MS Love Bug patch catches flak
Upgrades all round before you can run it
Microsoft's Love Bug patch for Outlook has already been criticised for being too drastic a solution, but now it's coming under fire from Gartner for both this and for the complexity involved in deploying it. After years of being abused for taking a cavalier attitude to security, now Microsoft is taking flak for getting the fix wrong.
Attacks like the Love Bug and Melissa used an attachment to replicate themselves by sending messages to all entries in the Outlook address book of the infected machine. The Microsoft patch, which will be generally available shortly, requires manual authorisation if any external application attempts to use the address book, and filters out a wide range of executables and shortcuts. This in itself seriously maims the intended functionality of Outlook (although you might think that's a good thing), but it seems that getting the fix to users could be troublesome.
For Office 2000 users, you'll first need to install Service Release 1, which is currently downloadable (and vast), but which isn't yet readily available on CD. If you're running Outlook 97 you have to upgrade to Outlook 98 first, which could also involve a lengthy download. So although it might sound like it's a trivial matter of running a patch, for network managers rolling it out will likely be a major upgrade headache.
So don't install the patch? With developers and large customers already raging at Microsoft about it, it seems inevitable that a few months down the line, it'll be quietly buried and replaced by something more subtle. ®