Important note: These registry changes are provided as examples of how these parameters might be changed. Be sure you have a complete backup of your registry and an up-to-date ERD (Emergency Repair Disk) before you make any changes. The Registry editor can make your system unusable, so be careful! We take no responsibility for these registry changes - do them at your own risk!
Many viruses get onto systems because they are accidentally or intentionally executed by the people who receive the messages. This is one of the easiest and more effective ways for a virus to get on your system: they simply arrive in your inbox as an attachment, which you open, which causes the virus to be executed. This in turn allows the virus to scan your address book (and files on your hard drive) and send itself to every email address it can find.
Note that the virus must actually be opened by a person to be executed (although there is a vulnerability, since patched, which allows a virus to be executed if a web page or HTML email message is simply viewed).
The obvious question comes to mind immediately: to prevent a virus from entering the system (at least through email), why not simply discard any executable attachments? I mean, there really, when you think about it, are not many valid reasons to receive one of these files as an attachment. Yeah, that screen saver is nice, but is it worth the risk?
Keeping that thought in mind (and considering that the "I Love You" virus caused billions of dollars in damages), Microsoft has provided the means to do exactly that. If you've installed Outlook 2000, you can download and installed an update to keep executable files from being opened at all from within an email message (installing service pack 3 for Outlook automatically installs the update). Outlook XP (also called Outlook 2002) comes with this feature installed.
This feature disallows any and all files of a file type which is executed from being opened. There are two levels: level 1 (EXE files, for example) cannot be opened at all. Level 2 (URL files, for example) can be saved but not directly opened and executed.
Sometimes there is a need to allow certain executable files to be opened in an email message. If this is true for you, you can edit the registry to allow specific file types.
For Outlook XP:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\10.0\Outlook\Security
For Outlook 2000:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\9.0\Outlook\Security
For Outlook 97 (I have not attempted this on Outlook 97 yet so am not sure this will work).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\8.0\Outlook\Security
Create a String value called "Level1Remove".
Make the contents of "Level1Remove" equal to the URL(s) you want to allow. Separate multiple URLS with semicolons. In the example below, we've allowed EXE files to be opened.
Here's how a message containing an EXE file will look with the Outlook email update or SP3 installed (or in Outlook 2002). As you can see, the EXE file cannot even be opened, much less executed.
And after the registry edit has been performed, the email will appear like this. Of course, now there is a danger that a virus contained in an EXE attachment can accidentally be opened and executed.
Unless otherwise noted, all photos and text is Copyright © Richard G Lowe, Jr.