OLEXP: How to Ensure E-Mail Attachments Are from a Trusted Source (193748)

MORE INFORMATION

If you receive an e-mail message with an attached program from an unknown source, you should try to obtain the program from the vendor instead of running the attached version. For example, if you receive an imposter e- mail message with an attachment that claims to update the version of Microsoft Internet Explorer or Outlook Express you are using, you should instead obtain the update (if it exists) from the Microsoft Windows Update site because you know it is from a trusted source.

To help prevent you from running a malicious program you receive as an e- mail attachment, Outlook Express uses Digital Code Signing. Digital Code Signing is a standard that helps ensure that files you download from the Internet or receive in e-mail are from trusted sources and have not been altered since their creation. When you attempt to download a file from the Internet or open an e-mail attachment, a check is performed to determine if the file is signed by the publisher and whether or not the certificate used to sign the code is valid. If you attempt to open an unsigned e-mail attachment, Outlook Express warns you that you are attempting to run an unsigned program.

For additional information about Digital Code Signing and security settings in Internet Explorer, please see the following article in the Microsoft Knowledge Base: Microsoft Windows 98 includes a tool called Microsoft Signature Verification Tool. You can use this tool to view files to determine if they are signed or unsigned files. A signed file is a file that has been given a digital signature by a certifying authority. For additional information about the Signature Verification tool, please see the following article in the Microsoft Knowledge Base: