Re: Another Virus warning
Originally Posted by
Bruce
->
opening the email is fine opening the attachments is not.
There are various reasons why your statement is wrong but if we head into that we inevitably end up with a standard discussion on the merits or not of enabling/disabling JavaScript on one's PC. Given the plethora of sausage fingered users present on this forum who naively trade sexy looking functionality for basic security and control, I'm not seeing much mileage in having that discussion here.
I'm extremely happy being in the "disable JavaScript" camp, and I'm equally happy to NOT trust mega-corporations and give them control of my PC. The past disasters of email systems and software like Adobe Flash are proof positive that trust in these companies is misplaced. Currently their nefarious activities are mostly centred around tracking and logging everything you do, every webpage you visit, every person you contact and/or befriend. All done "invisibly" without users knowledge if they are naïve.
JavaScript security in terms of emails is wholly dependent on exactly which email system is being used. Most common email systems today, ensure JavaScript is not allowed to be processed when you view an email but it depends on the email system. There is of course no guarantee that this will remain the case. Even so, there are still dangers.
A person just viewing a malicious email which contains a hotlink to another website might well be determined not to click that hotlink, but, many users still use touchpads rather than a mouse and most of those users will testify that at times, they inadvertently clicked on something they absolutely had no intention of clicking on when the moved the pointer using the touchpad. It just happens, it's a part of the perils of using a touchpad. Often it's the adverts they haplessly click on when moving the pointer. That can be harmless or it can be disastrous depending on the link.
If you never open the email to view it in the first place, you can never inadvertently click on a malicious hotlink. It is that simple.
Security in every walk of life, whether PC's, home security, car security etc is 100% about discipline. It's not about compromises, or maybes, or a bit of this and a bit of that. You determine the safest approach and you adhere to it rigidly regardless of whether it is inconvenient and a nuisance.
Hence, never open any email from a sender whom you do not know. Just delete it. Security is our responsibility, not the responsibility of some remote company whom we have nothing to do with.