Could there be a setting to allow "unsafe" images to be seen by default in Questmail? I never did know what was unsafe about a gif or jpeg, but I know I would appreciate it if the embedded images in HTML mail would display by default ("View Unsafe Images"). If you're so willing.

thanks!

Tom,

Check under "Options" for these two settings and see if either helps...

"Show HTML Version by Default:"
"Display Attached Images with Message:"

-Bob

I never did know what was unsafe about a gif or jpeg


Assuming that the message containing the image is spam, the spammer could use the image to call home and report your email address as valid.

If the spammer is just dictionary attacking the net, then they will know that they actually got a few good email addresses. As such, you can expect your daily spam quota to increase, a lot. :eeww:

There was a jpeg buffer overrun vulnerability in much software up until last year. If you are running endless Windows Updates on an never-updated original WinXP, you will be reminded of this...
http://en.wikipedia.org/wiki/GDI#GDI.2B_vulnerability

A long as the picture displays in your browser, and your browser is reasonably up-to-date, you should be OK.

kitchin's post got me thinking I should install an update or two, since I don't see the graphic and am apparently vulnerable, running XP SP1. But when I go to the MS page:

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

and click on the appropriate download link, it can't be found... If I search for that same update # (KB833987), it still leads to a dead end. When I run Windows Update, it doesn't find any applicable vulnerability that needs patching.

Good ol' Microsoft... 10+ years online and I've still yet to get a virus or trojan attack that I'm aware of, yet the above and my related bad experiences with Update-induced disasters and I almost considered installing SP2... Someone slap me!

Dan

That download link works here, using Firefox. As for SP2, I always upgrade to it.

Oh, and there is another issue. That article only addresses specific Microsoft software. You really want to search the MS site for "GDI detection tool". It is supposed to look for vulnerable software on your computer. (It was in one of the Windows Updates back when, but once it runs once it does not run again.)

In fact, in this endless PC cleanup I'm working on, the GDI detection tool led me to [i]Office[/i update... and another 55 MB download...

Security updates and fixes are like "the last word" thread...

I did find the "GDI detection tool" update, but it wasn't clear beyond the name if it was related to the above.

Security updates and fixes are like "the last word" thread...
Precisely why I remain convinced they're worthwile, unless your computing habits put you at greater risk than mine do. Endless updates and major crashes or no updates and zero realized threats... Hmm, tough call.

Dan

Bob -
Those two selections are set on mine, but don't address HTML e-mail that includes images embedded into the colorful e-mails that we all get nowadays (not talking image attachments). Once one of those is open now, every image is blocked with:

https://questmail.futurequest.net/images/sec_remove_eng.png

To the other guys, I'm pretty anal about security patches & Antivirus and note that MS seems to release new patches into MS Update every Tuesday. And I use Firefox the most which helps protect against the known IE/ActiveX holes.

Precisely why I remain convinced they're worthwile
You mean "worthless"?

Er, yeah, that would make a lot more sense...

To the other guys, I'm pretty anal about security patches & Antivirus and note that MS seems to release new patches into MS Update every Tuesday. And I use Firefox the most which helps protect against the known IE/ActiveX holes.
My cocktail of choice is Firefox, ZoneAlarm, EZ AntiVirus, and TheBat!, which by default will not display embedded images unless you choose to view them separately in a browser window.

Dan