Microsoft clearly designed Windows Mail with awareness that users have become savvier in terms of their technical proficiency, as well as their depth of knowledge about Internet-based threats. Out of the box, the following features are enabled:
Junk Mail Filter (SmartScreen)
Integration with the Internet Explorer Restricted Sites zone
A trigger to warn the user when an application attempts to send mail as the user
Threat attachment filtering
These options can be viewed and managed via the Security tab under Tools|Options.
Tools & Traps
Management through Group Policy Shockingly, as of this writing, only one of the settings in the preceding list is available to Group Policy: threat attachment filtering. The Group Policy Object, Block attachments that could contain a virus, is located under the User Configuration node of Group Policy within an Administrative Template for Internet Explorer. If that were not confusing enough, you expose the setting within Internet Explorer by double-clicking the Configure Outlook Express selection.
The Security Settings Tab
Although the Phishing and Junk Mail filters receive dedicated attention later in this chapter, the other options enabled by default are worthy of description. The Integration with the Internet Explorer Restricted Sites zone means that the ActiveX and Java settings from Internet Explorer are inherited and used to filter mail. As such, mail with this content is not displayed unless the user takes specific action to enable that content or disable this default setting.
The send as trigger is often a function of antivirus software, but Windows Mail enables this functionality by managing its own sensitivity to Trojans and other malware that may initiate the creation of a message. When this effort is made and detected, a Security pop-up from within Windows Vista will notify you of the effort.
Dangerous attachments are typically those that have executable extensions. By default, these attachments are blocked, in that the e-mail will be received and displayed (assuming there is no other insecure content like ActiveX), but the attachment will not be downloaded from the mail server. Windows Mail will notify you that the application has been stripped.