Welcome to Australian PC User Magazine Offline CD-ROM
WEB.gif (287 bytes) games.gif (257 bytes) Education General & Business Applications Online Tools - All your Net Essentials Utilities Patches & Support Files PC User Interactive - Exclusive tutorials
Software Contents

Home
Search
Help!
Bug Patrol - Updates and fixes from this month's Bug Patrol Column

Rose Vines finds bugs and provides fixes and workarounds for your favourite applications.

 
Microsoft and Netscape e-mail

Beware attachments bearing long filenames!
News from the bug front is not good: e-mail attachments have become untrustworthy.

In itself, that's nothing new. We've always had to be wary about e-mail attachments as a potential source of viruses or destructive programs. But in the past, the danger has only come when you opened such an attachment or ran an attached program. The latest threat is much more sinister: it's been discovered you can activate a virus by merely moving your mouse pointer over an attachment that has a very long filename.

Of course, this doesn't mean you should shun all attachments -- this security hole requires some determined hacking to exploit, so attachments from trusted sources should be fine. It does mean you need to be more vigilant than ever.

The security flaw that allows this to happen is found in Netscape Mail 4.0 and greater (the Messenger component in Communicator) and in Microsoft's Outlook Express 4 (part of Internet Explorer 4) and Outlook 98 on Windows 95, Windows 98 and Windows NT 4 (you're safe if you're running IE on Windows 3.1 or NT 3.51). Tests are still under way to see if other e-mail programs, such as Eudora, suffer from the flaw. Microsoft has already produced fixes for both Outlook Express and Outlook 98; Netscape's fix will be available by the time you read this.

How it works
It's possible to crash an e-mail program when you download, open or launch a file attachment that has a filename longer than about 200 characters. If that happens, it's then possible for a hacker to run code in memory. The code that's run is part of the attachment's filename: basically the first 200 characters are used to cause the crash and the subsequent characters are computer code which runs after the crash.

You don't have to open the attachment to cause the crash. It's particularly easy to trigger in Messenger: simply highlight the message then click the File Menu and you can trigger the problem. In Microsoft's programs it's not much harder to trigger it: highlight the message, right-click the paperclip attachment icon and then highlight the attachment's name.

Fixes and workarounds
You can grab the Microsoft fixes from www.microsoft.com/security (look for the item on long filenames). That's probably the best way to get the fixes, as the site can interactively check your browser to see if you're at risk.

We've also placed copies of the fixes on this month's cover disc. If you're currently using Internet Explorer 4.0 you'll first need to upgrade to version 4.01 (available on our cover disc) before running the security patch.

In the meantime, before installing the fix here's how you can work around the problem.

In Microsoft e-mail programs:

  1. When you receive an e-mail or newsgroup attachment, do not click the attachment or even highlight it.
  2. Use the File Menu, Save Attachment command, select the attachment's name, and then save it to disk.
  3. Use Windows Explorer to view the attachment.

If you're using Netscape Communicator, you should download the latest patch from http://help.netscape.com

  1. If you don't yet have the patch installed, you can avoid getting crunched by a malicious program by configuring Communicator to always view attachments at links, instead of displaying them inline:
  2. If you have version 4.0 to 4.05 of Communicator, open the View Menu and choose Attachments, As Links.
  3. If you have Communicator 4.5 Preview Release 1, toggle the View Attachments option in the View Menu so it displays as View Attachments As Links.

If you happen to view a message with an attachment that has a filename with 200 or more characters (the attachment link will probably extend beyond the window width) you should take special care:

  1. Don't select the File Menu under any circumstances when the message is selected.
  2. If you wish to view the attachment, first save it to your hard drive by right-clicking the attachment link in the message and selecting Save Link As from the popup menu. Once the attachment has been saved to your hard drive, you can use another program to view it.
  3. To avoid accidentally opening the message again, delete the message by highlighting it and clicking the Delete icon on the toolbar.
  4. If you need to exit Communicator while a suspect message is selected, click on the X icon in the upper-right corner of the window. Do not use the File Menu to exit the application unless you have already deleted the suspect message or have selected another message.

dlicon.gif (151 bytes) Install Outlook 98 patch
\patches\bugpatrl\outlook\outpatch.exe

dlicon.gif (151 bytes) Install Outlook Express 4.0 patch
\patches\bugpatrl\outexprs\oepat401.exe

 
Windows 98

Clobbered DLLs
A dynamic link library, or DLL, is a set of common code used by multipled programs. Windows 98 adopts the nasty practice of replacing all DLLs it finds on your system with its own versions. It does this even when the existing version of a DLL is more recent than the one on the Windows 98 CD.

The result is nice for Microsoft: millions of Windows 98 systems that have a 'known base configuration'. It's not so nice for many users who find that some of their programs won't run. The applications go looking for the latest version of a DLL and instead find an old, unusable version.

Fortunately, Windows makes backup files of the DLLs it replaces, and it also provides a tool that can help you out of the fix. The tool is called the Version Conflict Manager (VCM) and you'll find it by:

  1. Opening the Start Menu and choosing Programs, Accessories, System Tools.
  2. Selecting System Information from the System Tools menu to open the System Information utility (worth looking at in itself).
  3. From the Tools Menu, choosing Version Conflict Manager.

If you installed Windows 98 over an existing Windows installation, VCM will display the names of any files Windows installed that were older than the existing versions. You can revert to the original DLL by selecting the DLL in the list and clicking the Restore Selected Files button. To select multiple DLLs, hold down the Ctrl key while you click each in the list.

Of course, there's nothing there to tell you which program uses which DLLs, so how do you know which ones to restore?

To do that you'll need a DLL utility. Unfortunately, this is something not provided by Windows 98, and the only program we've come across that will do the job is a utility called DLLMan. There are some other programs that will show which DLLs are currently running and the programs that use them, but that's no help when your program won't run in the first place. DLLMan solves this by displaying the DLLs referenced by any application you select.

DLLMan is part of the Barry Press Utilities which are included on this month's cover disc. Please note that the BP Utilities are shareware -- you should register your copy if you continue to use it.

dlicon.gif (151 bytes) Install Barry Press Utilities
\patches\bugpatrl\bput95s\setup.exe

 

 clean.gif (2636 bytes)

vcm.gif (2535 bytes)
What's the simplest way to prevent Win 98 from trashing your DLLs? Do a clean install on a newly formatted hard drive.

toppage.gif (1757 bytes)copyrite.gif (1355 bytes)