|
ACADEMIC COMPUTING and COMMUNICATIONS CENTER | ||||||||
|
|
|
|
|
|
|
|
|
|
Safe Email Viewing | ||||
When you take a cake out of the oven, you use a pot holder; when you drive, you put on your seat belt; and you even get a flu shot every year. But are you that careful when you read your email? Here are the three basic principles of safe email viewing, along with the essential principle for being safe when you're connected to the Internet. |
||||
| ||||
| Principle Number 0, The Basic Requirement for Safe Computing at UIC: Download and install Norton/Symantec Antivirus and run LiveUpdate on a regular basis. | ||||
|
Norton Antivirus is owned by Symantec and has been renamed Symantec Antivirus. By one name or the other, it's free to the entire UIC community. You can put it on all of your computers, and it works. It even finds viruses and worms that have been renamed to .txt files on the server by Mimedefang. Once you get NAV/SAV going, your only vulnerability is the first day or two after a virus is released, until Symantec develops and releases a definition file including the new virus, and then until you download and install the definition file.
|
||||
| Principle Number 1: Before you open any email message, check its subject and whether it has an attachment, and never open any email message you're uneasy about. | ||||
|
I'm sure this sounds sensible, but most email programs make it very difficult to accomplish. There are two ways that they conspire against you:
Both Eudora and Outlook come with a "preview pane" turned on by default. It helpfully opens the first - and next - email message for you, whether you want to see it or not. In Eudora, the primary problem is that the preview pane can be unstable and cause Eudora to crash, and there is the further problem that the default viewer for the preview pane is an embedded Microsoft Internet Explorer, which can also be exploited. In Outlook, previewing messages is downright dangerous. I don't know whether it's because Outlook is that much worse than any other email program or if it's just because it is so widely used that an Outlook worm can have a major effect. Either way, Outlook is the primary target of email viruses and worms, and just opening a message in Outlook can be enough to set them loose. Most email programs allow you to go directly from viewing one email message to viewing the next. That's not quite as dangerous as using a preview function, particularly if you've gone through the mailbox's index and deleted all the spam and suspicious email before you start reading the rest of your email. But new email can come in that you haven't checked out and you could get burned. |
||||
| Principle Number 2: Don't download and/or use attachments unless you've double-checked that they're legitimate. | ||||
|
Yes, yes, I know, you're tired of hearing everyone saying this, but one major email virus or worm after another proves that people aren't listening. There are two parts to this. (1) Prepare your computer:You run Norton or Symantec Antivirus, so you don't have to worry, right? Well, sort of. You are prepared if you have NAV/SAV's LiveUpdate scheduled to run automatically, on a regular basis, say once a week, at a time when your computer is turned on and connected to the Internet. If your computer is not connected to the Internet on a regular schedule, set an alarm to remind you to run it yourself once a week. (Wednesday afternoon or later is a good time; that's when Symantec releases regular updates.) Even if you do run LiveUpdate regularly, you're not safe just after a new email virus or worm gets loose. Whenever you hear about a new one, it's a good idea to run LiveUpdate by hand once or twice a day until you download a new definition file, and maybe again the next day too, just in case there was a problem with the first definition file for the virus or worm. (2) Prepare yourself:This part is called social engineering and is the major reason why poorly designed worms and viruses -- and most of them are poorly designed -- can be so successful time after time after time. Never, ever, open an email attachment unless you've asked the person who sent it to you whether he or she meant to send it to you. Don't trust any sender. Don't blame them, either, if you get burned; these days it's not likely that the From: address has anything to do with the actual sender of the virus or worm. Another essential precaution is to know what type of file you're opening. To do this in Windows, you have to turn on file extension viewing in Windows Explorer: open Windows Explorer, select Tools -> Folder Options -> View, uncheck Hide file extensions for known file types, click the Reset all Folders button, and click OK. Then if you're about to click on an .exe file, you'll know it. (Point your mouse at an attachment icon in Eudora, and the attachment's full filename, including directory, will be displayed in the status bar at the bottom of the Eudora window.) Remember that Mimedefang adds .txt to the end of the filenames of all suspect filetypes, so look at their second extension also. Principle Number 3: Don't download HTML Images.You know those gigantic pictures that you get in spam email messages? Turning them off will save you from seeing the content of many spam messages even if you do accidentally open them. And it takes a lot less time to download these messages without the images; if you have a slow Internet connection, you will really appreciate the time and aggravation it saves you. And just think -- no more disgusting pictures to look at! Spam and wasted time aside, there are other types of HTML images in email messages, often ones that you can't see, that could be compromising your privacy -- Web bugs. (Bugs as in hidden listening devices.) Web bugs are usually 1 pixel by 1 pixel in size and therefore you generally wouldn't see them. They are used to collect data about the person reading the email or, when they're on a Web page, the person or machine visiting the site. If you don't download HTML images, you won't download Web bugs. It's as simple as that. Note that sending HTML images is not the same as sending HTML-formatted messages. Go ahead and do that if you feel you must. (Please don't send them to me, though; I prefer using my own fonts.) If you do feel the need to send HTML-formatted email, include a second copy in plain text also, for those people whose email programs can't handle HTML. They would probably rather get two copies -- one in HTML and one plain text -- than try to extract the email message's content from its HTML tags. |
||||
| All set now for safe email viewing? | ||||
|
The following two articles have the options you should set in Eudora and Outlook to help you do it. I suppose it's not terribly surprising that it's a lot easier to accomplish in Eudora than in Outlook. Eudora isn't intimately entangled with other programs and the operating system like Outlook is.
|
||||
| The A3C Connection, 2003-2004, Number 1 | Previous: ACCC Lab Locations | Next: Eudora Options for Safe Viewing |
| 2004-1-24 connect@uic.edu |
|
