User talk:Wintogreen: Difference between revisions
Wintogreen (talk | contribs) (thanks) |
Wintogreen (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
Rough idea for how to reorganize [[Email scanning - pros and cons]]: | |||
: | :'''''This article is a work in progress and still very much [[Talk:Email scanning - pros and cons | under discussion]].''''' | ||
Please use the information in this article to help decide whether you wish to disable e-mail scanning and/or autoprotect monitoring of your mailbox files by your antivirus software. For other, more basic information on using antivirus software with Thunderbird or Mozilla Suite, see [[Antivirus software]]. | |||
==E-mail scanning== | |||
1) Malware attachments are not at all dangerous as attachments, only when activated by users opening them. As long as your AV program’s autoprotect function (often called “guard” or “shield”) is turned on, it will prevent any “infection” by malware your AV program knows about: i.e., it will not let you open and thereby install any known malware program in an e-mail attachment. As Symantec thus states regarding Norton Antivirus, disabling e-mail scanning "does not leave you unprotected against viruses that are distributed as email attachments" as long as autoprotect is enabled. [http://service1.symantec.com/SUPPORT/nav.nsf/5faa3ca6df6f549888256edd0061c0a4/4ba5fc8ef939c44c88256c7500723cf0?OpenDocument&src=bar_sch_nam&seg=ag] | |||
NOTE: if you do disable email scanning, be sure to read the section below about autoprotect and system scans. | |||
===Summary of cons: reasons for ''not'' scanning e-mail=== | |||
* Scanning all e-mails wastes system resources, especially in the case of those AV programs famous for causing computer slowdown. | |||
* Scanning all e-mails increases the chances of Inbox corruption; "surgical" operations in an e-mail program's data files by another program include the risk of corrupting those files. | |||
* Since much infected mail is spam and since many users do not normally read mail in the Junk folder (let alone open attachments found there!), the chance for Inbox corruption should be significantly reduced if [[Junk Mail Controls | junk-mail filtering]] is turned on, e-mail scanning is turned off, ''and'' the Inbox file is excluded from autoprotect monitoring. | |||
* In addition, there is a chance that if you do get a non-spam e-mail infected with a malicious attachment that this e-mail will contain an important message from a known sender. It is senseless to let your AV program destroy an important e-mail just because it has an infected attachment. | |||
* If your AV software should happen to lock up your Inbox file, getting it out of quarantine may be difficult and time-consuming for some users. | |||
* As noted above, excluding the Inbox file (or other mailbox files) from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable your AV program to prevent any virus from being activated should you try to open a malicious attachment. | |||
===Summary of pros: reasons ''for'' scanning e-mail=== | |||
* If your AV software's e-mail scanning can reliably keep infected messages from reaching your Inbox, then your Inbox file will not become "infected" in the first place and your AV software will thus have no reason to take action against the whole Inbox file. | |||
* Even though malicious attachments are ordinarily not dangerous unless opened and your AV software's autoprotect should prevent you from activating them, some people prefer to not have dormant virus code in their Inbox or other mailbox files (Junk, Trash, etc.). | |||
* For users with enough computer skills, getting the Inbox back from quarantine may be easy and usually succeed. | |||
* Users who back up their mail every day and/or move everything out of the Inbox never risk losing more than today’s mail. Users who set up Thunderbird (or Mozilla Suite) to leave messages on the server for a few days will also be able to recover those messages if needed. | |||
* The overall effect on system resources by your AV software may be negligible on your computer. | |||
==Autoprotect and system scans== | |||
NOTE: If you disable e-mail scanning, there are still other ways that your Inbox or other mailbox files can be quarantined by your antivirus software. Thus, please read and understand that... | |||
2) In Thunderbird (and Mozilla Suite), a message that is moved or deleted from the Inbox actually remains in the "Inbox" file on your computer until you [[compacting folders | compact folders]]; it is merely hidden from the Inbox view in Thunderbird. For instance, if you download an infected message and Thunderbird's [[Junk Mail Controls | junk-mail filtering]] automatically moves it to the Junk folder, you now have ''two'' copies of that message in your mailbox files: one in the Junk file, and one in the Inbox file. Even if you delete the infected message and empty the Trash, it remains in your Inbox until you compact folders. This is important because your AV program might detect a virus in one of these mailbox files and quarantine the file, even though the corresponding mail folder in Thunderbird "looks" like it is empty of suspicious e-mails. | |||
3) Some AV programs are configured by default to not let their autoprotect function monitor Outlook Express’s mail files (.dbx). Symantec suggests excluding the Inbox file from being scanned in order to keep it from becoming quarantined [http://service1.symantec.com/SUPPORT/ent-security.nsf/d04e6f2f2dfad5de88256c910079502c/712247a53df336e088256a22002724ad?OpenDocument&prod=Norton%20AntiVirus&ver=2004%20for%20Windows%202000/Me/98/XP&src=sg&pcode=nav&svy=&csm=no]. Excluding the Inbox file from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable autoprotect to prevent any virus from being activated if you try to open an infected attachment. (The reason for this is that the attachment has to “come out” of the mailbox file to be activated.) In addition to excluding the Inbox file from being scanned, you can similarly exclude other mailbox files (such as Sent, Templates, and Junk). Check with your AV program’s manufacturer for instructions or test it using [http://www.eicar.org/anti_virus_test_file.htm this] harmless antivirus test file. | |||
[[Category:Privacy and security]] | |||
Revision as of 14:40, 31 October 2005
Rough idea for how to reorganize Email scanning - pros and cons:
- This article is a work in progress and still very much under discussion.
