Article OLEXP - Extra Virus Protection

Since the bugbear virus was just discovered on 9/30/2002 and I received that virus 4 times on that same date, I am seeking extra virus protection.

I am running Windows XP with Outlook Express 6.

I have the Microsoft Article OLEXP: Using Virus Protection Features in Outlook Express 6.

I am trying to understand the results of using some of the features suggested in the article.

One is to set options in Outlook Express 6 to "Do not allow attachments to be saved or opened that could potentially be a virus. It also adds that files can be added to the the default list by going to Control Panel, Folder Options, File Types, Advanced, Create New Extension, OK, Advanced, place a check mark or remove check mark from Confirm open after download. I believe I remember getting messages in Internet Explorer about files potentially containing a virus and I'm just given the choice to download or not - if that due to the feature in the file folder options?

My main questions are:

In Outlook Express 6, which files are by default are blocked from being downloaded?


If I enable that feature how will it interact with Norton Antivirus?

I want to be made aware of which e-mail contains the virus.

 

zanetti--Sorry to hear about your virus problems.
I am surprised to hear that Norton AV did not catch Bugbear. Do you update your Norton virus definitions every day or two? You should.
"In Outlook Express 6, which files are by default are blocked from being downloaded? "
First of all, if you check "Do not allow attachments to be saved or opened that could potentially be a virus" you are not blocking files from being downloaded. You are blocking the opening of attachments that come with OE.
I am just guessing here, but I suspect that even if you check that feature, OE will not be able to tell you that an email attachment has a virus, trojan, etc. OE has no AntiVirus program. It only is going to tell you that the attachment could contain these baddies because the file type of the attachment is an "executable ". Executables are file types like .exe, .js, .reg, .wsh and .vbs. They usually contain code which is capable of taking action on your PC, and some may contain code to automatically take action when you open them. The latter are potentially the baddies.
(All of this is very similar to Zone Alarm Pro's MailSafe feature. If you are on cable or DSL you should have a firewall, such as Zone Alarm, in any event.)
Which file type are in the "unsafe" list by default? I could not find the answer to that. (The article you reference mentions only .exe.) However, if the criteria for being on the unsafe list is that "Confirm open on Download" is checked in Folder Options|File Types, then based on my own experience, most file types already have that setting checked . (However, you should confirm that on your PC. They may have been checked by default on my PC or I may have checked them sometime in the dark past and forgot!!)
And the reason for having that box checked is that this setting has another function. When you do try to download a file from the Internet, you normally get a window that asks whether you want to "save" the file or "open" it. The latter means the file will execute, after downloading--if it is executable--and without any further action from you. If "Confirm open on Download" is not checked for the file type you are downloading, you will not even get that window and indeed the file will download and execute without further action from you. Most people do not like that.
"If I enable that feature how will it interact with Norton Antivirus? "
Based on my explanation above, you can see that Norton and the OE setting have somewhat different functions. Norton should know the attachment has a virus and should alert you when you try to open it. Otherwise Norton will not affect your opening the attachment. OE, on the other hand, will just not let you open any attachment that has an executable file type. That could be a nuisance, if you have, for example, asked a friend to send you an .exe file to run an application on your PC.
Hope I have helped.

 

OLEXP

Jim,

Thank you for your explanation.

The bugbear didn't bite me, but I was lucky. I was relying on the weekly updates from Norton, but by a strange coincidence, I learned about the bugbear virus being discovered on 9/30. That is when I downloaded the 9/30 update and Norton caught the virus thereafter.

The automatic update wasn't working on my machine (new in September) so I checked around and learned why. I didn't have a password set. So, I have since remedied that situation. But, I'm still not sure if in an event like 9/30, Norton will automatically send an updated file. Do you know?

I'll have to think about using that setting in OE 6 to not allow unsafe files to open. I do occasionally get .exe files from friends. I would have to know when the files were coming and disable that feature - you're right, that could be a nuisance and as time goes on I will probably forget about that feature and won't know what is wrong if I can't open a file.

I do have a cable connection. I had McAfee Virus Scan on my old computer. It included a firewall. I had just purchased that program in April. But, when I got this new computer with Norton, I decided I liked the way Norton handled incoming viruses better. So, I downloaded the free version of Zone Alarm for firewall protection - it just includes Basic Mail Safe (vbs files).

It just occurred to me: it may have been Zone Alarm that alerted me to the bugbear virus. I believe the bugbear is written in Visual Basic. I received an e-mail on 9/30 from a familiar mailing list. Norton did not detect a virus. There were two text files (something like ATT0001, ATT0002). Feeling safe, I opened the attachments. Notepad opened and the text read something like - the bugbear virus has been detected and deleted. That is when I went to the Symantec site and learned about the bugbear virus being discovered that day and downloaded the update. I don't know - Zone Alarm says it quarantines the files. I haven't found any quarantine files in Zone Alarm.

 

The "Unsafe Attachment" feature in OE isn't a great PIA. If you enable this option, you'll find that the majority of attachments (other than image files) cannot be opened or saved. However, you can easily gain access to those files simply by disabling the option and restarting OE.

IF ZA had quarantined a file it would show as such. Bugbear is contained with an .exe file which, AFAIK, ZA(F) does not quarantine.

If you have applied all relevant security patches, OE is not vulnerable to those viruses (such as Bugbear) which attempt to "auto-execute" the attachment. If, however, you still do not feel safe, why not create a filter to leave mail with attachments on the server?

 

zanetti-- "But, I'm still not sure if in an event like 9/30, Norton will automatically send an updated file. Do you know? "
Regret that I do not know. My Norton is something from the Pleistocene period and I manually update. However, I believe Norton now offers "Live Update" for 6-12 months after purchase/registration, but I still do not know if this is automatic or if you have to manually request. See your settings or Help. I would prefer manual requests (to be done on a daily basis) to avoid unexpected connections to Norton at an inconvenient time, but that is a matter of taste.
Concerning Zone Alarm, yes, the free version only alerts you to .vbs attachments, whereas Zone Alarm Pro alerts you to something like 45 executable attachments. If you practice "clean surfing/downloading/emailing " it may not be necessary. But you need the rest of the Zone Alarm firewall program in any event.
Just remember, the functions of a firewall, antivirus and the OE setting are quite different. All may have their place, but as brett has said, the setting on OE probably is the least necessary.
Sounds like you are on the right track!!