By Scott Berinato, Dennis Fisher
and Roberta Holland
12 May 2000 - IT managers and security experts, increasingly cynical and sharply critical over virus assaults
through Microsoft Corp.'s Outlook e-mail client, are questioning not only Microsoft's technology but also its reaction
to the latest attacks.
"[Microsoft's] approach is to provide users with a lot of functionality, [but] the more
functionality ... the more vulnerable it's going to be,"
- Randy Bachman
The ILoveYou virus and its many derivatives, which numbered 29 by the end of this week, sent more than a warning
about IT's need to update anti-virus software and educate users about attachments. Now, many administrators are
focusing their discontent on Outlook's technical design and its tight integration with Office applications and
Windows, which exposes code such as Visual Basic Script to hackers and users alike.
"If we didn't already have [Outlook] installed, I don't think I'd get it now," said an IT manager at
a large East Coast publishing company who requested anonymity. "We had to shut down our Exchange server for
an entire day, then go around to each individual PC and clean them up and bring them back online after hours."
"It really makes you think [about using] something that wouldn't be as affected [by viruses] as Outlook,"
said Adam Miller, network administrator for MyHelpdesk.com Inc., of Norwood, Mass. MyHelpdesk had to shut down
e-mail servers during the latest virus outbreak.
For some, Microsoft's refusal to help defuse Outlook's ticking VBScript bomb is more disconcerting than the attacks.
"[Microsoft's] approach is to provide users with a lot of functionality, [but] the more functionality ...
the more vulnerable it's going to be," said Randy Bachman, director of security for e-services provider Acuent
Inc., in Parsippany, N.J.
Bachman questioned the need for the type of Windows integration that exists in Outlook, when fewer than 1 percent
of users would need VBScript, on which the virus preyed, he said.