>>>The most common malware attack vector these days is malformed HTML, either on a web page you visit or in an HTML e-mail you receive. If you have your preview pane turned on, Outlook invokes IE to render the e-mail in the preview pane.
>
>>>So, if you so much as preview a malicious e-mail that contains a zero-day exploit, you get attacked. Much better to delete obvious spam, phishing etc. from the message list without previewing.
>
>Have you tried Thunderbird? The preview panel does not run scripts or download images unless you click "show remote content" for the email. On my machine inline downloads are also turned off, can't remember if I did that or if it was a default. If Thunderbird decides that a post is spam it's even more restrictive- you can't review images or full html at all in the Junk folder.
No, I haven't tried Thunderbird. Outlook does some of those tricks, too. But, do you trust your HTML rendering engine and e-mail client restrictions to handle all imaginable instances of malformed HTML/zero-day vulns?
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up
