Feeds

MS Love Bug patch catches flak

Upgrades all round before you can run it

  • alert
  • submit to reddit

Reducing security risks from open source software

Microsoft's Love Bug patch for Outlook has already been criticised for being too drastic a solution, but now it's coming under fire from Gartner for both this and for the complexity involved in deploying it. After years of being abused for taking a cavalier attitude to security, now Microsoft is taking flak for getting the fix wrong.

Attacks like the Love Bug and Melissa used an attachment to replicate themselves by sending messages to all entries in the Outlook address book of the infected machine. The Microsoft patch, which will be generally available shortly, requires manual authorisation if any external application attempts to use the address book, and filters out a wide range of executables and shortcuts. This in itself seriously maims the intended functionality of Outlook (although you might think that's a good thing), but it seems that getting the fix to users could be troublesome.

For Office 2000 users, you'll first need to install Service Release 1, which is currently downloadable (and vast), but which isn't yet readily available on CD. If you're running Outlook 97 you have to upgrade to Outlook 98 first, which could also involve a lengthy download. So although it might sound like it's a trivial matter of running a patch, for network managers rolling it out will likely be a major upgrade headache.

Nor is the patch necessarily a good idea in the longer term. The default security settings block some of that nice functionality in IE, and although you can add file types to be blocked, you can't currently remove the types Microsoft has decided to block. Developers using ActiveX and JavaScript, not just Visual Basic, will be seriously inconvenienced by the patch, and PDA synchronisation (external access to address book, natch) will be messed up.

So don't install the patch? With developers and large customers already raging at Microsoft about it, it seems inevitable that a few months down the line, it'll be quietly buried and replaced by something more subtle. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Bose says today IS F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.