|
|
|
|
|
|
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
The Surveillance Bug
Some say there are no bugs, just "features." Members of the ISP-NT list discuss a "feature" of Microsoft Outlook and other e-mail readers that allows spammers who send HTML messages to build databases of the people who read the e-mails.
| [September 18, 2001] |
 |
On the ISP-NT list in August, JC inquired,
"Have you checked out the frightening of the power of the web bug at www.nthelp.com/oetest/oe.htm? What do you think?"
The knee-jerk response to drop Outlook apparently didn't solve the problem:
[MI offered] "Hey, got a great solution: don't use Outlook! Microsoft isn't going to fix the 'bug' anytime soon. They want to profile you just as much as the spammers."
[AW countered] "It is not just an Outlook problem, though. I have heard that people using Gecko on Linux will have the same issue as well."
[FA added] "It works with Eudora; it doesn't seem to return the kind of browser, but it sends the IP address."
A number of respondents offered the most obvious solution:
[OO suggested] "If you're so afraid of this bug, then disable HTML mail: you can forget about your pretty little newsletters when a 'fix' is implemented."
[FA agreed] "I'm becoming a believer in a non-HTML mail world: yes, it's pretty, but if I see one more X10 pop-under, I'm going to get really mad."
[PJ added] "Just set Outlook or Eudora to 'display text messages only.'"
DR shared a more complex answer:
"Here's a way to block the ads if you want. It works great; I use it on all of my user and home systems: http://www.ecst.csuchico.edu/~atman/spam/adblock.shtml."
Others noted that disabling active scripting will also solve the problem:
[MS advised] "In Internet Explorer's Security options, turn all scripting to prompt. I've done that for a long time now. Almost every page I go to has some kind of script; most load just fine without allowing them-they are just there to snoop."
[JM added] "In Outlook Express, go to the Security options and select 'Restricted Sites Zone'. This will then use the security settings of that zone as they're configured in Internet Explorer."
Still others praised the simple virtues of the software firewall:
[AN offered] "ZoneAlarm, even the free version, blocks this type of exploit; just tell it to block Outlook Express from being a server."
[JM agreed] "It's the automatic downloading of the image files from an external web server that is the problem. Viewing of simple HTML in itself shouldn't pose a security problem. Rendering an HTML message as plain text just results in viewing gibberish, so I don't see any reason to disable HTML viewing per se. Using ZoneAlarm, on the other hand, it took me 15 seconds to disable Outlook Express as a server when connected to the Internet. I can still view HTML formatted messages; I just get nice little red X's where the pretty pictures used to be. I'm beginning to really see the value of running a software firewall that can block connections at the application level."
—End
| Related articles: | |
| [Nov. 7, 2000] | Secure Desktop Access From Just About Anywhere |
| [Apr. 11, 2000] | Ipswitch's IMail for NT |
| [Mar. 27, 2000] | Windows 2000's VPN-Related Security Issues |
ISP-Planet's
RSS feed
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 