Safe E-mail and Internet Practice

Turn off preview pane in your e-mail program

How To Disable JavaScript and ActiveX In Your Email Software

How to safely scan and open e-mail attachments

How to Unhide File Extensions in Windows

Turn the Preview Pane Off In Your Email Program

------------------------------------------------

In Outlook and Outlook Express, there is a feature
known as the "Preview Pane". This is an area of
the screen where you can see the contents of an
email as soon as you highlight the email by simply
clicking once on it.

The Preview Pane option actually opens the email!              Top

This is VERY dangerous because many of today's
email viruses will run when the email is opened
without you double-clicking on an attachment
or anything!

Worse yet, remember that just because an email
comes from someone you know, it doesn't mean
it's virus-free!  If a virus infects your system
it will send itself to everyone in your address
book, which means that all your friends get an
email from you that contains the virus, and you
never even know that the emails were sent on
your behalf.

We cannot stress enough, the fact that many
viruses can execute just by opening an email.
You don't have to double-click on attachments
to get infected by the new breed of email
viruses.  When in doubt, don't even open,
just delete.

That's where turning off the preview pane comes in.
If the preview pane is on, every email you highlight
is actually opened so that it can be displayed in
the preview pane...

                                                                                        Top
Turn off your Preview Pane now!
-----------------------------------------
Never, never, never turn on your email program's
"Preview Pane".  If you can see the contents of
emails the instant you single-click on them,
then your Preview Pane option is turned on.

While this may be convenient, it is the same
as opening the email (which can, in turn, run
any embedded viruses).

By turning the preview option off, you gain
the advantage of then having a chance to decide
if you want to delete emails with suspicious
subjects or senders' addresses without ever
opening them.  Plus, you can tell if an
email has an attachment if there is a
paperclip icon next to it. More cause for
suspicion.

The only inconvenience to turning off the
preview option (if you can call it that) is that
you have to double-click on emails in your inbox
to actually open/view them.  

Here we are going to show you how to disable
the Preview Pane in Outlook and Outlook Express.

If you use something other than Outlook or Outlook
Express for your email, and would like
instructions on disabling the preview pane,
click on Help in your email program
and search for the word "Preview".  If you do
not find the information there, email the
maker (Eudora, TheBat, etc) for help in turning
off your preview option.                                                     Top

Disabling Preview Pane in Outlook Express
------------------------------------------
Of the two Outlook versions, "Express" is the
easiest in which to disable the Preview Pane.

1. Make sure your "Folder List" is visible on
  the left hand side of the Outlook window.
  If it is not, click on the "View" menu and
  then click on the "Layout..." option.
  In the window that appears, put a checkmark
  next to "Folder List" and then click on
  "Apply" and "OK".

2. If you can now see your folder list (which
  includes your "Deleted Items", "Drafts",
  "Outbox", "Inbox" and any folders you have
  created under the "Inbox") you are ready
  for the next step.

3. Click on the "Inbox" folder in
  the Folder List. If the Preview Pane (usually
  in the lower right quadrant of your screen)
  is visible, then click on the "View" menu
  option and then on the "Layout..." menu item.
  In the window that appears, REMOVE the
  checkmark next to the "Show Preview Pane"
  option.  Then, click on "Apply" and "OK".

Now that your preview pane is disabled, this means
that you will now need to double-click on an email
to have it open up in its own window.                                 Top 

This is a very good thing, however, because it
gives you the chance to decide whether you want
to open the mail in the first place.  

If any email is suspect (or just plain junk mail),
all you have to do to delete it without ever
opening it, is click once on the email to
highlight it, then hit your "Del" key to
delete it.

Don't forget to empty your "Deleted Items" folder
once in a while!

Disabling Preview Pane in Outlook
------------------------------------------
1. If you do not see your folder list along the
  left hand side of your Outlook window, click
  the "View" menu item and then the "Folder List"
  option. This is a toggle setting, which means
  that each time you do this you turn the folder
  list on or off.

2. If you can now see your folder list (which
  includes your "Deleted Items", "Drafts", "Inbox"
  and any folders you have created under the
  "Inbox") you are ready for the next step.

3. Click on the "Deleted Items" folder in
  the Folder List. If the Preview Pane (usually
  in the lower right quadrant of your screen)
  is visible, then click on the "View" menu
  option and then on the "Preview Pane" menu item.
  This also is a toggle setting. Clicking this repeatedly
  will turn the Preview Pane on and off.

4. Repeat step 3 for each folder in your Folder List.
  Do NOT do step 3 on the "Journal", "Note",
  "Outbox", and "Tasks" folders. Do all others
  below "Inbox", however.
  For each folder where a preview pane shows up,
  use the "View/Preview Pane" menu option to turn
  the Preview Pane off for those folders.

Now that your preview pane is disabled, this means
that you will now need to double-click on an email
to have it open up in its own window.                                 Top

This is a very good thing, however, because it
gives you the chance to decide whether you want
to open the mail in the first place.  

If any email is suspect (or just plain junk mail),
all you have to do to delete it without ever
opening it, is click once on the email to
highlight it, then hit your "Del" key to
delete it.

Don't forget to empty your "Deleted Items" folder
once in a while!

How To Disable JavaScript and ActiveX In Your Email Software

------------------------------------------------

In addition to applying necessary security patches to Internet
Explorer, Outlook and Outlook Express on a regular basis, you
should "harden" your email software by disabling the capability
of scripts and other programs to run automatically.

Netscape users also need to do this.

