Disabling The Outlook Express And Windows Mail Preview Pane 122KB

For: Outlook Express 5.0+ | Windows Mail 6.0+

Published: 26Sep01 | Last Updated: 25Oct09 | Status: To Be Continued

1. Introduction
1. 1.1. The OLEXP 5.0 Preview Pane
2. 1.2. The OLEXP 5.5 Preview Pane
3. 1.3. The OLEXP 6.0 Preview Pane
4. 1.4. The WMAIL 6.0 Preview Pane
2. Disabling The OLEXP Preview Pane
3. Disabling The WMAIL Preview Pane

1. Introduction

An email client is a program that allows users to compose, send, receive, and read email messages. Outlook Express (OLEXP) is the email client included with Windows 98, Windows ME, Windows 2000 Professional, and Windows XP. Windows Mail (WMAIL), the successor to Outlook Express, is the email client included with Windows Vista.

OLEXP/WMAIL organizes email messages into folders. The default OLEXP/WMAIL folders are listed under Local Folders and include an Inbox, Outbox, Sent Items, Deleted Items, and Drafts folder (OLEXP/WMAIL), and a Junk E-mail folder (WMAIL).

By default, when an OLEXP/WMAIL folder is opened, two panes appear; 1.) a top right pane that lists the folder's email messages, and 2.) a bottom right pane, known as the Preview Pane, that displays the email message selected in the top right pane. Also by default when an OLEXP/WMAIL folder is opened, the last email message listed in the top right pane is automatically selected and, therefore, displayed in the Preview Pane. The OLEXP 5.0, 5.5, 6.0, and WMAIL 6.0 Preview Panes are shown below:

1.1. The OLEXP 5.0 Preview Pane

OLEXP 5.0 Preview Pane: Windows 98SE

1.2. The OLEXP 5.5 Preview Pane

OLEXP 5.5 Preview Pane: Windows 2000 Professional Includes SP3

1.3. The OLEXP 6.0 Preview Pane

OLEXP 6.0 Preview Pane: Windows XP Home Edition Original Release

1.4. The WMAIL 6.0 Preview Pane

WMAIL Preview Pane: Windows Vista Ultimate Original Release

Email is frequently used to distribute malware, including, but not limited to, viruses, worms, and trojans. The most common method for distributing malware through email involves packaging the malware as an email attachment. For infection to occur, the attachment must be executed. In the vast majority of cases, execution of the attachment requires the user to interact with the attachment, for example, by double clicking the attachment or otherwise trying to open or run it. In a few cases, however, simply opening the email message, itself, can execute the attachment. Here, the email message, itself, contains specially crafted code that executes the attachment as soon as the email message is opened. One of the most infamous worms of all time, W32.Nimda.A@mm (symantec.com) (described by Symantec 18Sep01), is an example of malware packaged as an email attachment in which infection is triggered by simply opening the email message.

Note: Opening an email message displays the email message's body/content in an email client for viewing. Executing an email attachment runs the email attachment or opens the email attachment in its associated program.

A less common method for distributing malware through email is attachment independent and involves packaging the malware into the email message, itself. For infection to occur, the email message simply needs to be opened. Two of the first examples of malware packaged into an email message in which infection is triggered by simply opening the email message included the VBS.BubbleBoy (symantec.com) worm (described by Symantec 09Nov99) and the Wscript.KakWorm (symantec.com) worm (described by Symantec 30Dec09).

By default, opening an OLEXP/WMAIL folder automatically opens the last email message listed in the OLEXP/WMAIL top right pane in the Preview Pane. This is unfortunate for, if the last email message listed in the OLEXP/WMAIL top right pane harbors malware in which infection is triggered by simply opening the email message, then simply opening an OLEXP/WMAIL folder can result in malware infection. Also by default, selecting an email message in the OLEXP/WMAIL top right pane automatically opens the email message in the Preview Pane. This is also unfortunate for, if an email message listed anywhere in an OLEXP/WMAIL folder harbors malware in which infection is triggered by simply opening the email message, then simply selecting an email message in the OLEXP/WMAIL top right pane, including to delete it, can result in malware infection.

The default behavior of OLEXP/WMAIL to automatically open email messages in the Preview Pane, intended as a convenience, can result in email affiliated malware infection. Fortunately, the OLEXP/WMAIL Preview Pane can be disabled. Disabling the OLEXP/WMAIL Preview Pane allows OLEXP/WMAIL folders to be opened, and email messages to be deleted, without inadvertently triggering malware infection through the opening of email messages.

Important Note:

The mechanisms through which malware infection occurs by simply opening an email message take advantage of vulnerabilities in OLEXP/WMAIL, and/or Internet Explorer, and/or Windows. Microsoft resolves these vulnerabilities by releasing Security Updates that users can download and install from Windows/Microsoft Update. Running Windows/Microsoft Update protects users from threats exploiting known vulnerabilities that Microsoft has resolved, but does not protect users from threats exploiting newly discovered vulnerabilities that Microsoft has not had time to resolve. Therefore, even if you frequently run Windows/Microsoft Update, it is strongly recommended that you disable the OLEXP/WMAIL Preview Pane.
Disabling the OLEXP/WMAIL Preview Pane is one of many steps to secure OLEXP/WMAIL from email affiliated malware infection. Further discussion of securing OLEXP/WMAIL from email affiliated malware infection is beyond the scope of this page.

2. Disabling The OLEXP Preview Pane

Open OLEXP.
In the OLEXP Folders pane, select Local Folders:
Click View | Layout.
In the Preview Pane fieldset, uncheck Show preview pane.
Click OK.

3. Disabling The WMAIL Preview Pane

Open WMAIL and click View | Layout.
In the Preview Pane fieldset, uncheck Show preview pane.
Click OK.