Thursday, March 29, 2012

Opening Suspicious Emails

Under this heading, I could almost start a topic on urban Myths. The internet abounds with Furhpys  about email, and one of the most common is that something disastrous is going to happen if you open that suspicious email you just received.

Scripts

This is one of those urban myths that has been around for years that actually has a grain of truth attached to it.  In relation to Thunderbird is is basically a mistruth.  However if you are using a mail client from the Microsoft Stable it is in fact a very real risk.  This is because the Mozilla mail client is designed from the ground up with security in mind, where as the Microsoft product (as well as many others I am sure) are designed with ease of use and a glorious and rich email experience as the single most important thrust.  The trouble with this approach is that almost everything you do to your email to make it sing and dance reduces the security of the email process significantly.

To protect you from those with malicious intent, Thunderbird does not allow any scripts (VBscript JavaScript) to run within the email.  This means that the bouncing ball or the funny banner that the sender programs to follow your mouse simply will not work, but it also means that the folks over at virii R us can't get their little gem to play either, so even if the mail contains a script to download every know virus onto your computer, opening the email will do nothing because the script simply can't run.

This is also the case with Flash animations and flash movies.  They also don't work, and for the same reason that the scripts are disabled. They represent a threat to your security.

Unfortunately this does at times catch other legitimate processes, such as the little Plus and Minus that some emailers include with reports.  In my opinion however the negatives are vastly outweighed by the positives.

Remote Content.

Thunderbird likewise blocks remote images from those not in your address book.  This causes many to moan about the fact that they have to make a conscious decision to 'allow remote content'. I have even seen what I would consider rants about how you don't have to do this in Outlook so why should I have to do it in Thunderbird.  The answer remains the same as it has always been.  Remote content can and does represent a security and privacy risk to you and the recipient of the mail.  You will find that many commercial emails you receive (those ones you subscribed to from XYX newservice, paypal etc) contain a special image just for you.  These images are usually a single pixel and the same color as the background of the mail so they add nothing to the content as such, but the link that downloads that image contains your personal identifiable information.  The result is that the sender can identify that you received the mail they sent and that you opened it, what time of day you opened it and to a reasonable extent where you were when you opened that mail.  Just how close to the were, you can get from here   That web site uses the same technology to locate you are is used with these one pixel images.

Now this blocking of remote content can be turned off, by changing a setting in the config editor.
Tools menu > options > advanced > general and click the config editor button.
Acknowledge the half tongue in cheek warning and enter the editor.
Type mailnews.message_display.disable_remote_image or as much of it as is needed to display it in the list
Double click the entry in the list
Set the value to false

A far more responsible way to do this is to set up a list of domains that can sent you emails with remote content.  (The domain is the part after the @ in an email address).

The procedure is the same as outlined about, but instead of editing mailnews.message_display.disable_remote_image you edit mail.trusteddomains (if the entry does not exist, simply add it.) and include the domain you think you can trust.  This example uses domains I would not trust.

hotmail.com,yahoo.com,aol.com,gmail.com,paypal.com,ebay.com

If you were to enter that list into the mail.trusteddomains preference all remote content from people that have email addresses at those domains would be show.  Note there are no spaces between entries.

Remember that once you allow remote content by default you are giving up some of your privacy for the convenience of not having to decide if you really need to see the pictures.

My remote content is enabled on a per user basis and I am providing this information as just that. I do not recommend automatic enabling of remote content.  My theory is that if I don't want them in my address book (thus enabling remote content) I probably don't need their images either. I do occasionally click that little allow remote content button to allow remote images, but I decide case by case.

Summary

 In the absence of any scripting language support and without the avenue of remote content, that email in your inbox is basically quarantined.  Now all things are void if you open any attachment that the mail has, but the mail itself can do no harm because all of it's attack vectors have need closed off from it.

You can still open a virus in an attachment, but it requires you to make the conscious decision to open the attachment. So the risk of opening a mail is almost nil.  I will not say Zero, because there is nothing in computing that is that certain.

Addendum

 Looks like religious web sites are riskier than porn sites

No comments:

Post a Comment