Microsoft Outlook Express is a popular and free e-mail client that comes bundled with most versions of Windows client (except for Windows Vista, which replaces Outlook Express with Windows Mail). It's easy to set up, and it's easy to use.
However, it's also a target for a lot of current and future hacks and viruses -- thanks to the fact that it's an e-mail client (one of the preferred methods of virus delivery) and its tight integration with Internet Explorer (the most heavily targeted browser of black hats). But just because it's popular with the bad guys doesn't mean you have to pay for a client to read your e-mail.
You can still use Outlook Express safely: You just need to add a little security and follow a few simple rules. Here are five ways to make Outlook Express more secure.
Prevent applications from sending e-mail
A virus that wants to replicate and share itself with other computers will try to use Outlook Express to get the job done. But it's rather easy to prevent. In Outlook Express, go to Tools | Options, select the Security tab, and enable the Warn Me When Other Applications Try To Send Mail As Me option.
Turn off HTML e-mail
Although HTML e-mail looks cool with all of its pictures and links, it's a dangerous format overall. Web bugs, bogus links, and a host of other nasty problems can do a great deal of damage to your computer. Sometimes just opening an HTML e-mail is enough to launch a malicious surprise. That's why I recommend using text mail instead.
To disable HTML e-mail in Outlook Express, go to Tools | Options, select the Mail Sending Format tab, and select the Text option. To configure Outlook Express to read HTML e-mail as text, which strips away any malicious content, go to Tools | Options, select the Read tab, and select the Read All Messages In Plain Text option.
Give up the Preview Pane
The Preview Pane definitely comes in handy when scanning through e-mails. However, it's actually quite dangerous: The operating system considers previewing an e-mail and opening an e-mail to be the same thing. To get rid of the Preview Pane, go to View | Layout, and deselect the Show Preview Pane option.
- In Outlook Express, go to Tools | Options, and select the Security tab.
- Enable the Restricted Sites Zone (More Secure) option.
- Go to Start | Control Panel, and double-click the Internet Options applet.
- On the Security tab, click the Custom Level button.
- Under Scripting, select Disable under the Active Scripting heading.
Note: This also disables Visual Basic scripts (VBS).
Block potentially malicious attachments
Some attachments are bad; some are good. But sometimes, it's just better to be safe. To disable potentially malicious attachments, go to Tools | Options, select the Security tab, and select the Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus check box under Virus Protection.
If you enable this option, Outlook Express uses the Internet Explorer 6 Unsafe File list and the Confirm Open After Download setting in Folder Options to determine whether a file is safe. It blocks the download of any e-mail attachment with a file type reported as "unsafe."
Note: Outlook Express Service Pack 1 enables this option by default.
Outlook Express is a handy, easy-to-use e-mail client -- it just needs a little help in the security department. You don't need to dump it because of security integration flaws with Internet Explorer; you just need to add a little security and remember to never open an attachment from someone you don't know.
Miss a column?
Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.
Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.
Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.