[SC-Help] Re: Spammers getting smarter?

[Mike Easter]

Jeff wrote:
> The problem with doing that is I noticed after I did disable HTML in
> e-mails, e-mails don't load right for legitmate ones.  I get ones from
> Yahoo! Groups everyday and its necessary for those to have HTML
> required.  I also view the pictures in the preview window so I can't
> turn that off either.  Those two solutions/suggestions aren't
> practical for me to use.

In my own configuration, I'm configured to render html because I get
html mail from my friends and one of my mailing lists which 'won't'
plaintext, and, as you will recall, I'm the one who is saying don't open
spam and virms and that there is no spam or virms in my Inbox.  None.

Being configured to preview is tantamount to opening everything which is
previewed, so it is a very insecure condition.  You should not even be
'visiting' your Junk folder or any other folder such as your Inbox which
/might/ contain unknown mail in that configuration.  If you even access
a folder with a 'dangerous' or undesirable mail in it with Preview
enabled and you are insecure, you can become virus infected by a
mailicious item 'falling into' the preview slot.

That is, sufficiently insecurely configured, if you are 'in' your Inbox
and a properly constructed virm lands in the Inbox [the #1 position]
which causes it to become the 'target' or selected item, the preview
process of OE can use IE's rendering engine to render the html of the
previewed item, and the/your insecurity can result in the execution of
the viral payload, which can easily be too new for whatever antiviral
agent you have running.

Said another way, you can 'accidentally' preview a virm and thus infect
yourself.

There's another separate issue which is about housekeeping and proper
quoting and citing which has nothing to do with the rest of this, so I
think I'll put that in another post.



-- 
Mike Easter
kibitzer, not SC admin