Ensure the proper security settings by following the instructions
for whichever software you use for email:

Outlook and Outlook Express
Set the Restricted Sites security zone to disable all ActiveX and
Java. Do this from Internet Explorer by selecting the following menu items:

Tools | Internet Options | Security | Restricted Sites | Custom Level

NOTE: Just setting the restrictions to High will not work. If you are
unable to follow this step, it may be a good idea to ask an experienced
friend for assistance.

Basically, you need to set everything that says ActiveX, Java,
Download, Install and Launch to "Disable".

After making the necessary changes to the Restricted Zone, you will
need to add Outlook or Outlook Express to the Restricted Zone by
doing the following:

Open Outlook Express or Outlook (if not already open)

On the menu, click Tools | Options | Security

Then, simply select the "Restricted Zone".

Netscape Mail
Users of Netscape mail have it a bit easier...

Select Edit | Preferences from the menu
Choose Category | Advanced
Remove the "X" next to "Enable JavaScript for Mail and News"
Click "OK"

Top

How to Unhide File Extensions in Windows

What Are File Extensions...
File extensions are the part of the filename at
the right-hand end of the name. For instance, a
file named "ABCDEFG.EXE" has a file extension of ".EXE".

Why Microsoft ships Windows with its default
settings being the most dangerous they can be
is a mystery to all of us. Well, I suppose it
helps to keep the antivirus companies
in business  :-O

The Hackers File Extension Hiding Trick...
By default, Windows is set to hide file
extensions of known file types.  What this
means to you is that you are easy prey to the
most common type of email virus tactic,
which is- to mail an attachment with a filename                     Top
that looks like something it is not.  

The trick is that the virus hackers will simply
name the file in such a way as to appear to be a
JPG or something harmless because they know that
most peoples' systems will not show the actual
file extension.  

For example, if your system is hiding file
extensions, a file attachment of "MyDog.JPG.VBS"
will appear in your email program as "MyDog.JPG"
which leads you to believe that it is simply a
picture, when in fact it is a VB script (a program
that can do whatever the virus writer wants it to if
you decide to double-click on it).  

The Fix: One Simple Windows Setting...
What we will describe here, is how to change the
system setting that determines if file extensions
are displayed or not...

To keep Windows from hiding file extensions,
do this:

-Open Windows Explorer, then use the Explorer
menu and do...

-View/Folder Options (or Tools/Folder Options,
depending on what version of  Windows you have).  

-A window will appear.  

-Click on the "View" tab and...

-In the list of checkboxes on that screen, make
sure you Uncheck the "Hide  file extensions of
know file types".  

-Then click on Apply...

-Then click on "Like Current Folder" to apply
this setting to all folders.

-Then click OK on all windows to get back to your
Windows Explorer window.                                                Top

Depending on which folder you had selected when you
started Windows Explorer, you might immediately notice
that you can now see the file extensions for all your
files now (that you couldn't see before).  Actually,
there are still some file types that Windows insists
on hiding from you, but for our purposes today, this
new setting will suffice.  

We'll cover the more advanced UN-hiding of extensions
in a future VACM.

File Attachments To Avoid...
Now that you can see file extensions, here are the ones
to be wary of when they arrive as email attachments:

".EXE", ".DOC", ".XLS", ".SCR", ".VBS", ".WSF", ".PIF",
".BAT", ".CMD", ".INF", ".SHE", ".SHB", ".LNK"

Files ending in any of these file extensions are all
capable of executing malicious code on your system.

File types that are less likely to contain viruses, but that
still can are:

".DOC", ".PDF", ".XLS"

These include Word Document, Adobe Acrobat files, Excel
Spreadsheets.

***********************************************
* How Does This Help Me To Fear No Attachments?
***********************************************
Now that you know what types of attachments to stay away from,
just follow a few simple rules when dealing with your email.

1. First, get in the habit...
of updating your antivirus software EVERY time you turn on
your computer.
                                                                                         Top
2. ALWAYS know what files are dangerous...
to double-click on and never double-click these types of
files. Print the lists we gave you above and post them near
your monitor.

3. NEVER double-click attachments. Instead...
right-click on the attachment and when the menu pops up, do "Save AS". Then choose a folder (or simply the desktop) as a
location in which to save the file.

This does two things- first, you get to see the entire filename
in the Save As dialog box and, second, when you click the "Save"
button, your antivirus software detects that a file is being written
to disk and immediately "wakes up" and scans it.

Only if the virus scan reports no problems should you then proceed
to open the attachment. If you saved it to your desktop, it will be
easy to find and simple to delete the file when you are done with it.

WARNING: one other trick that is being used...
regarding file naming of virus files is to use a filename that
contains a huge number of spaces before the end of the file name (the
file extension). For example, the "FUNNY.JPG" virus was actually
"FUNNY.JPG.VMS". Once you unhide file extensions, you will see the
".VBS" on the end and you will see that ".VBS" is on the list of
executable files to not touch.

The Virus writers next tactic to get around this...
is to now make it harder for you to see the file extension even if they are not
hidden by Windows. by using a different tactic so that even if your system no longer hides file
extensions, you still might decide that the file is OK. Here's what they do:
I could take the "FUNNY.JPG.VBS" virus file and change the name to this:

"FUNNY.JPG                                 .VBS"                         Top

By adding all this white space to the filename, it makes it more difficult to
see that there is a "hidden" file extension way out there at the end of this
very long file name. Not a problem, though, if you use the right-click / "Save As"
technique because you will see the filename in a fairly wide field AND you can use
your keyboard's Right Arrow key to scroll all the way to the right of the filename
and know with absolute certainty what the filename really ends with

Top

Top

Info provided by:

Marc Deschenes, VACM Editor