Dear Straight Dope:
An update on computer viruses in e-mail, the recent Q&A in the mailbag:
The latest trend is to allow HTML (the language of the World Wide Web) in everything, including e-mail. As an example, Microsoft mail products will display a document containing HTML in HTML format, just as a browser would.
But an HTML document can contain Java or Active-X applets, which in fact programs that run on your computer. And while there are security elements in place to stop these from doing any damage to your computer, such protections are rarely foolproof. Further, such applets can be embedded in an e-mail without any visible effect. You might not even know if an applet is running on your computer.
Thus, with more sophisticated email processing, it IS possible to embed a program in an e-mail that will run when the e-mail is opened, without any downloading involved. This might introduce a virus onto your computer if the folks that wrote your e-mail package left some bugs in such package. (Microsoft and its friends writing buggy software? Nah, never happen...)
A recent edition of comp.risks, a mailing list dedicated to risks with computers, discussed this issue and gave an example of a Java applet embedded in an e-mail message.
SDStaff Tech replies:
You’ve got a valid point if you’re using Netscape or Internet Explorer to read e-mail. It’s irrelevant to AOL, since the AOL software’s ability to read HTML in e-mail is limited to things like hyperlinks.
Even on Netscape or IE, this isn’t really a problem, because your security settings are by default set up to say, “Hey, you’re about to read a piece of encoded e-mail, and I don’t trust it.”
At least that’s the way it works now. But who knows what wonders the future holds?
Send questions to Cecil via firstname.lastname@example.org.
STAFF REPORTS ARE WRITTEN BY THE STRAIGHT DOPE SCIENCE ADVISORY BOARD, CECIL'S ONLINE AUXILIARY. THOUGH THE SDSAB DOES ITS BEST, THESE COLUMNS ARE EDITED BY ED ZOTTI, NOT CECIL, SO ACCURACYWISE YOU'D BETTER KEEP YOUR FINGERS CROSSED.