Please use the information in this article to help decide whether you wish to disable e-mail scanning and/or autoprotect monitoring of your mailbox files by your antivirus software. For other, more basic information on using antivirus software with Thunderbird or Mozilla Suite, see Antivirus software.
E-mail scanning
1) Malware attachments are not at all dangerous as attachments, only when activated by users opening them. As long as your AV program’s autoprotect function (often called “guard” or “shield”) is turned on, it will prevent any “infection” by malware your AV program knows about: i.e., it will not let you open and thereby install any known malware program in an e-mail attachment. As Symantec thus states regarding Norton Antivirus, disabling e-mail scanning "does not leave you unprotected against viruses that are distributed as email attachments" as long as autoprotect is enabled. [1]
NOTE: if you do disable email scanning, be sure to read the section below about autoprotect and system scans.
Summary of cons: reasons for not scanning e-mail
- Scanning all e-mails wastes system resources, especially in the case of those AV programs famous for causing computer slowdown.
- Scanning all e-mails increases the chances of Inbox corruption; "surgical" operations in an e-mail program's data files by another program include the risk of corrupting those files.
- Since much infected mail is spam and since many users do not normally read mail in the Junk folder (let alone open attachments found there!), the chance for Inbox corruption should be significantly reduced if junk-mail filtering is turned on, e-mail scanning is turned off, and the Inbox file is excluded from autoprotect monitoring.
- In addition, there is a chance that if you do get a non-spam e-mail infected with a malicious attachment that this e-mail will contain an important message from a known sender. It is senseless to let your AV program destroy an important e-mail just because it has an infected attachment.
- If your AV software should happen to lock up your Inbox file, getting it out of quarantine may be difficult and time-consuming for some users.
- As noted above, excluding the Inbox file (or other mailbox files) from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable your AV program to prevent any virus from being activated should you try to open a malicious attachment.
Summary of pros: reasons for scanning e-mail
- If your AV software's e-mail scanning can reliably keep infected messages from reaching your Inbox, then your Inbox file will not become "infected" in the first place and your AV software will thus have no reason to take action against the whole Inbox file.
- Even though malicious attachments are ordinarily not dangerous unless opened and your AV software's autoprotect should prevent you from activating them, some people prefer to not have dormant virus code in their Inbox or other mailbox files (Junk, Trash, etc.).
- For users with enough computer skills, getting the Inbox back from quarantine may be easy and usually succeed.
- Users who back up their mail every day and/or move everything out of the Inbox never risk losing more than today’s mail. Users who set up Thunderbird (or Mozilla Suite) to leave messages on the server for a few days will also be able to recover those messages if needed.
- The overall effect on system resources by your AV software may be negligible on your computer.
Autoprotect and system scans
NOTE: If you disable e-mail scanning, there are still other ways that your Inbox or other mailbox files can be quarantined by your antivirus software. Thus, please read and understand that...
2) In Thunderbird (and Mozilla Suite), a message that is moved or deleted from the Inbox actually remains in the "Inbox" file on your computer until you compact folders; it is merely hidden from the Inbox view in Thunderbird. For instance, if you download an infected message and Thunderbird's junk-mail filtering automatically moves it to the Junk folder, you now have two copies of that message in your mailbox files: one in the Junk file, and one in the Inbox file. Even if you delete the infected message and empty the Trash, it remains in your Inbox until you compact folders. This is important because your AV program might detect a virus in one of these mailbox files and quarantine the file, even though the corresponding mail folder in Thunderbird "looks" like it is empty of suspicious e-mails.
3) Some AV programs are configured by default to not let their autoprotect function monitor Outlook Express’s mail files (.dbx). Symantec suggests excluding the Inbox file from being scanned in order to keep it from becoming quarantined [2]. Excluding the Inbox file from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable autoprotect to prevent any virus from being activated if you try to open an infected attachment. (The reason for this is that the attachment has to “come out” of the mailbox file to be activated.) In addition to excluding the Inbox file from being scanned, you can similarly exclude other mailbox files (such as Sent, Templates, and Junk). Check with your AV program’s manufacturer for instructions or test it using this harmless antivirus test file.
