| To combat future versions of the recent "Love Bug" assault, which wreaked
havoc in Windows and Office platforms and paralyzed e-mail systems
worldwide last week, Microsoft is expected to announce modifications to its software.
The company announced Monday that it's making some fundamental changes
in Outlook -- its e-mail, contact management and calendar program. The
repair patch for Outlook 98 and Outlook 2000, which will require a download
of about 1 megabyte, will be made available on the MSN Web site next week.
The changes take two basic forms. First, Outlook will refuse even to
look at certain types of message attachments, such as the so-called VB
Script attachment that carried the Love Bug payload, and users cannot
override this. Essentially, all program attachments will be blocked.
Industry experts say they are relieved to see Microsoft making these
efforts.
"It is the first time in two years I have heard Microsoft say,
'Hey, we really have to do something here,'" said Richard M. Smith, an
independent security consultant. "Overall the virus has hit two vulnerable
areas: VB Script makes it easy to write things and all email worms are using
Outlook address books. More needs to be done, but this is extremely
encouraging."
globeandmail.com: Security is not just a single piece of technology::
one of Canadas leading experts in Internet security, Mr. Murphy sat down last I certainly applaud Microsofts security initiatives over the past few years.
http://www.theglobeandmail.com/servlet/story/RTGAM.2007022NStory/PersonalTech/home/HOME |
Credentica releases product for user-centric identity The Identity Corner::
Three experts on identity and privacy (Dr. Ann Cavoukian, Mike Neuenschwander, I applaud Credentica for their commitment to privacy and security and hope that
http://idcorner.org/2007/02/13/credentica-releases-product-for-user-centric-identity/HOME |
Smith has published a page of tips on improving Outlook security that's available here.
Microsoft has a lot to do by trying to come back and represent to
its clients that it is trying improve things, said James P. Hurley, managing director of information security for consulting firm Aberdeen Group." They have been
avoiding this for two years," he said. "I am glad to see they are doing the
right thing."
Other changes affect how programs get access to the Outlook address book.
The Love Bug sent a copy of itself to everyone listed in the address book,
something which Outlook's design made very easy. A program other than
Outlook itself will need permission from the user every time it needs access
to the address book. This feature, too, cannot be turned off.
dadams.co.uk Microsoft::
a wonderful thing and I applaud Microsoft for putting this into their strategy. expert on the subject - why should I be, I dont work for Microsoft, do
http://www.dadams.co.uk/category/microsoft/HOME |
With the revisions, Palm or Windows CE handheld will have to ask
permission each time it syncs with Outlook. It will not be possible to sync
remotely over a network. Mail merges from Word or other Office programs will
also be affected, as will a number of business applications, such as Siebel's
customer-relationship-management applications and SAP's enterprise
resource-planning software. Antivirus programs are also likely to trigger an
alert during scans. Microsoft is working with the third-party software
companies to minimize these impacts.
Enterprise Security Today | Senators Praise Sarbanes-Oxley Extension ::
I applaud the SEC for taking action to shield small businesses from the overly Internet attacks continue in Georgia, security experts say the U.S. is not
http://www.enterprise-security-today.com/news/Senators-Pratml?story_id=110000B0WNBIHOME |
While Outlook Express is somewhat harder to attack than Outlook 98 or
2000, vulnerability exists there also, Sinofsky said. He reported that the
company is working on changes to make Outlook Express more secure.
 NetMechanic Says Netscape 6.0 Not Fully DHTML Compatible
 Yahoo! Introduces Web Services |
HOME