Windows Live Mail and Security

richc46 said:

The only link that I have is in my head. Corrine will come by soon, if I am wrong she is not shy, she will let me know.

Apologies that I didn't come by "soon". I've been tied up dealing with glitches at another site after the forum was converted from IPB to SMF.

With Windows Live Mail, the default setup includes the Reading pane which provides information about the message/sender without opening it. To disable the Reading pane:

• Use the keyboard shortcut ALT + M or click on the Menu icon in the upper right corner next to the Help icon.
• Select Layout
• Uncheck "Show the reading pane".
• Click Apply/OK.

If you use Windows Live Mail Beta, you'll find the option to hide the Reading pane under View. Click the Reading pane in the Ribbon and select Off.

Hmm, interesting and with that, Long live the Preview pane. With Professional and higher versions of Win 7, one can set/enable in Group Policy to Notify antivirus programs when opening attachments which covers the preview pane. As far as that goes, Home Premium users can do the same with an edit to the Registry. In doing so, one doesn't have to have an extra dedicated shield running for Email. I researched this Preview Pane vulnerability and came up with nothing other than one for Outlook Express. Even that was mis-leading because the vulnerability was not actually in OE but in Internet Explorer 5.0. It was patched with version 5.01. It may be good practice to disable the Preview Pane but personally, I'm not. Anywho, thanks PB for presenting this extra info from MS rep.

poppa bear said:

I personally have been using Preview Pane since the year dot, and never had a problem with it. However, I decided to check it out with Microsoft, and sent them a link to this thread. This is the text of their official reply, which pretty much confirms what I already thought:

In reviewing the details of your email I would suggest that the poster is suggesting the optimal settings from a security point of view, this may not however be optimal from a usability point of view.

The actual threat, which this mitigates is comparatively rare and your antivirus and antimalware protection should catch most threats that might slip through. There are also other protective measures in Outlook and most newer browsers, as well as Vista and Windows 7, which depending on the threat, may also minimise any impact. You always need layers of security, and if anyone was to think that by turning off the preview feature they were dramatically improving their level of protection, I’d suggest they need to consider other more effective measures.

All in all, whilst his posting is technically correct, I think it overstates the threat and doesn’t mention the other security measures which would protect you from an attack here.




Personally I always turn off the preview function, but I’m a paranoid security guy that is happy to sacrifice a lot of functionality just to be sure.

I agree with his point of view. My incoming mail in Windows Live Mail is protected by:

• Avast Anti-virus which monitors incoming emails - and outgoing if desired.

• SPAM and Phishing Filter in the WinLiveMail program; as well as the option to restrict incoming mail to my contacts list, or to persons I have replied to.

Why would anyone allow an unknown random email to be downloaded in the first place??? Do you think you're missing the chance to inherit a couple of million $$$$ from an anonymous recently deceased benefactor in Bangladesh, who wishes to bequeath his estate to a stranger because he has no family or friends?

• On the menu bar go to: Tools --> Options --> Read --> Untick: Automatically download message when reading in the Preview Pane. You'll still see the message in the preview pane because it's already on the web site of your ISP.

• A SPAM filter on the web site of my ISP.

• Real time anti-malware and anti-spyware programs.

The only time I ever got infected from an email - and I send/receive mega emails - was years ago when I didn't have any real time protection. I had complained to my ISP after they over charged me, and threatened them with legal action. When their reply email came I eagerly opened it, and BAM! Silly me! Even so, not a big deal. My AV program repaired it. And if that failed I had a Norton Ghost back-up image of my whole operating system.

So what's the big fuss? If you hide behind high walls, they keep threats out, but also keep you locked in.

Hope this puts a proper perspective on this minimal security threat.