The stupid thing about the whole craze against Microsoft and worms is that all of these worms use the exact same vulnerability--they just come with different payloads and subject lines.
Companies should filter all attachments that end in .VBS, .EXE, .COM, and .BAT and then see how many Outlook worms are left. For home users, install the Outlook E-mail Security Update that does the following three things:
1. Certain file types can no longer be received (.EXE, .VBS, .BAT). You want to receive them, tell your friends to zip them up. Certain files can no longer be executed directly from Outlook (users can decide what file extensions MUST be saved to disk before they can be run).
2. Whenever an external program tries to access the Outlook Address Book or send e-mail on their behalf, the user will get a prompt to either disallow the operation, or allow it for a certain amount of time (for the next one minute for instance).
3. Increased default security settings. The default security zone is raised from "Internet" to "Restricted Sites". This means that in a default settings environment, active scripting is completely disabled.
Check out Microsoft Office Update for more information and for access to the patch.
Anyone who thinks that there is a new worm for Outlook every day is wrong, it would be more accurate to say there is a new VARIANT every day. What is the difference between a new worm and a new variant? Like I said, squash one variant and you squash pretty well all of them. Then you can safely use what IMHO is the best e-mail client out there--Outlook! If you can't handle it, use something else and we can both have a nice day with our client/OS of choice.
Oren Kaufman is in the Information Technology field in Alberta, Canada.
Disclaimer: 'Your Turn' is a commentary column written by a ZDNet News reader. The opinions expressed herein are those of the author, not those of ZDNet, ZDNet News nor its editors.