Best Practices for Outlook Express

Although we recommend that you use Eudora and follow the recommended configuration guidelines <http://www.cit.cornell.edu/computer/email/eudora/winvirus.html>,  we realize that some people wish to use Outlook Express which ships with Windows 9x/2000/XP and is upgraded  with Internet Explorer upgrades.

Below are some guidelines to help you configure your system and Outlook Express to minimize your exposure to Virus and Trojan attacks. 

AntiVirus Software

One of the most important things you can do to protect yourself from computer viruses is to make sure you have up-to-date antivirus software running with the latest Virus definition files available.  The software should also be configured to scan ALL files irregardless of their file type or origin.

1. Install and configure Norton AntiVirus software which is available free to all members of the Cornell community <http://www.cit.cornell.edu/services/nav/> .
   
2. Ensure that virus definitions are updated on a regular basis.  The default installation is weekly on Friday evenings.  If your computer is not running or is not connected to the network, the update will not take place.  In those cases, you may want to reconfigure the scheduling of Live Update to a time when your computer is normally running and connected to the internet.  In either case, Norton Antivirus will notify you if your virus definitions are more than 30 days old.
   
3. During periods of heavy virus outbreaks, you may want to manually ensure that the latest virus definitions have been downloaded by click on the Live Update button in Norton AntiVirus.
   

Configure Outlook Express

There are a couple things you can do to configure Outlook Express so as to minimize the chances of accidentally launching an attachment that may contain a virus or worm that your Antivirus software may not have caught.

1. Be sure to routinely go to the Microsoft Update site and apply ALL patches to Outlook Express (Start->Windows Update).  The latest patches to Outlook Express are distributed with Internet Explorer 5.x downloads at <http://www.microsoft.com/windows/ie/downloads/archive/default.asp>  or by installing Internet Explorer 6 and its associated updates..
   

   
    

2. Disable the Message Preview Pane by clicking on View->Layout and un-checking the Show preview pane option.

   

   Then click on the Apply and OK buttons to lock in your selection.
    

3. In order to restrict the processing of Scripts, it is necessary to alter the Security zone associated with your incoming E-mail.
   
   

   • Select Tools->Options and then click on the Security Tab.
     

     

     
     Click on the "Restricted sites zone (More secure)" radio button, then click on Apply and OK to lock in your choice.
     
     
   • You still need to configure Internet Explorer NOT to run scripts in the Restricted zones.  This is necessary because Outlook Express always uses Internet Explorer to render incoming E-mail messages whereas Eudora could be configured to use its own internal rendering engine if Use Microsoft Viewer was not selected. Launch Internet Explorer and select Tools->Options and click on the Security Tab.  In the Security tab click on the Restricted Site and then click on then Custom Level button.
     

     

     
     In the Security Settings dialog box, scroll down to the Scripting section near the bottom and click on the radio button next to Disable under Active scripting.
     

     

     
     Click OK to lock in your selection and respond Yes to the Warning prompt regarding changing the security setting.
     

     

     
     Your Internet Options dialog box will now resemble the following.
     

     

     Click Apply and OK to lock in your changes.
      

   • Disable Windows Scripting

     By default, when you install Windows 98, the Windows Scripting Host (WSH) is also installed which opens your system up to vulnerabilities from viruses like VBS.LoveLetter and its variants.
     To turn this off, click on Start->Settings->Control Panel and double click on Add/Remove programs.
     
     When the dialog box opens, select the Windows Setup tab and then click on Accessories.
     

     

     
     Click on the details button and scroll down to Windows Scripting Host and de-select it (remove the check mark in the box).

     
     
     

     Click OK to close the window and Windows setup will remove WSH.  

User Behavior Guidelines

Now that you have configured Outlook Express to be a little less vulnerable to virus attacks, you still need to follow a few words of caution.

1. When you receive an attachment, you may want to save them in a folder other than your My Documents folder since that is where many viruses use as a starting point.  Rather, you may want to select another folder or even another partition to separate incoming attachments from the rest of your files.
    
2. Be sure that your antivirus software is update and actively scanning all files as they come in and also when read. 
   
3. Don't open unexpected attachments even if they are from friends.  Even DOC and XLS files can contain embedded Basic programs that can cause harm to your system.  You may want to download and use one of the free Microsoft viewers <http://office.microsoft.com/Assistance/9798/viewerscvt.aspx> (Word, Excel, PowerPoint, etc) to view documents before opening them up with Office.    If you must open the document with Word, be sure to go under Tools->Options->Security and select the radio button next to High to disable macros in Word documents unless they are signed.
   

   

Now that you have read all of the information above, maybe we have convinced you to not use Outlook Express for your mail client and use Eudora.  You are probably asking yourself if you can just uninstall or remove Outlook Express from your computer.  The answer is maybe you can and maybe you don't want to go through all the effort of removing it from your system..

• Windows 98/Me

  If this was a fresh install of Windows 98/Me without any updates to Internet Explorer, then you should be able to uninstall Outlook Express from your system by clicking on Start->Settings->Control Panel and double clicking on the Add/Remove Programs icon.  When the Add/Remove Program Properties dialog box opens, click on the Windows Setup tab and scroll down the window to Microsoft Outlook Express and remove the check mark in the box next to it. 

  

  Click on the Apply and OK buttons to lock in your changes and Windows will uninstall Outlook Express.

  If you have updated your copy of Internet Explorer, proceed below to uninstalling Outlook under Windows 2000.

   

• Windows 2000/XP or Updated versions of Internet Explorer
  
  The steps necessary to remove Outlook Express under Windows 2000/XP or for users who have upgraded their browser to a later version are much more complex.  Rather than try to include them here, we will direct you to the Web pages provided by Microsoft.
  
  How to reinstall or repair Internet Explorer and Outlook Express in Windows XP: <http://support.microsoft.com/?kbid=318378>

  You may be able to automatically remove Outlook from Windows 2000 by opening the Control panel and selecting Add/Remove Windows Components and then de-selecting Outlook Express. Optionally, try re-installing to see if that solves your problem.
  How to Reinstall Microsoft Outlook Express 5 in Windows 2000 <http://support.microsoft.com/?kbid=254623>

  Windows Me: <http://support.microsoft.com/default.aspx?scid=kb;en-us;278909>
  Windows 98: <http://support.microsoft.com/default.aspx?scid=kb;en-us;263470>
  If these links do not work, try searching the Microsoft Knowledge base for "How to manually uninstall and reinstall Outlook Express"