Net Q & A

Question of the Month: November 2002

Why are "preview panes" in e-mail software a risk?

Answer

Preview panes in e-mail software are a convenience that let you see the contents of a message without "opening" it.  There are two problems with them. The first applies mainly to MS Outlook users, and the second applies to any e-mail program that uses preview panes:

1. Older computer viruses could not spread by e-mail unless the recipient tried to open an attachment containing an "executable" file. More sophisticated viruses take advantage of weaknesses in Microsoft software that allow viruses to activate merely if a message is read. The newest viruses go one step further: Scripting features in MS Outlook mean that merely viewing a message in a preview pane can be enough to let some viruses take over your system.

There are patches that purport to close this vulnerability. I have them installed, but keep the preview pane turned off anyway, partly because I don't trust Microsoft on security issues.

2. The other reason applies even if you are using any mail program with a preview feature, not just Outlook: Web bugs can track you if a message with one appears in the preview pane. This will let sophisticated spammers know that your e-mail address is valid, thus causing you to get more spam.

There are advantages to turning off the preview pane feature. Outlook allows you to turn the preview feature off in one folder and keep it on in other folders. If you like the convenience of a preview pane, you can turn off the preview pane for the In Box, and use it as a screening area, moving the files you intend to read to other folders.

More Information

Wired Magazine, It's a Bug, a Bear and a Worm

Jerry Lawson