Microsoft to add Outlook security features

Two changes designed to halt spread of computer viruses


May 16, 2000|By BLOOMBERG NEWS

REDMOND, Wash. - Microsoft Corp., the world's largest software maker, said yesterday that it will offer two new security features to prevent computer viruses from using its e-mail to infect computer networks and spread to other users.

Microsoft will offer software upgrades for its popular Outlook e-mail program that will prevent a piece of "executable code" from coming attached to e-mail. The recent love bug virus, which spread via Microsoft software and infected more than 45 million computers, wreaking $10 billion in damage, included code attached to e-mail that destroyed files when opened, or executed.

Microsoft will also offer a patch that will alert computer users when e-mail attempts to send itself to other people in that user's e-mail address book. The love bug virus spread by sending copies of itself to every person in a user's e-mail address book. The new security enhancements will be available free from Microsoft's Web site Monday, the company said.

The alert to users that an e-mail message is attempting to access their address book should slow the spread of some viruses, analysts said. The second fix that blocks executable code may not be as effective, analysts said. Many legitimate e-mail messages contain executable code, and some companies may be reluctant to install software that blocks e-mail that contain all executable code."A lot of folks won't turn it on, and a lot of companies will decide not to install it because it's too restrictive," said Rob Enderle, a research analyst at Cambridge, Mass.-based Giga Information Group Inc.

The Microsoft upgrade does not allow a computer system administrator to decide which types of executable files to let through, and once it is installed, it cannot easily be turned off."Once you install it, that's it, you're done," said Tom Bailey, product manager for the Office product group at Microsoft. "That was the toughest thing we had to grapple with, balancing flexibility and extensibility with security."

Microsoft was criticized after the love bug virus for its failure to install security measures in its popular e-mail program, even after other viruses used its e-mail program to spread around the world.

Microsoft resisted installing anti-virus patches in Outlook because the company said it would dilute the software's ease of use and compatibility with other programs."This has been happening for a while, and it shouldn't have required a major worldwide outage to get to them respond," Enderle said.

Microsoft designed its products to require little specialized knowledge for writing scripts to modify them. Lotus Development Corp.'s Notes e-mail product, by contrast, requires a specially trained administrator to alter it. That Microsoft makes its products compatible with past versions also makes it easier to write a virus that harms all versions, he said.

The love bug virus is believed to have attacked at least 45 million computer users worldwide, from Ford Motor Co. to the British Parliament. It is similar to last year's Melissa virus, which caused $300 million in damage and inspired others like it.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.