• PC World
• »Security

E-Mail Programs: Insulate Your In-Box

Microsoft Outlook: Security vulnerabilities in Outlook 2002 are addressed by the service packs for Office XP (see "Office Suites"). Once you've installed Service Pack 2, however, Outlook may start crashing. To fix that problem--and to patch yet another security hole that spammers could use to crash your e-mail application--download the Outlook 2002 Update.

Outlook 2000 users need to get Office 2000 SR-1a and Service Pack 3 (see "Office Suites" for details). Once SP3 is installed, you may find that Outlook 2000 fails to behave properly, or that it uses 100 percent of your CPU resources when running in Internet Mail Online mode. A small patch will cure that problem.

If you don't want to install Office 2000 SP3 for some reason, you should at least install the latest version of the Outlook 2000 Security Update, which will protect you against e-mail viruses and worms.

Microsoft Outlook Express: Outlook Express is bundled with Internet Explorer; so to secure Outlook Express, you need the latest fixes for the browser. Get the cumulative patches for IE 5.5 and 6.

Outlook Express 6 and Outlook Express 5.5 Service Pack 2 also have a vulnerability that hackers could exploit to crash or hack into your computer, just by sending you a digitally signed e-mail message. To prevent this theoretical attack, download the Security Update for Outlook Express.

A separate, cumulative update for Outlook Express 6 users patches a number of other security gaps.

Eudora: Eudora versions 5.0 and 5.1 could allow an attacker to run code on your machine by sending you specially formatted multipart e-mail messages. Unlike Microsoft, Qualcomm doesn't do patches. The newest version of the program, Eudora 5.2, takes care of the problem. (The upgrade is free for users who purchased and registered Eudora 5. x Paid mode within the last 12 months.)

To protect yourself against "cross-site scripting," which can let HTML-formatted e-mail messages execute code on your machine while posing as Web sites that you trust, go to Tools, Options, Viewing Mail, and make sure that 'Allow Executables in HTML Content' is not checked.

--Dylan Tweney