Feeds

No-HTML plug-in for Outlook available

Halleluiah, almost

  • alert
  • submit to reddit

High performance access to file storage

I've always believed that if the US Government were ever to get really serious about Internet security, the top players in Microsoft's management hierarchy would find themselves handcuffed, blindfolded, led onto a tarmac within some obscure Air Force base, and shot.

Witness if you will Microsoft Outlook and Outlook Express, the two most efficient virus propagation utilities ever devised by human intellectual failure.

Among the more ostentatious security pitfalls deliberately coded into Outlook is its determination to accommodate the mighty Direct Marketing Association (DMA) spam lobby by refusing to allow users to shut off HTML (which exposes us to myriad forms of malicious code in received messages), as this would have a devastating impact on advert click-throughs for hot, wet teens, scientific studies have shown.

You can decline to send HTML messages, as any decent Netizen does; but you can't decline to receive them. No, that would be downright hostile to the spam establishment, and Microsoft knows better than tangle with one of the few industries which dwarfs it.

However, some of us now have a nifty tool called NoHTML to disable HTML displays in Outlook, thanks to Russ Cooper of NTBugtraq. In Outlook 2000, NoHTML supposedly converts HTML to RTF. In Outlook 2002, it converts HTML to plain text. Pretty neat.

In NT, 2K or XP, just install the file (a DLL) in: Documents and Settings\(user)\Application Data\Microsoft\Addins. Finish the installation as described below, re-boot, and all should be well.

If you're running 9x, you might try installing it in: Windows\Application Data\Microsoft\AddInsWindows\Local and/or in Settings\Application Data\Microsoft\Outlook.

Finish the installation thus: within Outlook, go to Tools, Options, Other, Advanced Options, COM Add-ins, Add. Find NoHTML.dll and select it. Re-boot.

Thus far it's worked for me with Outlook 2000 on 'XP and '98. I can hardly describe the thrill of blocking scripts in Outlook for once in my life. In '98, an HTML message's preview pane is blank, as is the whole message when opened manually; in 'XP it all shows up as text, as it should.

It's important to set Outlook to reply in plain text, however (if you can). While the plugin will defeat HTML on incoming messages, if you've elected to reply in the sender's format you could possibly activate a script when you launch a reply. In older versions of Outlook it was possible to force replies into plain text, but in later versions one is only permitted to select his own default settings for new messages.

The plugin, regrettably, won't work with Outlook Express, whose users tend to be those most in need of this sort of protection.

But once it's adapted to OE and its little glitches are sorted out, I'd say we have a winner here. Too bad Microsoft couldn't manage something like this on its own, simply as a setup option. Heavens, had they done so, they might not now have to whine so piteously about devastating bug disclosures. ®

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.