Feeds

MS Love Bug patch catches flak

Upgrades all round before you can run it

  • alert
  • submit to reddit

Security for virtualized datacentres

Microsoft's Love Bug patch for Outlook has already been criticised for being too drastic a solution, but now it's coming under fire from Gartner for both this and for the complexity involved in deploying it. After years of being abused for taking a cavalier attitude to security, now Microsoft is taking flak for getting the fix wrong.

Attacks like the Love Bug and Melissa used an attachment to replicate themselves by sending messages to all entries in the Outlook address book of the infected machine. The Microsoft patch, which will be generally available shortly, requires manual authorisation if any external application attempts to use the address book, and filters out a wide range of executables and shortcuts. This in itself seriously maims the intended functionality of Outlook (although you might think that's a good thing), but it seems that getting the fix to users could be troublesome.

For Office 2000 users, you'll first need to install Service Release 1, which is currently downloadable (and vast), but which isn't yet readily available on CD. If you're running Outlook 97 you have to upgrade to Outlook 98 first, which could also involve a lengthy download. So although it might sound like it's a trivial matter of running a patch, for network managers rolling it out will likely be a major upgrade headache.

Nor is the patch necessarily a good idea in the longer term. The default security settings block some of that nice functionality in IE, and although you can add file types to be blocked, you can't currently remove the types Microsoft has decided to block. Developers using ActiveX and JavaScript, not just Visual Basic, will be seriously inconvenienced by the patch, and PDA synchronisation (external access to address book, natch) will be messed up.

So don't install the patch? With developers and large customers already raging at Microsoft about it, it seems inevitable that a few months down the line, it'll be quietly buried and replaced by something more subtle. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
Hungary's internet tax cannot be allowed to set a precedent, says EC
More protests planned against giga-tariff for Tuesday evening
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.