Catching Kakworm
I have taken the view that email-borne viruses are only a danger if one intentionally opens an attachment, and I proceed only after seeing who it is from and its title in the preview pane of Outlook Express.
Recently I have received emails from Microsoft, eFax.com and others which initiate an internet connection to their website by automatically starting a dial-up networking connection.
I understand the reason for this, but I realise that someone with a malicious intent could do considerable damage using this type of embedded code. How can I disable it?
John Mathias
London j.mathias@ntlworld.com
Jack Schofield: The quick answer is to go to Internet Explorer's Tools menu, pick Internet Options, go to the Connections tab and click to select "Never dial a connection". However, this does not remove the potential problems with web-style mail, coded in HTML, which can run scripts and can carry viruses such as VBS/Bubbleboy and VBS/Kakworm.
Merely reading a message infected with Kakworm allows it to put a file called KAK.HTA into Windows' Start-up folder. The next time Windows is started, it creates a file called C:\WINDOWS\ KAK.HTM which changes the Microsoft Outlook Express registry settings to add the virus to your outgoing email as a signature.
The last of these fortnightly columns explained how to disable the Windows Scripting Host program that runs Visual Basic Scripts (VBS).
It's also possible to disable scripting in Internet Explorer. In IE5, go to the Tools| Internet Options|Security tab (remember, Outlook Express is part of the Internet Explorer suite) and raise the default security level or click Custom Level and do it manually.
However, Bubbleboy and Kakworm actually exploit one of Microsoft's mistakes, which was to mark two small files (scriptlet.typelib and Eyedog) as being "safe for scripting" when they aren't. Microsoft published a patch to fix this on August 31: see www.microsoft.com/technet/security/bulletin/fq99-032.asp
Users of IE4 and IE5 for Windows 95/98 should have downloaded the fix but we didn't. Now Kakworm is becoming widespread, it's a good idea.
Brought to account
My wife and I have separate ISP/email accounts, and I am unable to set Outlook Express so that I can just see my emails when I log in and she can see only hers when she logs in. In fact, at the moment only I can send emails and I can see her emails in my intray. She thinks its a conspiracy and I am unable to provide a valid answer. Help! Keith Shapley
Keith.Shapley@tesco.net
JS: With Outlook Express 4, you have to "enable user profiles" so that you each log on to and log off from Windows before running the program. (For this to work, you also have to enable user profiles before you install OE4 in Windows 95/98, but that's a longer story.)
Go to the Control Panel, double-click Passwords, and select the User Profiles tab. Click: "Users can customize their preferences and desktop settings. Windows switches to your personal settings whenever you log in."
Outlook Express 5 is much better because it introduces the concept of Identities. Simply pull down the File menu, point to Identities, and click Add New Identity. Creating a new identity automatically creates a new mail folder.
The outlook for Macs
I've succeeded in getting online on a Mac which is networked to two PCs using Windows 98SE's Internet Connection Sharing. The problem is, I'd like to use Outlook Express on the Mac, but I'm running OS 7.6 and the latest version of Outlook Express (5.02) only runs on 8.1 or later.
Could you tell me where I might be able to download an earlier version of Outlook Express that will run on OS 7.6?
Donald Gunn
donald@culloden5.freeserve.co.uk
JS: Outlook Explorer 4.5 runs on PowerPC-based Macs with Mac OS 7.5.3 or above (7.5.5 or above is recommended). You can download it from www.microsoft.com/msdownload/iebuild/ie45_mac/en/ie45_mac.htm
