Support => Email FAQ | Windows Hosting FAQ | Linux Hosting FAQ | Windows Dedicated Server FAQ | Linux Dedicated Server FAQ

Can I get a virus/spyware infection by viewing HTML email in Outlooks's preview pane?

Even if your system is up-to-date with the latest security patches (did you check for Windows Updates this week?), there is still a chance of an infection. There is also another possible problem with the preview pane: HTML from some spammers contain image URLs that, when retrieved by Outlook's HTML preview engine, confirm to the spammer that your email address works. See for more information (and Microsoft's solution for Outlook). Preview mode won't automatically launch attachments, so most of the "auto-launch via HTML" viruses take advantage of Windows bugs that are supposed to be patched by Microsoft. Historically Microsoft has dragged its feet when issuing patches for complicated IE/HTML bugs...
That said, according to specifications, antivirus software (did you check your antivirus subscription this week?) should block all viruses, malware, etc., and Outlook should block access to JavaScript, ActiveX and other potentially harmful content. IMO, there are big problems with relying on antivirus and Outlook blocking. First of all, which comes first, the virus or the antivirus definition? Unless the antivirus vendors write the viruses, the viruses are out some time before the antivirus vendors can put the virus into their definitions. The same logic applies to security patches - the exploits are out before the patches. Do you feel lucky? The overall assumption is that you are updating antivirus, Windows and Outlook/Office in a timely manner. When is the last time you checked for an Outlook/Office update?
Besides the simple chicken and egg problems, frankly, I don't trust the spyware/antivirus/firewall vendors - why is there such a rampant problem with spyware? These guys have had the plumbing (and revenue streams!) in place to block spyware for years, but I see many computers with up to date antivirus/spyware/firewall definitions and security patches get spyware/malware infections. I'm sitting right next to such a computer right now. Microsoft Antispyware couldn't block or clean the latest round of spyware. Ad-aware and Spybot Search & Destroy couldn't clean the spyware, either. OK, McAfee, explain to me again the difference between spyware and viruses?
On my work computer: I haven't used preview of any kind for a long time. It seems dangerous enough just to preview the From, To and Subject headers. I only read HTML email from people that I know. If I receive an HTML message from somebody I don't recognize, I will either (shift) delete the message without opening it or, if there is the possibility that I need to read it, I will open the message with a web based email client that doesn't support HTML. I am paranoid, but that doesn't mean that they aren't out to get me.


If your question isn't answered here, ask our support team directly,
or call 678-268-4065 and choose option 2 for support.