That one is something I somewhat do understand. Preview is the right term, I suppose. In the days of Outlook Express all content was shown in the preview which could trigger a virus.
Current e-mail clients as well as webmails tend to block showing html content or images without asking so security has improved at that point. Attachments have always had to be executed by the reader so they've been relatively safe - although a great deal of readers aren't alert or savvy enough not to click before checking. Also the ISP's and other mailbox providers have their own filters which protect at least private users quite well. At least that's how it's here, can't tell about other countries apart from Gmail or Outlook/Live/Hotmail/whatevertheynowcallit.
Again, these are just my thoughts based on what I see. Malware cleaning has become more and more rare in my business during these 13 years in the business. Then again, the cases have become tougher.
I knew what term he mean't I was highlighting a point
That said even though you turn off preview most email clients will pre-render the email or pre-load the images (even if you have this turned off). I witnessed this first hand when I was testing Cylance (last year). An email came into my inbox, I wasn't actually doing anything on that PC and was working on another PC when Cylance started going nuts. Outlook had all the usual security settings (turned off rendering of images etc). Turned out it was a corrupt PNG and deep down outlook/windows image libraries were being exploited without even opening or previewing the email.
The first problem people just don't get is the gap in time it takes for a traditional AV program to get signatures which recognize new threats. When I was doing testing AV apps like Windows Defender and even McAfee took weeks to months before they recognized the malware samples I had.
The next problem people do not understand is the attack surface. This "oh I run noscript or turn off stuff in my browser" horse**** - bad guys don't care - your browser is the target. For example look at Chromes CVEs for 2017 :
https://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224 <- in 2017 there are 153 vulnerabilities for Chrome alone. Safari had a 172, and MS Edge had 201 - those Firefox looks pretty clean with just 1 that year.
If you then run plugins within your browser such as flash you are further exposed.
So my experiences in 2016 where a "holy crap" moment when the penny dropped that old school AV didn't cut it any more AND the bad guys had figured out some very silent ways of infecting PCs. We saw more of that with the likes of Wannacry and it's use of EternalBlue.
At the end of 2017 we're seeing a new interesting trend in cryptomining-malware that doesn't do anything like encrypt your files, it just sucks up CPU cycles mining for bitcoin.
I often see sites where people have no 3rd party security as compromised and often enabling the bad guys (ie servers are compromised). These people often wonder why they get blacklisted.
