Chapter 10. Protecting E-mail
Malicious attack types come in cycles. Two decades ago it was boot viruses. In the mid 1990s, macro viruses reined. Malicious e-mails have been a huge problem since the Melissa virus in 1999 and the Iloveyou worm of 2000. These days, malicious e-mails account for the majority of the e-mail traffic headed across the Internet, albeit using bots, viruses, worms, spam, or phishing attacks.
Preventing malicious e-mail attacks is one of the strongest defenses any network administrator can implement. In this chapter, we discuss the various e-mail threats, introduce Windows Vista's new Windows Mail application, and discuss e-mail defenses that should be enacted to secure any environment.
E-mail Threats
E-mail threats come in the form of malicious file attachments, embedded content, embedded links, leaked passwords, and some other miscellaneous categories.
Malicious File Attachments
Malicious file attachments still account for a large majority of all e-mail threats, although the percentage is decreasing as attackers begin to rely on embedded content more and more. In most instances, a malicious file attachment must be manually opened or executed by the end user to launch the malicious program or instructions. There have been a few isolated cases and periods of time where file attachments have been able to automatically execute when the user retrieved the e-mail (for example, buffer overflows and MIME-type mismatches), but those types of flaws are usually patched ...
Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.