Outlook patch misses the point


In the aftermath of the Melissa and Explorer virus outbreaks, we know that an infected e-mail attachment can nuke your data if you let it. Both epidemics brought corporate e-mail systems (and productivity) down as administrators scrambled to upgrade antivirus utilities and disinfect messages queued on servers.

Microsoft has since posted e-mail attachment security updates for Outlook 97, 98, and 2000 on its Web site (officeupdate.microsoft.com/welcome/outlook.htm). Information systems professionals will probably jump on the patches, but I recommend that regular computer users skip them. The patches don't improve Outlook's basic security, and they don't block Melissa, Explorer, or any other macro virus. Instead, they change the dialogue box that appears when you launch an attachment. Without the patch, you're invited to open the attachment or save it to disk. After you apply the patch, only the save-to-disk option appears.

The best way to protect yourself is not to open attachments at all. The next best approach is to save the file to disk and then use an updated antivirus program to scan it for viruses. Microsoft's patches ensure that you'll save a file to disk instead of opening it immediately ù but that's all. The patch does nothing to prevent you from launching the file from your hard disk. And you have to launch every attachment from your hard drive, even when the file comes from a reliable source. Microsoft says you can't uninstall the patches if you decide they're more trouble than they're worth. I advise you to forgo the patch and use your head instead.

- Scott Spanbauer


Category:bugs and fixes
Issue: October 1999

These Web pages are produced by Australian PC World © 1999 IDG Communications