Outlook specifically, which are typically the most vulnerable to these attacks, and let's explore some changes you can make to your mailer's default settings to make them more secure.

First of all, one factor which plays a big part in the latest virus & worm attacks (starting with Melissa), is the fact that these mail readers are set by default to Send messages immediately. If you had this feature turned off and you would load an email worm like the Love Letter, your outbox would have filled up with email messages for every contact in your address book, and you would have noticed your outbox folder fill up with new messages, you would have checked, discovered the worm's outgoing messages and deleted them! You would have stopped the virus right there!

The settings you need to change to accomplish this are:

Outlook:
Click Tools > Options, select the Mail Delivery tab and clear the Send messages immediately when connected check box.

Outlook Express
Click Tools > Options, select the Send tab and clear the Send messages immediately check box.

When you have made these changes, messages will only be sent by clicking the Send/Receive button, when you close your mail program (after asking your approval to send x number of messages from your Outbox), or the next time the mail reader checks for new messages. There is a checkbox that allows you to disable this automatic checking for new mail. If cleared, this will also disable the automating sending of mail in your outbox.

Now this will stop some infections, but the next virus thread is more serious. It requires that you only receive the email, and preview it (opening is not necessary). For a long time this was thought to be impossible, but there are already some worms using this technique. One of the most recent ones being the Wscript.KakWorm. This worm has a pretty harmless "payload", but you can probably imagine what will happen when virus writers start combining these worms, and design them to delete more critical files from your system.

These virus scripts can run automatically due to Microsoft's lacks default settings in Outlook and Outlook Express. Both use security settings that are put in place by Internet Explorer. Internet Explorer uses zones, or collections of security settings divided into Internet, Local intranet, Trusted sites and Restricted sites. Both mail programs let you set the security level to the settings for either Internet zone or Restricted sites zone.

The Internet zone is the standard security settings you use at a random Web site. The Restricted sites zone is set up with what Microsoft calls "high security", but it has a fatal setting which we'll have to correct!

Because of the existence of email viruses, you would think that email would be considered more dangerous than the typical Web site you would be visiting. So you would think that the default for mail should be Restricted Sites but it isn't - the default is Internet zone (both Outlook and Outlook Express).

Another mistake here is that both zones are set to allow embedded active scripts to run with no questions asked. There are two other choices if you customize a zone: Disable and Prompt, the default is called Enable. Disable has scripts not run and Prompt asks you if you want the script to run. This is unreasonable for use on the Web; too many sites have VisualBasic scripts and/or Javascripts on their pages, making up essential parts of the page (navigation), so it's impractical to totally turn Active scripting off or even to be continually prompted if you want to run these scripts. But for the Restricted Zone which Internet Explorer describes as This zone contains Web sites that could potentially damage your computer or data, one should have scripts disabled.

Now for more secure email, make these two changes:

  1. Change the Security Zones to Restricted sites zone: In Outlook, select Tools > Options and select the Security tab. On that tab there is a dropdown menu in the center panel labeled Zone:. In this dropdown menu, select Restricted Sites. In Outlook Express, you also go to the Tools | Options, select the Security tab, and check the radio button for Restricted sites zone.
  2. Adjust the Restricted sites setting to disable Active Scripting: With Outlook, you can access the detailed security settings by clicking the button marked Zone Settings on Outlook's menu under Tools > Options, Security tab. Or with either program, you can open the Internet Properties from Start > Settings > Control Panel > Internet Options. Select the Security tab, select the Restricted sites icon and click on the Custom Level button. Scroll down to the fourth item from the end which is under the heading Scripting. There you'll find Active scripting. Microsoft's reckless default is Enable. Change that to Disable.


    Internet Properties > Security

    Disable Active Scripting

The changes above won't guarantee you will never have a problem, bu they will certainly make it a whole less likely. Keep your anti-virus software up-to-date, and make it a practice never to open unknown attacachments, especially from people you don't know. Happy emailing!!!