Users of Microsoft's free Internet-based e-mail service, Hotmail, have been spreading viruses for the past six months. Microsoft, which has been concentrating on Hotmail security holes, has not fixed the virus problem.
A security hole that let anyone read Hotmail users' mail, without knowing their passwords, was revealed late August. Microsoft quickly solved that problem. On October 4 Microsoft proudly proclaimed that all Hotmail flaws had been found and corrected and that "Microsoft also has implemented several quality-control procedures to help prevent future incidents of this kind."
This self-confident attitude has made some people fly into a rage. The British Internet service provider Star Internet told Computerworld Denmark that 122 different viruses have come into the house from Hotmail accounts during the last month and a half.
According to Alex Shipp, virus technologist at Star Internet, Hotmail is now the number one source of viruses sent to Star Internet. He added that Star Internet told Microsoft's Tech Support directly about the many viruses back in May, but Hotmail's 300,000 users in Denmark and 50 million users all over the world are still receiving and sending e-mail containing viruses such as Melissa.
"Microsoft has told us several times that they can stop viruses like Melissa. Each time we have proven them wrong. Later they confirmed our statement," Shipp said.
One possible explanation is that Microsoft's Hotmail is not running under Windows NT. Microsoft bought the product from another company, and it is running on the free Unix variant FreeBSD. There is a McAfee antivirus installed on Hotmail but the product is so old that it cannot locate a macro virus.
There is a newer, Unix-based version of the McAfee program that can handle macros, but it runs only on Sun Microsystems' Solaris. This solution would not be appealing to Microsoft, as Sun is Microsoft's chief rival. Microsoft could have bought another antivirus product from the company Sophos, but has chosen not to, according to Shipp.
Microsoft officials were not immediately available for comment.