Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Remote Content -- General Question

1 Week Ago   #1
dw85745

Win 7 Pro x32
 
 
Remote Content -- General Question

Thunderbird (current Email Client) forces one to select Remote Content.
Question:


-------------------------------------------------------------------------------------------------------------

1) What is the pupose of remote content AND why is it used in the first place?
For example I get a document from a third party where part of the document is out of the Window Client area and Thunderbird does NOT provide a scrollbar to show that portion of the document. By selecting "Remote Content" the document is reformatted and the entire document is now viewable in Thunderbird.
-----------------------------------------------------------------------------------------------------------------

2) The document in #1 that I receive initially is sent to a hosting server where Thunderbird goes to
retrieve the document. When remote content is invoked is the reformatted document or code to

make such reformat on (a) my system (b) the host server, or (c) the original sending server?
That is how far back is Thunderbird going to retrieve the remote content.


------------------------------------------------------------------------------------------------------------------

3) If the remote content is downloaded with the email and resides on my system, should NOT the virus checker -- Windows Defender for example -- check both the email and remote content for viruses?
-----------------------------------------------------------------------------------------------------------------


4) Any other comments about remote content and security issues / problems and resolution appreciated.


My System SpecsSystem Spec
.
1 Week Ago   #2
wither 2

Windows 7 Pro SP1 64 bit
 
 

My System SpecsSystem Spec
1 Week Ago   #3
dw85745

Win 7 Pro x32
 
 

wither 2: Thanks for responding and links.


Quote:
Do these help?
A little.

What I've found so far is the HTML contains an embedded URL that makes a call to that URL if Remote Content is selected. So

that answers my #2, and #3 questions as that call will bypass the email hosting server since it is making a direct call.
My presumption since it is making that call that whatever is remote will then be sent to my system.



#1 is still unanswered as to why a legit business would do this (in my case sending an unformatted versus formatted document)?


----------------------
FWIW: Have never been able to logon to the Thunderbird forum. For whatever reason when I enter my userid /pass it
errors on one or the other and when I try to create new using same email address, it says it already exists and won't accept it.
SADLY, no way to contact anyone by phone and all attempts over Net through various links have been for Not. Wanted to at least get someones attention to see if they could add a horizontal scrollbar so one didn't have to select remote content.
My System SpecsSystem Spec
.

1 Week Ago   #4
wither 2

Windows 7 Pro SP1 64 bit
 
 

I thought the first paragraph in the first link explained why it does this. As mentioned in the link, v1.5 allowed all remote images for people in the address/contact book. They might have made the change in the later versions as a result of feedback from users.
My System SpecsSystem Spec
1 Week Ago   #5
dw85745

Win 7 Pro x32
 
 

I was coming at this from the opposite direction -- system security.
That is, if "external" images can contain malware, then why allow them in the first place.
That way one eliminates the possibility of:
1) malware
2) "who do you trust" issue, and
3) would force the sender to properly format documents textually.


FWIW: Been delving into Microsoft security which I know really little about.
So far, everything is oriented toward "users" or trying to get access to the system from outside.
(secpol.msc).

Nothing is addressed regarding how to secure or evaluate system from within -- my area of concern.


For example:
Like most people I have some software written by someone else.

That software uses various API's in order to function. However, API's are a two edge sword.
They can be used for both good or bad.
So how does one determine what that software is in fact doing.
"CALL HOME" is a simple example of this issue.
My System SpecsSystem Spec
1 Week Ago   #6
wither 2

Windows 7 Pro SP1 64 bit
 
 

I see. The obvious way to protect the system from within is to have good AV/malware software installed and keeping Windows up to date.

Not sure what Call Home is. I see it by Citrix.
My System SpecsSystem Spec
1 Week Ago   #7
iko22

Windows 7 x64, Vista x64, 8.1 smartphone
 
 

Quote   Quote: Originally Posted by dw85745 View Post
#1 is still unanswered as to why a legit business would do this (in my case sending an unformatted versus formatted document)?


