I'm not finding too much info on the reading pane, weather or not it's best to leave it available or disable. I'm using outlook 2007 with exchange 2007 sp1. I currently leave it up to the end users and I personally have it turned off. My IT assistant does use it but he wasn't in the IT field back in the late 90's or early 00's when it was considered a best practice.
Here is what happened. There was a nicely crafted email with an attachment called invoice.html. That was the first email in the this users inbox and the reading pane is on. That user simply clicked once on the attachment and was immediately infected with fake AV. I have since blocked htm and html attachments on our email scanning server. I have also contacted our security vendor to see why this wasn't blocked.
I know in the past it was common to disable the reading pane or preview pane but haven't heard much about it lately. I also know that the reading pane wasn't directly responsible for the infection. I just think that the user would have thought twice about clicking on the attachment if they had to open the email. Maybe I am giving the user too much credit at that point though.
Maybe it's time to implement a proxy server. Damn you hackers!!!
Also slightly off topic of outlook, when a computer is infected I first unplug it from the network and scan using various tools to find as much of the infection and source as possible. Then I format the hd and reimage the system. What do you all do when you find an infected compuer?