Browser Security and Controlling Email and Web Threats
Ever had an attachment load itself as soon as you open the Email
it comes with?
Ever caught a virus by opening an Email but not the attachment?
Did you know that virus & worm writers sometimes use the same security holes as Pop-up Advertisers? More Information
|The Email and Attachment arrives at your Inbox|
|You either open the Email to read it or your Inbox is highlighted and the Preview Pane is on allowing the system to open the Email.|
|Windows identifies the Email format as HTML and begins executing the HTML code.|
|A security hole in Windows or client-side script then launches the infected attachment, which could be an EXE, COM, SCR, PIF, or one of many other types of executable files.|
|If you have a virus scanner with resident protection enabled, it is by now scanning the attachment for KNOWN viruses. If the attachment is infected by an as yet undiscovered virus, your virus scanner will not recognize it.|
|If the new virus is not in your anti-virus pattern files, it is then loaded into your system unopposed by your virus scanner.|
|From here, the virus can take down your fire wall, disable your virus scanner, or execute any malicious or invasive act.|
The virus scanner is not always the problem. New viruses emerge every day, and may not be discovered by the virus scanner developers for some time; long enough to allow new virii to slip past your virus scanner in the event that they are propagated as part of a self launching Email attachment. Instead, it is your Windows Internet Security Settings that are not secure.
When run, DrawBridge fortifies your Windows Internet Security to prevent Emails and web pages from using Scripts, Java, Active HTML, ActiveX, .NET functionality, etc to launch programs on your system, and this is how Windows is coaxed into blocking attempts to launch attachments to Emails without your consent.
Remember: All attempts to launch programs on your system without your consent constitute theft of your machine time, are always suspicious, and in the case of Email, always malicious.