In message , Jeff Layman
writes
wrote:
In article ,
Jeff Layman wrote:

For anyone that has a hardware firewall in their router, a software
firewall on the PC and a virus checker that is updated on a weekly
basis then there will be no risks with using garden banter.

? What's the difference if you are connected to the internet via a
mailserver, newsserver, or via a browser? If you allow http of any
sort to get through, you are wide open to malicious scripts. ...

That's not true. But describing why it's false is beyond the scope
of this group.


Regards,
Nick Maclaren.

Other than I mistakenly wrote "http" instead of "HTML", of course it's true.

From the first paragraph of
http://home.earthlink.net/~bobbau/email/avoiding-html/:

"Use of HTML formatting has allowed malicious code writers to send highly
damaging e-mail, such as messages that infect your computer with a virus
when you simply read the e-mail. Also note that if you post to a mailing
list or list-serve, it may require you to send in plain text rather than
HTML format."

That's just one of many links you can find by googling "messages in html"
and "malicious".

There would be a lot less successful malware floating round the internet if
plain text mail was used. With Outlook Express, simply viewing an HTML
message in the preview frame is a security risk.

That's not quite the same as "If you allow http of any sort to get
through, you are wide open to malicious scripts. ...". Not all email
programs are equally hacker friendly; apart from things like array
overflow attacks (which can happen with straight text as well as with
HTML) the risk depends on how the email program renders HTML - if it
ignores scripting the risks are much lower.
--
Stewart Robert Hinsley