Hotmail a hothouse for viruses: ISP

While any user can spread a virus, users of Microsoft Corp.’s free Internet-based e-mail service, Hotmail, seem to have been spreading more than their fair share, at least according to one British ISP.

The British Internet service provider Star Internet Ltd. told Computerworld Denmark that 122 different viruses have come into the house from Hotmail accounts during the last month and a half.

According to Alex Shipp, virus technologist at Star Internet Ltd., Hotmail is now the number one source of viruses sent to Star Internet. He added that Star Internet told Microsoft’s Tech Support directly about the many viruses back in May, but Hotmail’s 300,000 users in Denmark and 50 million users all over the world are still receiving and sending e-mail containing viruses such as Melissa.

“Microsoft has told us several times that they can stop viruses like Melissa. Each time we have proven them wrong. Later they confirmed our statement,” Shipp said.

One possible explanation is that Microsoft’s Hotmail is not running under Windows NT. Microsoft bought the product from another company, and it is running on the free Unix variant FreeBSD. There is a McAfee anti-virus installed on Hotmail but the product is so old that it cannot locate a macro virus.

There is a newer, Unix-based version of the McAfee program that can handle macros, but it runs only on Sun Microsystems Inc.’s Solaris. This solution would not be appealing to Microsoft, as Sun is Microsoft’s chief rival. Microsoft could have bought another anti-virus product from the company Sophos Inc., but has chosen not to, according to Shipp.

While Microsoft officials were not available to comment on the charges made by Star Internet, the company has been busy fixing flaws within the Hotmail system itself.

A security hole that let anyone read Hotmail users’ mail, without knowing their passwords, was revealed late August. Microsoft quickly solved that problem. On Oct. 4 Microsoft proudly proclaimed that all Hotmail flaws had been found and corrected and that “Microsoft also has implemented several quality-control procedures to help prevent future incidents of this kind.”