Microsoft admits Outlook to blame in worm fiasco

In a rare mea culpa, Microsoft admitted that vulnerabilities in its Outlook e-mail program helped propagate the damaging ‘IloveYou' worm, prompting the software giant to release a free security upgrade to protect users from opening and spreading computer viruses.

Yet some observers say that although Microsoft's intention is good, the patch leaves much to be desired.

"This implementation was rushed to market and shows the signs of quickly getting something out to answer criticism and really missing badly," said John Pescatore, network security research director at Gartner.

Specifically, some analysts and IT managers say the fix is too file-attachment restrictive and impedes such functions as Palm synchronisation.

Another major gripe of IT managers is the ‘all or nothing' aspect of its installation, meaning the upgrade cannot be uninstalled without wiping clean the entire Microsoft Office suite and starting from scratch.

"If we were to push something like that to our clients, it would be a nightmare because we'd have to go fix [reinstall] the entire system. It's unwieldy and unreasonable to expect people to do that," said Alex Polomski, a network systems manager in the US.

"If that's [Microsoft's] only solution, it should come up with something better," Polomski added. The fix Microsoft is now offering restricts users from running any type of executable code attachments in e-mail; Zip files must be saved to disk to be viewed. The company also will release a patch that will issue an alert if an e-mail attachment attempts to access Outlook or tries to send itself to parties listed in the user's e-mail address book.

The update for Outlook 98 and 2000 is on the Microsoft Web site.

Join the newsletter!

Error: Please check your email address.

More about GartnerMicrosoft

Show Comments

Market Place