Other things you can do to improve security

Control the display of HTML formatted messages

Mozilla Mail lets you control how Hypertext Markup Language (HTML) formatted messages are displayed. Click View menu -> Message Body As. There are three options:

Original HTML
Simple HTML
Plain Text

Simple HTML gets rid of the more annoying elements, such as coloured backgrounds and flashing text. Plain Text gets rid of all HTML formatting including images. In the future, a weakness in Mozilla's HTML rendering might be discovered. With Simple HTML or Plain Text enabled, any future weakness in the rendering will be less likely to lead to a problem.

Turn off remote images

HTML formatted messages may contain images loaded from a web site. These are called remote images, or web bugs. Why turn them off? Firstly, they are a privacy risk. More importantly, in the future, a weakness in Mozilla's image loading might be discovered. Turning off remote images guards against possible future security problems. To turn off remote images, visit Edit -> Preferences -> Privacy and Security -> Images. Tick "Do not load remote images in Mail & Newsgroup messages", then click OK.

Images preferences

Turn off previewing of messages

The message pane lets you view a message in a single click. In the future, a weakness in Mozilla Mail's message previewing might be discovered. To turn off the message pane, click View -> Show/Hide -> Message Pane. This may mitigate potential future security holes, and will let you remove messages without viewing them at all.

View the raw data of any message

If you are unsure about a message you have received, click View -> Message Source (Ctrl + U). The original data in the message, including all the headers, will be displayed.

Conclusion

Of course, the real problem is that Microsoft Windows needs some sort of execute permission. Execute permission ensures that only files marked by the system administrator can be run as programs. This has been a feature of UNIX based operating systems since the 1970s. However, until Microsoft realises how to follow a good example, Mozilla helps by:

Reducing the number of avenues of attack.
Providing essential information in good time, so you don't get surprises.

For the curious

This section is for advanced users and system administrators. You can view binary attachments (such as .exe files) using Notepad. You must specify the full path to Notepad. For example, if you are using Windows 98, enter c:\windows\notepad.exe in the "Open it with" box, then click OK. Mozilla Mail will save a copy of the file in the system "temporary" directory, such as c:\windows\temp.

The example below shows the "Beagle" virus in Notepad. Notice the giveaway "This program cannot be run in DOS mode" near the top. Also notice the word "beagle" on the right hand side from which the virus gets its name. It is sometimes possible to get an idea of what a virus does by browsing through the file using Notepad.

Program viewed in Notepad

If you liked this article

Send us the URL of your home page, if you have one. We'd like to look at it! Email: philjones1*at* blueyonder.co.uk. Replace *at* with @ to email. Contributions by Vidar Braut Haarr: mabus *at* q1n.org.