Remote Content -- General Question

Thunderbird (current Email Client) forces one to select Remote Content.
Question:


-------------------------------------------------------------------------------------------------------------

1) What is the pupose of remote content AND why is it used in the first place?
For example I get a document from a third party where part of the document is out of the Window Client area and Thunderbird does NOT provide a scrollbar to show that portion of the document. By selecting "Remote Content" the document is reformatted and the entire document is now viewable in Thunderbird.
-----------------------------------------------------------------------------------------------------------------

2) The document in #1 that I receive initially is sent to a hosting server where Thunderbird goes to
retrieve the document. When remote content is invoked is the reformatted document or code to

make such reformat on (a) my system (b) the host server, or (c) the original sending server?
That is how far back is Thunderbird going to retrieve the remote content.


------------------------------------------------------------------------------------------------------------------

3) If the remote content is downloaded with the email and resides on my system, should NOT the virus checker -- Windows Defender for example -- check both the email and remote content for viruses?
-----------------------------------------------------------------------------------------------------------------


4) Any other comments about remote content and security issues / problems and resolution appreciated.

This isn't really a Win 7 issue but-

Do these help?

Privacy basics - Thunderbird - MozillaZine Knowledge Base

Always Display Images or Remote Content on Thunderbird-How To

wither 2: Thanks for responding and links.

Do these help?

A little.

What I've found so far is the HTML contains an embedded URL that makes a call to that URL if Remote Content is selected. So

that answers my #2, and #3 questions as that call will bypass the email hosting server since it is making a direct call.
My presumption since it is making that call that whatever is remote will then be sent to my system.



#1 is still unanswered as to why a legit business would do this (in my case sending an unformatted versus formatted document)?


----------------------
FWIW: Have never been able to logon to the Thunderbird forum. For whatever reason when I enter my userid /pass it
errors on one or the other and when I try to create new using same email address, it says it already exists and won't accept it.
SADLY, no way to contact anyone by phone and all attempts over Net through various links have been for Not. Wanted to at least get someones attention to see if they could add a horizontal scrollbar so one didn't have to select remote content.

I thought the first paragraph in the first link explained why it does this. As mentioned in the link, v1.5 allowed all remote images for people in the address/contact book. They might have made the change in the later versions as a result of feedback from users.

I was coming at this from the opposite direction -- system security.
That is, if "external" images can contain malware, then why allow them in the first place.
That way one eliminates the possibility of:
1) malware
2) "who do you trust" issue, and
3) would force the sender to properly format documents textually.


FWIW: Been delving into Microsoft security which I know really little about.
So far, everything is oriented toward "users" or trying to get access to the system from outside.
(secpol.msc).

Nothing is addressed regarding how to secure or evaluate system from within -- my area of concern.


For example:
Like most people I have some software written by someone else.

That software uses various API's in order to function. However, API's are a two edge sword.
They can be used for both good or bad.
So how does one determine what that software is in fact doing.
"CALL HOME" is a simple example of this issue.

I see. The obvious way to protect the system from within is to have good AV/malware software installed and keeping Windows up to date.

Not sure what Call Home is. I see it by Citrix.

dw85745 said:

#1 is still unanswered as to why a legit business would do this (in my case sending an unformatted versus formatted document)?

The root of the question appears to be in the innovation timeline of E-mail. Once upon a time, all E-mail was encoded as Plain Text. Plain Text encoding had the advantage that it was quick (ie there was not much to encode), and that it could be read by anybody.
Then came along HTML encoding, which is heavier encoding that contained more features for formatting text and including embedded objects such as hyperlinks and photos. And had the disadvantage that not all devices could read the content (especially mobile phones).
Most of what you are asking appears to be about Forensic Analysis. From what I understand, if you provide the option, then people can see where the innovation is, and form their own opinion as to whether it is a good idea or not. Providing options, almost allows someone to take a time machine, and travel back in time ... to the days when emails were plain text.

dw85745 said:

That software uses various API's in order to function. However, API's are a two edge sword.
They can be used for both good or bad.
So how does one determine what that software is in fact doing.
"CALL HOME" is a simple example of this issue.

The protection of APIs is to do with a feature called Data Execution Prevention (DEP), which has been on Windows computers since around 2007. With DEP feature switched on, the Software Program has to comply with DEP in order to gain the security benefits. For more information about this, look up DEP on the web.

wither 2

Not sure what Call Home is

"Call Home" is a featured used by 3rd Party Software (software you didn't write) that periodically calls the vendeors server for various reasons. Call Home can be implemented in various ways such as making a registry entry or embedded directly in the software itself.
Some trigger (time elapse for example) initiates the Call Home action and the software dials from your machine to theirs. Adobe used to be (is) bad about "Call Home". Unlike "Remote Content" where the user selects to view the Remote Content and then has knowledge the call will be made, Call Home has no interface and is done without the users knowledge.


iko22:
DEP as I understand it is still dealing with an outsider (e.g. virus) getting in - or having got in -- and then accessing memory in a Process it is not supposed to have access to. What I'm trying to address is 3rd party software getting out and how to monitor it.
For example, say I install program A -- or -- receive an ActiveX control (or library) to be used to link to someone elses server. I need the program or the ActiveX. However, the vendor will Not provide the source code for the software or the ActiveX. Hence, I really have no knowledge what is embedded in that code. Just like Call Home, when the software is installed who knows what went on behind the scenes. With the ActiveX I have a little more control, but since it is interfacing with someone elses server, embedded in that ActiveX can be APIs calls to do whatever. While DEP --hopefully -- would limit access outside of the Process that is executing the ActiveX, the ActiveX still would have access to the code in which it is embedded and I'm NOT real sure what else (??? basis for question) . So can one control any of this or is it back to the "TRUST" issue with No VERIFY?