Information Security News mailing list archives
MS Finally Addresses Email Hole
From: William Knowles <wk () C4I ORG>
Date: Mon, 15 May 2000 15:57:14 -0500
http://www.wired.com/news/technology/0,1282,36353,00.html 3:35 p.m. May. 15, 2000 PDT SEATTLE -- Microsoft said Monday it will issue a patch for its corporate email software that will help defend customers against computer viruses like the recent Love Bug that shut down many company and government networks. The patch, which is a small bit of programming code that fixes a software bug or changes the way an application works, will stop users of Microsoft's Outlook software from receiving certain types files that hold the most common viruses. "Given the fact that Love Bug was a global economic event, we need to do our part ... and take pretty decisive steps here, and we think this will eradicate this class of viruses," Tom Bailey, Microsoft's group product manager for Office, said in an interview. The Love Bug spread by making copies of itself and sending them out to listings in a victim's email address book in Outlook, Microsoft's scheduling and communications application for corporations and institutions. In the wake of the virus attack earlier this month, many analysts pointed a finger at Microsoft, saying the software giant's products were far too vulnerable to hackers and malicious software programs like the Love Bug. Microsoft's fix, which will be available here on May 22, will not let users open files containing the suffix ".exe," ".bat," and others that indicate the file is a program that performs certain functions, Bailey said. It will not affect picture, document, or Web page file types such as ".jpg," ".doc," or ".htm," because the software tools used to view those files already contained strong security measures, Bailey said. Outlook would also be updated so that if a program tried to access a user's address book, a warning would pop up on screen asking whether or not to let the program proceed. "That (pop-up message) is trying to attack the malicious replication and put users back in control," Bailey said. Bailey said the pop-up could appear for other legitimate software, such as that for personal digital assistants, that try to access the address book. Information on what programs will be affected will be posted on the Web page. "We always try to strike a balance between the openness of the product and security," Bailey said. "We've tried to be reactive to this thing, like antivirus software writers are. What we are trying to do going forward is to take a more proactive response to this," he said. *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- MS Finally Addresses Email Hole William Knowles (May 15)