Ask Dr. Intranet

In a recent column you said network managers should "encourage (or force) users to disable the preview panes" in their e-mail clients. Can you explain why this is important?

Preview panes display the message when you highlight the subject line in the message index. Sometimes this is all that's required to release a virus. Last year's Kak virus used Javascript to exploit the Outlook Express preview pane to replicate itself. (see Current Email Virus Warnings). Searching the Internet for "VBS Worm Generator Download" finds ready-to-run kits for packaging worm viruses to spread through HTML code so preview pane viewing would infect your system (see this warning). Closing the preview pane gives some additional protection if you can manage to overcome your curiosity.

The National Infrastructure Protection Center's "Microsoft E-mail and Script Vulnerabilities" assessment provides an overview. Microsoft's e-mail security page has links to tools that protect you from Outlook e-mail attachment viruses. Finally, this message describes how last year's Life_Stages.txt.shs virus compromised your system by the time it displayed the included text file.

The trade-off is between security and convenience.

As a network architect at Change at Work in Houston, Blass understands the strain of developing and managing intranets. Send your problems to

This story, "Ask Dr. Intranet" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon