noHTML for OE:
http://www.baxbex.com/nohtml.html

It’s not free.

What the List of Lists says about it:

Quote:
"noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts such as Klez and Nimda. By converting incoming email messages from HTML format to simple text, the program lets you read your emails much more quickly, and eliminates the danger posed by most email-borne attacks. It adds a button onto the Outlook Express toolbar, and with a single click you can enable or disable HTML in your incoming email.
"Outlook Express is the most widely used email reader in the world, and is also the biggest target of the virus and trojan writers. noHTML for Outlook Express is the first and only program that can disable HTML within Outlook Express. The program disables HTML in both the message area and the Outlook Express preview window, protecting you from the scripts that can attack your computer, even if you don't open them.
"Protects you against WebBugs. In addition to protecting you against virus and trojan attacks, noHTML for Outlook Express protects you against spammers who send you emails repeatedly. The program eliminates both the scripts and the linked images that spammers rely upon to confirm that your email address is valid, and that you have received their messages."


PS:
This quote of the List of Lists was from this page:
http://lists.gpick.com./pages/IE~OE_Tools.htm

Well I tried the trial version on my W 98 SE with IE/OE 5.5 SP2 (Dutch versions).
I've got some problems with my IE.
I have to admit that I'm not quite sure what caused this: it could be something on my system, it could also well be my own fault!
Anyhow, I uninstalled it.

The SP-1 patch to IE/OE 6 has the option to read emails in text only format.

Hi,

You could also achieve the same security as noHTML by doing two things:

1.
The right rules in your firewall by which you prevent OE to make outbound connection through HTTP-ports etc.
See also the guidelines from LWM for ZAP, and the guidelines from CrazyM for rule-based firewalls; both in the firewall-section of the forum.

2.
Put OE in the Restricted Zone of IE.
And set the options for the Restricted Zone at the highest level of paranoid (for example disable there ActiveX, Java, scripting, etc.etc.).

-{ Quote: " quoting: FanJ link=board=9;threadid=4541;start=0#29745 date=1036010767]
Hi,

You could also achieve the same security by doing two things:

1.
The right rules in your firewall by which you prevent OE to make outbound connection through HTTP-ports etc.
See also the guidelines from LWM for ZAP, and the guidelines from CrazyM for rule-based firewalls; both in the firewall-section of the forum.

2.
Put OE in the Restricted Zone of IE.
And set the options for the Restricted Zone at the highest level of paranoid (for example disable there ActiveX, Java, scripting, etc.etc.).
" }-

Hi FanJ,
Yes and no :
1 is OK of course for outbound but shall not prevent a malicous code to be execute locally at opening.
2 Some malicious codes might bypass the selected security zone and be execute locally on some (all ?) IE versions. I am kind of paranoiac but I need some Active x, Java, etc.. at least if I want to check my bank lol.

Or you have IE6SP1 and you have plain text or do NOT set the visualisation windows (don't know the right term in English) and you right click the posts to see the source in plain text and see if there is no malicious code before opening them. OE/IE is tricky ;)

Best regards,

I agree with Jack, yes, definately disable the Preview pane in Outlook Express. That is one of the most important things to do with OE aside from running it in Restricted mode.

1. In Outlook Express, click on "View" in the menu at the top of the window,

2. Click on "Layout..." in the menu that appears,

3. Uncheck the option "Show preview pane" in the lower part of the window that appears.

Sample screen shot at:

http://www.bbnp.net/showfaq.asp?faqID=48

I use IEClean 6 by which I have disabled ActiveX, MS Java-data, MS Java-script, VBS scripting Host (sometimes called Windows Scripting Host).
Only on very rare occasions I enable in IEClean the first three of those.
It's very easy to dis-/en-able those in IEClean.
Those settings through version 6 of IEClean only effect the Internet Zone.
I have always those options disabled by IEClean when checking email.

And NOD32 pop3scanner checks the email.

Still vulnerable? Your thoughts?

Jan,

-{ Quote: "I use IEClean 6.." }-

Nice choice - but not everybody does ;)

regards.

paul

When I am using Outlook Express (and I have to on two of the computers I use most frequently....silly rules) I always use the following method for HTML messages.

Most here will already know this, but we have to remember there are always new people visiting.

1. I always have the preview pane turned off and I preview HTML mail by doing the following.

2. If I don't know the source of the mail, but it looks like it is truly intended for me, I will highlight the message and right click.

3. Go down to properties and select.

4. It will bring up two tabs - one marked "General" and the other "Details"

5. Select "Details"

6. Then click on "Message Source" and Maximize window.

7. You can now read the mail without ever opening it. You have to read around the html formatting (if it IS html) but it's easy enough to do and usually just a cursory glance will tell you if this is a message written to you and it is legit. Sometimes you will never have to even open the mail itself from the Outlook Express Inbox.

John
Luv2bSecure