Double-whammy for Microsoft

Medical professionals always warn: wash your hands and you will lessen the chance of contracting a virus. It’s preventative medicine. It’s sound advice. And it works.

Speaking of virus prevention, might not the same advice apply to your computer’s Microsoft Outlook application? The train of thought goes like this: remove the Visual Basic script (VBS) option or at least disable it, and worm-mail such as ILOVEYOU and its predecessor Melissa might not infect your computer.

The ILOVEYOU e-mail virus – believed to be a prank two 23-year-old college students in the Philippines inadvertently launched on the globe on May 4th – targeted users of Microsoft Outlook and Outlook Express and came in the form of an e-mail with the subject line “ILOVEYOU” and an attachment named “LOVE-LETTER-FOR-YOU.TXT.vbs”. Running the file executes a worm which infiltrates the user’s address book and overwrites HTML and multimedia files with its own code. It then tries to find passwords on the infected computer and contact a central Web site. The alleged purpose of which was to accrue free, unlimited access to the Internet through electronic theft.

Microsoft has come under intense scrutiny in the Love bug’s wake. The expansive functionality of Outlook comes at the expense of stronger security features. Before the cries of millions of frustrated Outlook users could reach a deafening crescendo, however, Microsoft announced a free update for the application that will reduce its vulnerability to rogue computer viruses. Available on-line in late May, the update will modify Outlook to prevent hackers from gaining access to several file types including executables, batch and other files containing code.

Security Update

Anne McKeon, Microsoft Canada’s product manager in Mississauga, Ont., said the corporation moved as quickly as it could to deliver a remedy.

“The ILOVEYOU virus spurred the delivery, yes there’s no question,” she said. “It was so widely spread that Microsoft felt it had to take an industry-leader position and block out these types of viruses.”

Although the update ( is not 100 per cent foolproof, it is a step in the right direction. One welcome feature is a dialogue box which notifies the user when an external program tries to access the application’s address book or send messages on that user’s behalf.

“[Security measures are] always a challenge when you’re cross promoting software on a platform,” said Jordan Worth, an analyst with IDC Canada in Toronto. “Especially when you want to make that software simple and easy to use, it’s a challenge to keep a tight lid on the security issues…security is a problem across the board.”

It’s easy to pick on Microsoft days, but the ILOVEYOU virus could have been written on any platform or in a non-scripting language. But others would argue it all dates back to Microsoft’s corporate mindset in terms of how it designs its products. Part of the software giant’s success can be attributed to its ability to tie its applications together.

“This virus was broad-based in reach, if you touch one person in a business you’ve touched everyone,” Worth said. “It’s like medicine, you’re not going to know how to fight a plague until it happens.”

To coin an old clich