The root of the question appears to be in the innovation timeline of E-mail. Once upon a time, all E-mail was encoded as Plain Text. Plain Text encoding had the advantage that it was quick (ie there was not much to encode), and that it could be read by anybody.
Then came along HTML encoding, which is heavier encoding that contained more features for formatting text and including embedded objects such as hyperlinks and photos. And had the disadvantage that not all devices could read the content (especially mobile phones).
Most of what you are asking appears to be about Forensic Analysis. From what I understand, if you provide the option, then people can see where the innovation is, and form their own opinion as to whether it is a good idea or not. Providing options, almost allows someone to take a time machine, and travel back in time ... to the days when emails were plain text.
My System SpecsSystem Spec
1 Week Ago   #8
iko22

Windows 7 x64, Vista x64, 8.1 smartphone
 
 

Quote   Quote: Originally Posted by dw85745 View Post

That software uses various API's in order to function. However, API's are a two edge sword.
They can be used for both good or bad.
So how does one determine what that software is in fact doing.
"CALL HOME" is a simple example of this issue.
The protection of APIs is to do with a feature called Data Execution Prevention (DEP), which has been on Windows computers since around 2007. With DEP feature switched on, the Software Program has to comply with DEP in order to gain the security benefits. For more information about this, look up DEP on the web.
My System SpecsSystem Spec
1 Week Ago   #9
dw85745

Win 7 Pro x32
 
 

wither 2


Quote:
Not sure what Call Home is
"Call Home" is a featured used by 3rd Party Software (software you didn't write) that periodically calls the vendeors server for various reasons. Call Home can be implemented in various ways such as making a registry entry or embedded directly in the software itself.
Some trigger (time elapse for example) initiates the Call Home action and the software dials from your machine to theirs. Adobe used to be (is) bad about "Call Home". Unlike "Remote Content" where the user selects to view the Remote Content and then has knowledge the call will be made, Call Home has no interface and is done without the users knowledge.


iko22:
DEP as I understand it is still dealing with an outsider (e.g. virus) getting in - or having got in -- and then accessing memory in a Process it is not supposed to have access to. What I'm trying to address is 3rd party software getting out and how to monitor it.
For example, say I install program A -- or -- receive an ActiveX control (or library) to be used to link to someone elses server. I need the program or the ActiveX. However, the vendor will Not provide the source code for the software or the ActiveX. Hence, I really have no knowledge what is embedded in that code. Just like Call Home, when the software is installed who knows what went on behind the scenes. With the ActiveX I have a little more control, but since it is interfacing with someone elses server, embedded in that ActiveX can be APIs calls to do whatever. While DEP --hopefully -- would limit access outside of the Process that is executing the ActiveX, the ActiveX still would have access to the code in which it is embedded and I'm NOT real sure what else (??? basis for question) . So can one control any of this or is it back to the "TRUST" issue with No VERIFY?
My System SpecsSystem Spec
Reply

 Remote Content -- General Question




Thread Tools




Similar help and support threads
Thread Forum
Using the COA key - general question
Hello, In a previous thread, it was mentioned that "....If you do, you can do a clean reinstall and use the key on the COA certificate to activate Windows...". I am assuming in my ignorance that this is the 'product key'. Does this imply that I can use a windows disk (of the same rating i.e....
General Discussion
General Driver Question
Hello everyone, I am installing some software on a few Windows 7 - 32 bit PCs. I am watching the installation and there comes a point where the installation stops and tell me that my drivers are not signed and to select I want to install them or not. However if I do nothing the screen goes...
Drivers
General Question
I have a Laptop that had a hdwe failure and it has Win7 Home on it..I have since bought a new laptop with Win8 on it...My question is,I made a recovery set with the old laptop on 4DVD's can I use those on a different machine since the laptop is dead? I have a Game machine that has XP on it and...
Installation & Setup
Enabling remote content sharing in Windows Media Player 12
I've tried the "EnableRemoteContentSharing" registry edit in both versions 11 and 12 of WMP, and it only seems to work with 11 (in Vista Ultimate, if that matters). In Win7 running WMP 12, I cannot for the life of me get network shares in my Windows Media Library to share with my other computers on...
Music, Pictures & Video
General PSU question
How long is the average "burn in" period for a power supply?
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:44.
Twitter Facebook Google+