MS Outlook: Cloudy security

By Scott Berinato, Dennis Fisher and Roberta Holland12 May 2000 - IT managers and security experts, increasingly cynical and sharply critical over virus assaultsthrough Microsoft Corp.'s Outlook e-mail client, are questioning not only Microsoft's technology but also its reactionto the latest attacks.

By Scott Berinato, Dennis Fisher
and Roberta Holland

12 May 2000 - IT managers and security experts, increasingly cynical and sharply critical over virus assaults through Microsoft Corp.'s Outlook e-mail client, are questioning not only Microsoft's technology but also its reaction to the latest attacks.



"[Microsoft's] approach is to provide users with a lot of functionality, [but] the more functionality ... the more vulnerable it's going to be,"

- Randy Bachman
Acuent Inc.


The ILoveYou virus and its many derivatives, which numbered 29 by the end of this week, sent more than a warning about IT's need to update anti-virus software and educate users about attachments. Now, many administrators are focusing their discontent on Outlook's technical design and its tight integration with Office applications and Windows, which exposes code such as Visual Basic Script to hackers and users alike.

"If we didn't already have [Outlook] installed, I don't think I'd get it now," said an IT manager at a large East Coast publishing company who requested anonymity. "We had to shut down our Exchange server for an entire day, then go around to each individual PC and clean them up and bring them back online after hours."

"It really makes you think [about using] something that wouldn't be as affected [by viruses] as Outlook," said Adam Miller, network administrator for MyHelpdesk.com Inc., of Norwood, Mass. MyHelpdesk had to shut down e-mail servers during the latest virus outbreak.

For some, Microsoft's refusal to help defuse Outlook's ticking VBScript bomb is more disconcerting than the attacks.

"[Microsoft's] approach is to provide users with a lot of functionality, [but] the more functionality ... the more vulnerable it's going to be," said Randy Bachman, director of security for e-services provider Acuent Inc., in Parsippany, N.J.

Bachman questioned the need for the type of Windows integration that exists in Outlook, when fewer than 1 percent of users would need VBScript, on which the virus preyed, he said.

 

Next: Page 2 of 3 >

 

Did Microsoft learn
from Melissa?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All