Outlook virus myths?

mylogo
mylogo used Ask the Experts™
on
I am reviewing a security document that has a section regarding needing to stop certain functions because of risk of viruses. Please know that we have antivirus on our spam appliance, Exchange as well as desktops. This is regarding Outlook 2007. I am wondering if anyone has any links to some accurate information regarding the truthfulness of some or all of these. Some may have been in previous versions but I've read in some places that with each new version, the risks get minimized:

The settings in all e-mail applications (such as "Outlook") shall be configured so as to minimize the risk of virus infection.
•      "Preview pane views" must be turned off in all folders. Viruses can be automatically activated when these preview features are in use.
•      The "message handling" feature that automatically opens the next message must be turned off.
•      The "Message Alert" feature that automatically allows you to open a new message upon alert must be disabled.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Director, Information Systems
Commented:
All other things being equal (you're running on Vista or Win7, and haven't significantly relaxed your security settings at the OS or Outlook level) you can probably ignore the preview pane item.  I DO turn off the preview pane for my spam folders, but that's so I don't have to look at the garbage.  There was a time when Outlook would preview an HTML message and, if the message contained images, it would be a way for spammers to know the message had been read and a particular e-mail address was valid.  Outlook should block images by default now.

Ditto the second item for largely the same reason.

I have no idea about the third item, but don't see how or why that would be an issue.
Even though the risks associated with the Preview Pane and automatically opening the next message have continued to decline, I still recommend at least the first two items. It is more of an issue now of managing your users, than the software.

While I believe in using filters and technology controls as a primary line of defense, an educated user can go a long way in preventing problems. We teach our clients/users to do a quick common sense check of an email before opening. Such as: Do I know this person? Is that a current vendor or client? Does that subject line make any sense to our business/line of work?

Preview panes and auto opening emails discourage users from doing that common sense check.

Author

Commented:
I like this comment and the generic "common sense check" questions. Think i'll use that if you don't mind.
As much as we try to mitigate risks, there's still risk so maybe i'll just leave those in the document with the addition of "risks have been minimalized but risks will always exist" or something like that.
thank you both.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial