• Subject: RE: Virus protection - Outlook Email Security Update
  • From: "Bruce Collins" <bacollins@xxxxxxxxxxxxxxxxx>
  • Date: Fri, 16 Jun 2000 13:44:04 -0500
  • Importance: Normal

If you put on that patch you will not be able to uninstall it. below is an
excerp from Woodyss Office Watch about the Patch.

 OUTLOOK EMAIL SECURITY UPDATE
  It has been a long time since we were so astounded and
  disappointed with a release from Microsoft.  The 'Outlook
  Email Security Update' for Outlook 98 and 2000 would appear
  to be a good thing, giving you protection against email
  borne viruses.   However, the price you pay for this
  protection is heavy indeed.

  As the messages from WOW readers (
  OutlookPatch@woodyswatch.com ) indicates, the update can
  stop parts of your system working in the way they should,
  especially synchronization with non-CE handheld devices
  like Palm or Handspring.  Above all, this Update means that
  you won't be able to access many incoming email attachments
  at all - instead of just stopping easy access to
  potentially dangerous attachments you can't access some
  file attachments at all.

  Buried amongst all the hype on the Microsoft web site is
  some information on these problems, but there are no
  prominent warnings on the downside of an update that
  Microsoft 'strongly recommends'.   We've already seen many
  complaints from Office users who checked Office AutoUpdate
  having received notice of a 'critical update' - they
  installed the Security Update seeing no warning of the
  consequences.

  Microsoft does say: "make sure, before you install the
  update, that you understand the functionality that may be
  affected." and they are absolutely right.  Sadly this
  warning is buried deep on their web site where most users
  will understandably overlook it.  Even if you do decide to
  try 'understanding the functionality' you'll find
  yourself in a morass of incomplete and unfinished web
  pages.

  If you do find something wrong with the update and you
  decide that it's too much trouble you'll discover there's
  no in-built 'exit strategy'.  No uninstall, no options to
  disable - an 'all or nothing' one-way street from Microsoft
  to confusion and difficulty.

  Here at WOW we've long been advocates of better anti-virus
  measures but that doesn't mean that anything under the
  guise of improved security is necessarily good.  The
  Microsoft Outlook Email Security Update is a classic
  example of an overly restrictive and ill-conceived attempt
  at security.

  In this issue of WOW we'll tell you the effects of this
  update both good and bad, how to install it.  Most
  importantly we'll tell you how to uninstall the update -
  Microsoft says it can't be done and they're wrong.



 'VIRUS' PROTECTION IN THE SECURITY UPDATE
  Despite the claims, the Microsoft Email Security Update is
  not really virus protection in the way most people think of
  it.   It is NOT checking incoming messages for viruses, nor
  is it linking with your anti-virus software in any way.

  There are three main parts of the Update, two are prudent
  while the third is causing all sorts of trouble for
  non-Microsoft programs.  You can't pick or choose between
  the three parts of the Email Security Update - it is all or
  nothing.

  ATTACHMENT SECURITY
  Both the 'Melissa' and 'Love' strain of viruses spread so
  rapidly because people would open incoming file attachments
  without checking them, and this gave the virus code the
  opportunity to run on the computer to do damage and spread
  itself to others.

  The Update simply works on the broad assumption that all
  email attachments with certain file extensions are bad and
  therefore it blocks all access to them.  There's no way to
  check a file sent to you for viruses, and you can't even
  send it to your network administrator for checking.

  That mean that if someone emails you a piece of shareware
  or even an Access database you won't be able to even view
  it if you have this Security Update installed.

  The update will show messages indicating that an incoming
  or outgoing file attachment is 'potentially unsafe' or 'may
  contain a virus' which can mislead people into thinking
  that something untoward has been detected.  In fact all
  that has happened is that the file has one of the
  extensions (such as .exe, .bat, .vbs etc) that could
  contain a virus.

  Microsoft has categorized files into three levels for their
  purposes:

  Level 1:
  are files that could contain a virus, this includes all
  EXE, COM and VBScript files plus other more obscure
  possibilities.    We've set out the list of Level 1 file
  extensions in an appendix below.

  Incoming files in this category cannot be opened from
  inside Outlook if they are sent to you.  You can't save
  them to disk or forward them.  The attachment is kept with
  the message but there's no direct way to access it. That's
  correct - if you install the Outlook Security Update you
  will no longer be able to either Open or Save to disk any
  file attachment sent to you if it has a filename extension
  of .exe, .bat, .inf, .mdb, .url, and many more.  You simply
  won't be able to access them.

  Outgoing files designated as Level 1 can be sent as an
  email attachment however you'll see a warning that they are
  'potentially unsafe'.  This does NOT mean they have been
  scanned for any virus activity, it simply means that the
  file is one of the Level 1 types.

  Level 2:
  files with extensions in Level 2 can be saved to disk from
  Outlook before they are saved (this is the same as the
  effect of the last Outlook Email Security Update).   No
  files are listed in this category, only network
  administrators can add files to this list if they wish.

  The third category is every other file extension.  Any
  incoming file that doesn't have an extension covered by
  Level 1 or 2 can be accessed from an email message as at
  present.

  Office Documents
  You'll note that Office documents are not included in the
  Level 1 list even though they can and do contain macro
  viruses ('Melissa' to name just one example).  Microsoft
  contends that this is because you can enable their
  so-called Macro Virus Protection in those products.
  However the update doesn't check your settings in Word,
  Excel etc nor recommend any changes as part of the
  installation of this update.

  Access Files
  Access doesn't have any macro security settings (don't ask
  why, you won't get a sensible answer) and so Access MDB
  files are included in the Level 1 file list.   Anyone who
  used to swap Access databases by email will have to find
  another way by using one of the workarounds suggested in
  'Workarounds For The Security Update' below.

  INCREASED OUTLOOK SECURITY
  An increasing groundswell of concern over access to active
  scripting has been addressed in this update.  It is
  possible for an incoming HTML message to contain malicious
  embedded code that could run simply when you open the
  message.  This has been a concern for sometime because the
  security settings supplied with Outlook permit this.

  The Outlook Email Security Update raises the security level
  to stop most scripting and ActiveX controls running without
  your permission.

  This change you can do manually without the intrusion of
  the Outlook Email Security Update.   Barry Simon gave the
  details in WOW
  http://www.woodyswatch.com/office/archtemplate.asp?v5-n25
  of how to do this.

Hope this helps

Bruce Collins
MIS Manager
Twitchell Corporation
4031 Ross Clark Circle NW
Dothan, AL 36304
(334) 792-0002
(334) 673-4121
bacollins@twitchellcorp.com
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.