Security Provisions in Outlook | 2007 MicrosoftВ® Office System Inside Out (Bpg-Inside Out)

Outlook 2007 provides several features for ensuring the security of your data, messages, and identity. This section presents a brief overview of security features in Outlook 2007 to give you a basic understanding of the issues involved, with references to other locations in the book that offer more detailed information about these topics.

Protection Against Web Beacons

Many spammers (people who send unsolicited e-mail) use Web beacons to validate e-mail addresses. The spammers send HTML-based e-mail messages that contain links to external content on a Web site (the Web beacon), and when the recipient’s e-mail client displays the remote content, the site validates the e-mail address. The spammer then knows that the address is a valid one and continues to send messages to it.

Outlook 2007 blocks Web beacons, displaying a red X instead of the external image. You can selectively view blocked content on a per-message basis, or you can configure Outlook 2007 to view all content but control access to HTML content in other ways. You can also turn off Web beacon blocking, if you want, and control external HTML content in other ways.

See Chapter 24 for an explanation of how to configure HTML message-handling options.

Attachment and Virus Security

You probably are aware that a virus is malicious code that infects your system and typically causes some type of damage. The action caused by a virus can be as innocuous as displaying a message or as damaging as deleting data from your hard disk. One especially insidious form of virus, called a worm, spreads itself automatically, often by mailing itself to every contact in the infected system’s address book. Because of the potential damage that can be caused by viruses and worms, it is critically important to guard against malicious code entering your system.

Outlook 2007 offers two levels of attachment security to guard against virus and worm infections: Level 1 and Level 2. Outlook 2007 automatically blocks Level 1 attachments, a category that includes almost 40 file types known to be potentially harmful to your system-for example, .exe and .vbs files. If you receive a Level 1 attachment, Outlook 2007 displays a paper clip icon beside the message but does not allow you to open or save the attachment. If you try to send a Level 1 attachment, Outlook 2007 displays a reminder that other Outlook 2007 users might not be able to receive the attachment and gives you the option of converting it to a different file type (such as a .zip file) ? before sending it.

If you receive a Level 2 attachment, Outlook 2007 allows you to save the attachment to disk but not open it directly. You can then process the file with your virus checker before opening it.

Caution

Your virus scanner is only as good as its definition file. New viruses crop up every day, so it’s critical that you have an up-to-date virus definition file and put in place a strategy to ensure that your virus definitions are always current.

If you use Exchange Server to host your mailbox, the Exchange Server administrator can configure Level 1 and Level 2 attachments, adding or removing attachment types for each level. In addition, Outlook 2007 allows all users to control the security-level assignments for attachments.

Macro Viruses

Although viruses were once found almost exclusively in executable files, viruses embedded in documents containing macros have become very common, and Microsoft Office system documents are as subject to them as any other files. However, Outlook 2007 and other Microsoft Office system applications provide a means for you to guard against macro viruses. In Outlook 2007, you can select one of four options for macro security, as shown in Figure 22–22.

image from book
Figure 22–22: Use macro security to prevent macro-borne viruses from affecting your system.

Digital Signatures

Outlook 2007 allows you to add a certificate-based digital signature to a message to validate your identity to the message recipient. Because the signature is derived from a certificate that is issued to you and that you share with the recipient, the recipient can be guaranteed that the message originated with you, rather than with someone trying to impersonate your identity.

For information about how to obtain a certificate and use it to digitally sign your outgoing messages, see “Protecting Messages with Digital Signatures” on page 689.

In addition to signing your outgoing messages, you can also use secure message receipts that notify you that your message has been verified by the recipient’s system. The lack of a return receipt indicates that the recipient’s system did not validate your identity. In such a case, you can contact the recipient to make sure that he or she has a copy of your digital signature.

Note

Although you can configure Outlook 2007 to send a digital signature to a recipient, there is no guarantee that the recipient will add the digital signature to his or her contacts list. Until the recipient adds the signature, digitally signed messages are not validated, and the recipient cannot read encrypted messages from you.

Message Encryption

Where the possibility of interception exists (whether someone intercepts your message before it reaches the intended recipient or someone else at the recipient’s end tries to read the message), Outlook 2007 message encryption can help you keep prying eyes away from sensitive messages. This feature also relies on your digital signature to encrypt the message and to allow the recipient to decrypt and read the message. Someone who receives the message without first having the appropriate encryption key from your certificate installed on his or her system sees a garbled message.

Security Labels

The security labels feature in Outlook 2007 relies on security policies in Windows 2000 Server and Windows Server 2003 and is supported only on clients running Windows 2000, Windows Server 2003, or Windows XP. Security labels let you add additional security information, such as message sensitivity, to a message header. You can also use security labels to restrict which recipients can open, forward, or send a specific message. Security labels therefore provide a quick indicator of a message’s sensitivity and provide control over the actions that others can take with a message.

Understanding Outlook Service Options

If you’ve been using a version of Outlook earlier than Microsoft Outlook 2002, you’re probably familiar with the Outlook 2007 service options. Earlier versions of Outlook supported three service options: No Mail, Internet Mail Only (IMO), and Corporate/ Workgroup (C/W). Outlook 2007, like Outlook 2002 and Outlook 2003, uses a unified mode. Outlook 2007 unified mode integrates mail services in Outlook 2007, which allows you to configure and use multiple services in a single profile. This means that you can use Exchange Server, POP3, IMAP, and Hotmail accounts all in one profile and at the same time.

Although Outlook 2007 makes a great e-mail client for a wide range of mail services, you might prefer to use only its contact management, scheduling, and other nonmessaging features and to use a different application (such as Outlook Express or Windows Mail) for your messaging needs. There is no downside to using Outlook 2007 in this configuration, although you should keep in mind that certain features, such as integrated scheduling, rely on the Outlook 2007 messaging features. If you need to take advantage of these features, you should use Outlook 2007 as your primary messaging application.