Back in the 80s when I first got online, it was absolute­ly cor­rect to say “don’t wor­ry, your sys­tem can­not be infect­ed with a virus sim­ply from open­ing an email mes­sage.” When the Good Times virus hoax first appeared, that reas­sur­ance was part of the mantra in try­ing to fight the hoax. It’s been repeat­ed over and over and over — and unfor­tu­nate­ly, it’s no longer true.

Thanks to the advent of HTML mail, your sys­tem can be infect­ed just by open­ing an email mes­sage now. And if your mail client has a pre­view pane that shows you the con­tents of a mes­sage before you’ve opened it, you don’t even have to open the mes­sage to be infect­ed!

Of course, some peo­ple aren’t vul­ner­a­ble. Mail clients that don’t dis­play HTML avoid this prob­lem. Most of the virus­es in this cat­e­go­ry (so far) have been specif­i­cal­ly cre­at­ed to take advan­tages of flaws in Microsoft Out­look and Out­look Express. I haven’t heard of any HTML-based virus­es that attack Mac­in­tosh users. But since there are huge num­bers of Win­dows users out there with email pro­grams that do dis­play HTML mes­sages, most peo­ple are vul­ner­a­ble to these virus­es.

What you can do to pro­tect your­self is to:

  • Install a good antivirus pro­gram and keep it updat­ed — mine actu­al­ly checks for updates twice every day.
  • Dis­abling the pre­view pane in your email pro­gram is also a good idea.
  • If you can dis­able HTML dis­play, con­sid­er doing it (I’m rather unhap­py that I can no longer do that in the lat­est ver­sion of Eudo­ra Pro).
  • Do not use Out­look or Out­look Express for email. They sim­ply have too many secu­ri­ty prob­lems, and no mat­ter how many patch­es you install from Microsoft, new holes seem to be found every week.
  • Be very cau­tious about using web­mail.

Most of these virus­es are worms — they’re designed to not only harm an infect­ed sys­tem, but to active­ly try to spread them­selves to more sys­tems, usu­al­ly through your email pro­gram. The Melis­sa virus was one of the best-known of those. The KAK worm is the one I’ve per­son­al­ly encoun­tered the most fre­quent­ly. Most of these virus­es actu­al­ly come to pub­lic atten­tion because of the way they spread them­selves to more sys­tems.

Using a fil­ter­ing ser­vice like Bright­mail can also help to pro­tect you — they have respond­ed to most of the recent virus out­breaks by auto­mat­i­cal­ly fil­ter­ing infect­ed mes­sages to pro­tect their users. I wouldn’t trust them (or any oth­er third par­ty) to be my only defense, but I cer­tain­ly con­sid­er them part of my defense against email-borne virus­es.

You should also think about the pos­si­bil­i­ties of get­ting script-based virus­es from usenet mes­sages if your ISP isn’t fil­ter­ing out HTML posts and your news­read­er does dis­play HTML. I absolute­ly love the fact that Forte Agent does not dis­play HTML, because I know that there is no way for me to have a prob­lem sim­ply from read­ing a usenet mes­sage.

Hon­est­ly, I’m not an alarmist. I’ve seen way too many virus hoax­es myself, and I take every new alert with many grains of salt until I’ve per­son­al­ly ver­i­fied it with a trust­ed resource. I think it’s high­ly irre­spon­si­ble, though, to give any­one a false sense of secu­ri­ty by spread­ing a max­im that was once true, but is now false. Yes, your sys­tem can be infect­ed with a virus sim­ply from read­ing email. Please be care­ful.

Orig­i­nal­ly pub­lished Feb­ru­ary 3, 2001