On This PageBenefits and Purposes of Outlook Express 6.0Outlook Express 6.0 is designed to make it easy to send or receive e-mail and to browse or participate in newsgroups. It differs from most of the other components described in this white paper in that its main function is to communicate through the Internet or an intranet (in contrast to components that communicate with the Internet in the process of supporting some other activity). Outlook Express is part of Internet Explorer, in contrast to Microsoft Outlook, which is an application included in Microsoft Office. Outlook provides comprehensive e-mail capabilities, including information management and collaboration capabilities, useful to a wide spectrum of users from home to small business to large enterprise. Outlook Express, included as part of Internet Explorer, offers standard Internet e-mail and news access, useful to many home and small-business users. Outlook Express supports Post Office Protocol 3 (POP3) or Internet Message Access Protocol (IMAP). Outlook Express 6.0 offers more security-related options and settings than were available in Outlook Express 5, as described in the subsections that follow. New Security-Related Features in Outlook Express 6.0Outlook Express 6.0 is the e-mail component in Internet Explorer 6.0. This version of Outlook Express includes the following new security-related features. The table that follows this list shows how each option is configured in Outlook Express. | • | Warning about harmful e-mail. To prevent e-mail messages from being sent without your knowledge, Outlook Express warns you when other programs, such as viruses or harmful attachments, attempt to send messages from your computer. This warning appears only if Outlook Express is configured as the default simple MAPI client, and another program attempts to use simple MAPI to programmatically send e-mail messages without presenting a visible user interface on the computer. | | • | Blocking of potentially harmful attachments. If this option is enabled, Outlook Express 6.0 blocks the opening or saving of specific e-mail attachments that are considered "unsafe." To determine whether an attachment is unsafe, Outlook Express 6.0 uses the Internet Explorer 6.0 unsafe file list, plus some additional file types, plus file types you configure with the Confirm open after download setting in Folder Options (on the Files Types tab). Any e-mail attachment with a file type reported as "unsafe" is blocked. This option can be enabled or disabled through Group Policy as well as at the local computer. For more information about using this setting, see the table that follows and "To locate the Group Policy object (GPO) for blocking e-mail attachments in Outlook Express 6.0," later in this section. For information about the unsafe file list in Internet Explorer 6.0, you can search the Microsoft Knowledge Base. To do this, follow the instructions for searching on the Web site, and search for the phrase "unsafe file list": support.microsoft.com/ | | • | Software Restriction Policies technology. When running with an operating system in the Microsoft Windows Server 2003 family, Outlook Express 6.0 takes advantage of Software Restriction Policies technology to run potentially harmful attachments in a sandbox, which is an area in memory outside of which the program cannot make calls. When you attempt to run or save attachments, Software Restriction Policies technology determines whether the file formats are blocked. If so, Outlook Express displays a warning, and the program running the attachment has only limited access to the computer's hard disk and registry. | | • | Plain text format option for reading of e-mail. Starting with Outlook Express 6.0, Outlook Express can be configured to read all e-mail messages in plain text format. Some HTML e-mail messages may not appear correctly in plain text, but no active content in the e-mail message is run when this setting is enabled. |
The following table shows how each option is configured in Outlook Express 6.0 . Options for configuring Outlook Express 6.0 Warning about harmful e-mail | Tools | Options | Security | Blocking of potentially harmful attachments
(also configurable through Group Policy) | Tools | Options | Security | Software Restriction Policies technology | Tools | Options | Security | Plain text format option for reading of e-mail | Tools | Options | Read (in Outlook Express 6.0 only) |
Overview: Using Outlook Express 6.0 in a Managed EnvironmentAlthough there are inherent risks associated with sending and receiving e-mail (and e-mail attachments), you can use several different features and configuration methods in Outlook Express 6.0 to reduce the risks: | • | You can use the graphical user interface to configure the security-related features in Outlook Express 6.0. For more information, see "New Security-Related Features in Outlook Express 6.0," earlier in this section and "To start Outlook Express 6.0 and view or configure security settings," later in this section. | | • | You can use a Group Policy setting, Block attachments that could contain a virus, to limit the risk associated with e-mail attachments in Outlook Express 6.0. For more information, see "To locate the Group Policy object (GPO) for blocking e-mail attachments in Outlook Express 6.0," later in this section. |
Procedures for Working with Outlook Express 6.0This subsection provides procedures for the following: | • | Opening the dialog box from which you can configure security settings for Outlook Express 6.0. | | • | Locating the Group Policy setting, Block attachments that could contain a virus. You can use this Group Policy setting in situations where you want Outlook Express 6.0 to be available but where you want to limit the risk associated with e-mail attachments. For more information about this policy setting, see "New Security-Related Features in Outlook Express 6.0," earlier in this section. |
To Start Outlook Express 6.0 and View or Configure Security Settings 1. | Click Start, point to All Programs or Programs, and then click Outlook Express. | 2. | On the Tools menu, click Options. | 3. | Click the Security tab and view or configure the settings, including the check boxes for the following two options: | • | Warn me when other applications try to send mail as me. | | • | Do not allow attachments to be saved or opened that could potentially be a virus. |
You can also view or configure the security zones setting. Outlook Express 6.0 uses two of the same security zones that you configure in Internet Explorer 6.0. For more information about security zones, see the section about Internet Explorer 6.0 in this white paper. | 4. | Click the Read tab, and view or configure the settings, including the check box for Read all messages in plain text. |
To Locate the Group Policy Object (GPO) for Blocking E-mail Attachments in Outlook Express 6.0 1. | Use the resources described in Appendix B, "Resources for Learning About Group Policy," to learn about the Group Policy Management Console, and to find information in Help about Group Policy. Follow the instructions in Help to apply Group Policy objects (GPOs) to an organizational unit, a domain, or a site, as appropriate for your situation. | 2. | Click User Configuration, click Administrative Templates, click Windows Components, and then click Internet Explorer. | 3. | In the details pane, double-click Configure Outlook Express. | 4. | Select or clear the check box for Block attachments that could contain a virus. |
| |
