Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Microsoft patches Outlook
Kevin Poulsen, SecurityFocus 2000-06-08

Redmond issues an anti-virus patch that could have hobbled LoveLetter. Experts say, better late then never.

Comments Mode:
A bit of overkill? 2000-06-09
Anonymous (2 replies)
The patch removes the ability to save EXE files? What about ZIP files, which can embed an EXE without being executable themselves? What about DOC files, which are still popular as attachments and are often legitimate files, but may be infected with a macro virus?

What I find most amusing about the patch description is that it "completely blocks" access of any kind to these files. This is probably the absolute worst way to tackle the problem. Instead, a dialog box should pop up warning of the danger and asking for confirmation. Without access of any kind to their favorite file types, there's no point for users to have attachments at all; I would guess this patch would simply be disabled on most machines, rendering it useless. A warning box would be less obtrusive and would maintain the required level of protection; a user who ignores all warnings can't be protected anyway.

Then of course one questions the efficacy of such a solution. Scanning for extensions is trivial and easily worked around, and Microsoft is in the habit of routinely introducing so many new file types capable of running code that the list would need frequent updates. If this patch scans for DOC files, does it allow legitimate access to an actual DOC file (and block a DOT file disguised as DOC, which could carry a virus), or does it prevent access completely?

The extension-checking feature will be more of a hassle for many than a virus itself. Expect it to be turned off by most users so that they don't feel hobbled by their e-mail program's stubborn refusal to merely warn them and make an informed decision themselves. Although other portions of this patch will hinder Melissa-like viruses that rely on Outlook's address book, the rest of the patch is completely worthless. The point of a patch like this is to enhance security, not to render a product useless; a key security feature that will widely be disabled because of its overzealousness is almost as bad as having no security at all.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/46/2171#2171
Re: A bit of overkill? 2000-06-09
Anonymous (1 replies)
Re: A bit of overkill? 2000-06-13
Anonymous
A bit of overkill? 2000-06-12
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus