Outlook Security: An Overview of the Security Settings in Microsoft Outlook

Microsoft Outlook is probably the most used e-mail program in businesses today, and as such, is prevalent in the field--making it a big target for malicious hackers who use e-mail to spread damage to users around the world. Because Microsoft Outlook has become such a big target, Microsoft has taken many steps to turn Outlook into an e-mail client with some serious security features not generally found on other e-mail client programs. These features will be enumerated and briefly described to help you get an overview of the security capabilities and settings available on MS Outlook today (specifically MS Outlook 2007).

• Junk e-mail filtering & Anti-phishing
• Blocking and allowing senders
• E-mail rules
• Attachment blocking
• Macro Security
• Allows use of certificates and digital signatures

Unsolicited or junk e-mail is a form of DoS (denial of service) attack on the user as it slows down or keeps one from reading legitimate e-mails. Outlook has features that allows it to identify junk e-mail. It is not 100% but it can catch most of them.

A more serious form of junk e-mail is a phishing e-mail. A phishing e-mail is basically a trick e-mail intended to lure you into divulging your account information for the purpose of stealing your money or identity. In most cases it poses as an e-mail from your financial institution telling you that you need to log in and take care of some issues. The phishing e-mail even includes a hyper link which takes you to a site that looks legitimate. This phishing protection in Outlook has been around since Outlook 2003 SP2. The algorithm of how Outlook does it is unclear, but if it determines an e-mail to be a phishing e-mail, it will get dumped into the junk e-mail folder.

There are some cases where the other security features of Outlook just won't work. However, you may be able to use the blocking and allowing e-mail feature of Outlook. There are many ways of making this feature more practical to use. Obviously there are many approaches to using this security feature of Outlook.

The most practical use is to block (black list) individual senders or block a complete domain. Combine this with allowing (white listing) individual senders or a complete domain, and you have a very flexible compliment to Outlook's junk e-mail handling features.

Warning: If you think only allowing known senders and blocking all else is a good security solution, think again. If your contacts ever get compromised and starts sending e-mails to you, those e-mails will go right through since it is in Outlook's white list.

Outlook has a very rich e-mail handling automation facility--under e-mail rules. Although you can use it to automatically file certain e-mails to certain folders (i.e. as in e-mail management), you can use it to augment the junk mail capabilities by creating rules of your own. For example, you can create e-mail rules to look for key words in e-mails then dump them into the junk e-mail folder.

Because it is so easy for someone to send files with malicious code, virus, worm, or malware can easily spread. It is this very same reason that Microsoft decided to simply block certain file types by default. The full list can be found at Microsoft's Office site. The blocked file types are typically those that can execute code of any form. Note that Microsoft has two levels of blocked file types--level 1 and level 2. Level 1 file types cannot be changed by users. There are no level 2 by default, but your mail system administrator can move some from level 1 to level 2, or add new ones.

Remember, macros are basically code that allows one to execute within an application like Outlook. MS Outlook has four basic ways of handling macros:

• No warning and disable all macros - no macros are run even if they are signed
• Warnings for signed macros, unsigned macros are disabled - default setting; unsigned macros are never run, but asks the user for permission to run signed ones.
• Warnings for all macros - Outlook will ask permission to run any macros.
• No security checks for macros - Outlook will run any macros; it will not ask the user for permission. This is probably the worst setting; I would recommend sticking with the default setting is you aren't sure.

Most people do not know this, but anyone can spoof anybody's e-mail, and no-one can really be sure if the content of an e-mail was modified in transit. The reason for this is because e-mail cannot really be trusted, in general, unless you properly use certificates and digital signatures. Outlook has provisions to allow users the use of certificates and digital signatures.

Using certificates in Outlook can help you ascertain the identity of your sender and vice versa. It can also be used to ensure message privacy through encryption. Using digital signatures can help ensure that no one has altered the content of the sender's e-mail.

As you can see, Microsoft Outlook has many security features that can help you manage e-mail and control potential threat that might come through it. The features range from dealing with junk e-mails (includes phishing e-mails), using black and white lists, creating and applying e-mail rules, blocking certain file attachments, blocking macros, and allowing the use of certificates/digital signatures.

If properly used, these features can go a long way to helping make sure your Outlook experience is mostly positive.