Feeds

MS Love Bug patch catches flak

Upgrades all round before you can run it

  • alert
  • submit to reddit

The essential guide to IT transformation

Microsoft's Love Bug patch for Outlook has already been criticised for being too drastic a solution, but now it's coming under fire from Gartner for both this and for the complexity involved in deploying it. After years of being abused for taking a cavalier attitude to security, now Microsoft is taking flak for getting the fix wrong.

Attacks like the Love Bug and Melissa used an attachment to replicate themselves by sending messages to all entries in the Outlook address book of the infected machine. The Microsoft patch, which will be generally available shortly, requires manual authorisation if any external application attempts to use the address book, and filters out a wide range of executables and shortcuts. This in itself seriously maims the intended functionality of Outlook (although you might think that's a good thing), but it seems that getting the fix to users could be troublesome.

For Office 2000 users, you'll first need to install Service Release 1, which is currently downloadable (and vast), but which isn't yet readily available on CD. If you're running Outlook 97 you have to upgrade to Outlook 98 first, which could also involve a lengthy download. So although it might sound like it's a trivial matter of running a patch, for network managers rolling it out will likely be a major upgrade headache.

Nor is the patch necessarily a good idea in the longer term. The default security settings block some of that nice functionality in IE, and although you can add file types to be blocked, you can't currently remove the types Microsoft has decided to block. Developers using ActiveX and JavaScript, not just Visual Basic, will be seriously inconvenienced by the patch, and PDA synchronisation (external access to address book, natch) will be messed up.

So don't install the patch? With developers and large customers already raging at Microsoft about it, it seems inevitable that a few months down the line, it'll be quietly buried and replaced by something more subtle. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
BBC: We're going to slip CODING into kids' TV
Pureed-carrot-in-ice cream C++ surprise
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
If there are any on our site it is not our fault as we are not a PUBLISHER
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.