Is it possible to configure an internet connected Windows XP, SP3, computer
such that no email in or out is possible? I have a second computer for secure
banking and I don’t want to be susceptible to email hacking. I’ve removed all
accounts from email account but imagine it’s possible for viruses to install
their own clients, and anyway Outlook Express seems to be inextricably woven
into the fabric of XP, so I suppose a hacker could activate it. Occasionally, I
get an Avast message that is saying that it’s detected a secure email
connection even though I have no clients other than Outlook Express and there
is no obvious modem or disk activity.
In this excerpt from
Answercast #78, I look at ways to keep one computer
super-secure and use it only for online banking.
Blocking all email
The short answer to your question, if I take it absolutely, is “no”; there’s really no way to prevent email from being sent.
All of the different ways we can talk about blocking it or preventing it – are all things that a machine could technically get around if the malware installed on it were sufficiently sophisticated.
Block email ports
We can talk about doing things like blocking the ports for email; outgoing email. But the problem is that in order for your machine to be functional, and useable for what you want it to do, it needs to be connected to the internet. There are certainly hoops that malware and other software could jump through that could actually use the same techniques that a web browser might use to send email.
In other words, you’d have to block your web browser completely, which would prevent your ability to even do the online banking you’re trying to do.
Uninstalling Outlook Express
What I suggest you do is a little bit more than you’ve done. Certainly removing all of the accounts in Outlook Express is a good thing; and making you sure you have no other email clients installed is a good thing.
What I would do actually is go ahead and remove Outlook Express.
It’s not in an obvious place. If you go to Add/Remove Programs, on the left hand side there is another option that says “Add/Remove” or “Change Windows Features.” As it turns out, if you drill down into (I think) the Internet portion of the features that are available, you can actually uncheck Outlook Express.
I believe at that point it will be removed. That certainly will take you another step; that will help some more.
Block outgoing ports
If your firewall has the ability to block outgoing connections to port 25, 26 and 465 then those are ports that are worth blocking; those are commonly used to send email. 25 is probably the worst and if you can block only that, that’s the one I’d have you block.
The problem is of course that, like I said, malware could use the ports that you need to actually do your online banking. It would render the whole operation moot if you can’t do your online banking.
So the other suggestion I make is – to play it safe:
Make sure you’ve got anti-malware software turned on;
That you’ve got real-time scanning turned on.
If things arrive while you’re banking, then by all means, hopefully, the anti-malware software will catch it.
There’s another school of thought here that I think might actually make some more sense.
If you’re doing only online banking on this machine, you might consider whether it needs to run Windows at all. It’s very possible that you could do everything you need to do using, for example, Linux.
You could get one of the popular Linux distributions (Ubuntu is the one that I usually recommend but there are others) and install it instead of Windows.
The reason I say that is not so much that it will reduce the number of malware attacks. What it does is reduces the number of malware attacks that can succeed.
Malware is typically targeted at Windows simply because Windows is, by far, the largest target and has the most number of people ripe for malware to succeed with. Linux does not.
That’s not to say there isn’t Linux malware – there is. But it’s not nearly as common and not nearly as advanced, if you will, as some of the attacks that we’re seeing against Windows.
You can install Linux; run a browser, and do all of your online banking. You could even use a utility like LastPass to share your passwords securely between your Windows machine, your Ubuntu machine, and whatever other machines you might have.
So if you really want to go down this route of security – the common, most secure solution that people tend to choose (if as you described all you really want to do on this machine is your online banking) is to consider installing a version of Linux and using that.
(Transcript lightly edited for readability.)
Next from Answercast 78- Is sending an encrypted attachment a reasonable approach to email security?
4 comments on “Can I prevent a machine from ever sending mail?”
Completely agree that if you only use a particular machine for banking, you should use Linux. If you decide on Ubuntu, I believe it’s the easiest for a novice to install. It can be installed beside, within, or instead of windows, depending on you choices.
Personally, I use Puppy Linux, because it’s the simplest for me. Put it on a disk. Boot from the disk, and do whatever. It doesn’t matter what other OS is on the machine, as it isn’t running anyway.
Booting Ubuntu or another OS from a disk every time you want to do sensitive transactions certainly prevents any malware from modifying your system.
Seems a bit overkill (Leo – your thoughts?), but may be worth the trouble if you want to add another strong layer of protection to online transactions.
Go to your email program and edit the Outgoing server (SMTP) setting to an invalid server or just delete the entry completely. No outgoing server, no email ever. This will not prevent using a web mail service, Gmail etc.
PuppyLinux on CD and/or USB stick would seem more convenient than installing Ubuntu if the only purpose is safe banking, from time to time. Puppy deploys in RAM only, and is a joy to run.