‘Click here to download images’ in Outlook may seem like a nuisance but it’s there for a good reason
Why does Outlook prompt you to download images with messages – instead of just getting them?
The ‘Click here to download images’ may seem like a nuisance but it’s there for a good reason
It may seem that getting an image to display on an email or web page is an innocent and harmless thing, but it reveals more about your computer than you might expect.
To show what is disclosed simply by getting an image, we’ve made a special ‘image’ that displays some of the details sent by Outlook when you ‘Click here to download images’ . The image will be included in this weeks Office for Mere Mortals. Here’s an example:
A full explanation of the image contents is here.
What the????
Long time Office Watch readers probably won’t be surprised by what’s revealed in the special image. Years ago, Outlook security and privacy was a major concern and a big topic in Office Watch. But it seems some of the lessons from those times have been forgotten.
Back in the mid-noughties, Outlook had little Internet security. This was before Microsoft’s famous ‘conversion’ and starting to take security issues seriously.
It was quite possible to send an email which had links back to a hacker’s web site. The email could try to infect your computer simply by displaying in the Outlook preview/reading pane. All it needed was a tiny, almost invisible, 1 pixel image link.
Naturally this caused a lot of concern. Microsoft’s response was typical. Publicly the company downplayed the risk as much as possible while privately developers worked to plug the holes in Outlook. (To be fair to Microsoft, the Outlook email risk was mostly theoretical. There were plenty of code examples of how to infect a computer via an email but few, if any, ‘in the wild’ infections).
Since then, Outlook security has improved immeasurably. There’s now a proper Junk email and phishing filter to quarantine suspect messages. The internal software (engine) that displays emails is now restricted to block many hacking methods. Outlook 2007 and Outlook 2010 use a custom ‘engine’ so that hacks for Internet Explorer should not also work in emails.
However that doesn’t stop standard information about your and your computer being sent by Outlook, which is why images are blocked by default and each user gets the choice about whether to display them.
Your choice
The last line of defence is with each user. The ‘Click here to download images’ note lets you decide which web sites get information about you and your computer. It also warns you about tiny, almost hidden, images in what looks like a text message.