Microsoft Releases "Love Bug" Fix
- By Scott Bekker
Microsoft Corp. released a patch that addresses the recent rash of "Love Bug" and copycat worms that made their way around the Internet. However, the fix may end up affecting users more than the bugs did.
The Outlook 98 and Outlook 2000 E-mail Security Updates are software updates that limit functionality in Microsoft (www.microsoft.com) Outlook, as well as in other applications in Microsoft Office as well as third-party ISV products.
The Outlook updates are a three-pronged attack on viruses. E-mail attachment security prevents users from accessing several file types when sent as e-mail attachments. Object model guard prompts users with a dialog box whenever an external program attempts to access their Outlook address book or send e-mail. Heightened Outlook default security settings increase the default Internet security zone setting within Outlook from "Internet" to "restricted sites."
With the update installed, Outlook will check the file type of each attachment received in a user's in box and compare it against two lists of file types, Level 1 security and Level 2 security file types. Access to Level 1 security file types - .EXE, .COM, .BAS, .VBS, .JS, URLs, .ISN, .LNK, and .PIF files - is restricted, because these are either scripted code or links to viruses. Level 2 security files are only .ZIP files, which are not restricted, but Outlook will require the user to save these files to the hard drive.
If an e-mail message is received in Outlook with a Level 1 attachment, the Inbox will display the paperclip icon in the attachment column to let the user know that the message originally contained an attachment. When the message is opened, the attachment will not be available and Outlook will notify the user that it removed access to the attachment. If a message is received with a Level 2 attachment, a warning box is displayed instructing the user to save the attached file to the hard drive before opening.
Microsoft has reported several cases of functionality failure surrounding the Outlook updates. The most significant of these involves the updates' installation procedures. There is no remove or uninstall utility for the update. In order to remove it, Office must be removed and reinstalled. Additionally, in some cases the update fails to install. Net Folders do not always work with the update, and Palm and Windows CE devices have synchronization issues involving address book and Inbox synchronization. With the updates installed, Mail Merge fails from within Word, but works from within Outlook. When sending PowerPoint presentations through e-mail, a warning is displayed, as all presentations mailed as attachments contain a .JS script file.
In addition to functionality issues within Outlook and Office, the updates cause functionality problems with some third-party software. ISVs whose software is affected by the updates include Accountmate Software Corp. (www.accountmate.com), Chapura Inc. (www.chapura.com), FileNET Corp. (www.filenet.com), Great Plains Software Inc. (www.greatplains.com), Instinctive Technology Inc. (www.instinctive.com), Micro Eye Inc. (www.microeye.com), Motiva (www.motiva.com), Novell Inc. (www.novell.com), Palm Inc. (www.palm.com), Paragon Software Ltd. (www.paragonsoftware.com), PUMATECH Inc. (www.pumatech.com), Research In Motion Ltd. (www.blackberry.net), and Slipstick Systems (www.slipstick.com). - Isaac Slepner
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.