Backpedaling Toward Security

During the past 2 weeks, Love Letter virus reports have saturated the news headlines. As one popular columnist pointed out, we've probably never before seen a virus get so much ink. The virus received so much coverage because of its massive spread; it infected millions of computers around the world in a short period of time.

People often like to remind others that hindsight is 20/20, and in the case of the Love Letter virus, that goes double for Microsoft. The company took a beating over the Love Letter virus from security aficionados because of the default functionality available in the Microsoft Outlook mail clients.

To make Microsoft Outlook 2000 and Outlook 98 more secure, Microsoft has just released a beta version of an Outlook enhancement that will help prevent malicious file attachments from reaching end users. Because so many viruses, worms, and Trojans are aimed at Outlook, Microsoft's enhancement attempts to filter out certain attachments and restrict programmatic access to the Outlook address book and contacts. When a potential intruder makes a programmatic attempt to access the address book, a dialog box warns users of the attempt. Learn more about this enhancement here.

The enhancement also modifies the default security zone setting within Outlook from the Internet Zone to the Restricted Sites Zone, which helps prevent certain objects embedded in email from taking action on the system. But as Russ Cooper (moderator of NTBugTraq) pointed out, that particular modification is mostly useless without changes to the default settings in the Restricted Sites Zone itself, and those changes are not part of the beta release of the Outlook enhancement. NTSecurity.net columnist David LeBlanc publicly pointed out more than a year ago that if you don't turn off all scripting in all security zones for Internet Explorer (IE) and Outlook, you'll see instances where email-based code can still execute. Don't overlook that fact, or you might become a victim. No one seems to know why Microsoft has addressed this well-known issue after so much time.

In a message to NTBugTraq readers, Cooper also pointed out that the current beta of the Outlook enhancement, which is set for release on May 22, has no provision to tighten security in Outlook Express. That fact is shocking to users who rely on the mail client. The lack seems odd given that Outlook Express installs by default with every copy of Windows 2000 and reportedly can't be removed from the OS. For that reason, some people jokingly refer to Outlook Express as a virus.

In any event, Cooper and many others feel that Microsoft should not overlook the security needs of millions of Outlook Express users. Will Microsoft wait until some Love Letter-type virus affects millions of Outlook Express users before it addresses that mail client?

Nonetheless, Outlook 2000 and Outlook 98 users might be pleased with the new functionality found with the enhancement. Be sure to read the details Microsoft provides and consider using the new enhancement to better protect your systems.

Before I sign off this week, I'd like to point out that some people are filtering email messages based on keywords to prevent any message that contains the words "love letter" from getting into a user's inbox. The idea is to block the virus before it infects more systems. Although that approach works for the original virus strain, it won't work for the plethora of variants that continue to float around the Internet. Not only is word filtering a poor way to block malicious content, the act partially defeats the purpose of email and causes people to miss inbound mail they would like to receive, such as this newsletter. If you're performing simple keyword filtering to prevent virus infection, you should seriously consider investing in an enterprise-enabled antivirus solution.

Also consider using Exchange Administrator Newsletter columnist Sue Mosher's Outlook 2000 script that automatically converts inbound HTML content to RTF for safe viewing. The script is a good way to filter content. You can find the script and other helpful Outlook goodies here. You might also want to read Russ Cooper's article about Outlook email. Russ outlines how the mail client responds to content under various scenarios, which can help clear up a lot of confusion. Until next time, have a great week.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish