Until recently, e-mail came in one simple "flavor" -- text only -- plain letters without any underlining, bold or italics. Thanks to web technology, e-mail can now be jazzed up with various fonts, colors, images and even sound.
These enhancements are possible because most e-mail software understands HTML -- the programming language used for web pages. And because HTML messages are basically web pages, they can, if permitted, interact with the computer in ways that text-only messages never could.
Rather than just send text for someone to read, for example, a person could use HTML to embed code that could report back who opened the message and when. While this gives marketers a way to see who reads their messages, it can also be an invasion of privacy. For more on privacy and HTML e-mail, see www.byte.com/column/BYT20000412S0010.
People who use Windows computers face an additional risk. Microsoft's Internet Explorer (IE) web browser has been part of Windows releases since Windows 98. As a result, many e-mail programs -- including Outlook, Outlook Express and Eudora (included with Bear Access) -- use IE to view HTML messages. Unfortunately, Microsoft products are the most popular target of viruses and other malicious code.
At the end of March, Microsoft documented a security flaw with IE that may enable HTML e-mail to automatically execute attached programs. If exploited by an attacker, this vulnerability could cause much damage.
Cornell Information Technologies recommends that everyone who uses Microsoft's browser upgrade to IE 5.01 or greater and install the security patch located at www.microsoft.com/windows/ie/download/critical/Q290108/default.asp . For details, see www.cit.cornell.edu/computer/news/newsflash.html#winiepatch.
Users of Qualcomm's Eudora e-mail software, which comes bundled with Bear Access, used to enjoy relative security from common virus attacks. Eudora was often unaffected as "Melissa," "I Love You" and more recently the "Anna Kournikova" virus exploited vulnerabilities in Microsoft products.
Recent versions of Eudora (4.3 and above) for Windows operating systems, however, come preset to use Internet Explorer code to view HTML messages. This setting makes Eudora users vulnerable to viruses that attack Microsoft technology. To reduce this risk, CIT recommends disabling the IE viewer in Eudora. Eudora will then use its own e-mail viewer to display HTML messages, and users should not see any significant difference in appearance or performance.
The settings can be changed by choosing "Options" from the "Tools" drop-down menu. In the "Viewing Mail" category, the boxes next to "Use Microsoft's Viewer" and "Allow executables in HTML content" should both be unchecked. For details, see www.cit.cornell.edu/computer/email/eudora/WinVirus.html.
Even with those recommended settings, it's still important to be very cautious about opening any attached files sent by e-mail, and to run antivirus software and keep it updated. Norton AntiVirus is available to Cornell students, faculty and staff at no charge. For more information, see www.cit.cornell.edu/services/nav.
| Cornell Chronicle Front Page | | Table of Contents | | Cornell News Service Home Page |