Microsoft locks out viruses

Microsoft says it is an update, not a bug fix

By BBC News Online internet reporter Mark Ward

Microsoft is to close down some of the functions in its popular e-mail program Outlook to try to prevent computer viruses causing havoc.

The company has been criticised for allowing Outlook to accept and run almost anything attached to mail messages. This can help viruses to spread.

The ILOVEYOU virus spread so quickly and did so much damage because it exploited an Outlook feature that lets it run a type of program called a visual basic script (vbs). This enabled the virus to hijack many of a computer's functions.

Experts estimate that about only 1% of Windows users regularly run vbs programs.

Patching holes

Microsoft is to issue an update for Outlook that will limit the types of file attachments it can open. The patch will be made available on 22 May and will stop users opening files containing the suffix ".vbs", as well as other program files ".exe" and ".bat".

The patch will stop Outlook running a total of 37 types of files - all of which can be subverted by virus writers.

People need to practise safe computing

Graham Cluley, Sophos

As yet Microsoft has no plans to release a patch for Outlook Express - a cut down version of the program that is often included on cover discs given away with many computer magazines.

The 22 May update will also warn users when a program is trying to access their address books or send e-mail on their behalf. This tactic was used by the Love Bug to spread itself around the world.

The third change made by the patch switches the default internet security setting in Outlook from "trusted" to "restricted". This disables the automatic scripting and ActiveX Controls that the Love Bug used.

More Secure

Microsoft was keen to point out that it was only limiting the functions within Outlook, not closing a security hole.

"Given the global impact of the ILOVEYOU virus and the growing threat of malicious hackers, we strongly believe we must take the unprecedented step of limiting certain popular functionality in Outlook to provide a significant, additional security option for our customers," said Steven Sinofsky, senior vice president of Microsoft Office.

"It's a rare occasion of Microsoft reducing functions to help defeat viruses," said Graham Cluley, a spokesman for anti-virus company Sophos, "It is surprising but it is good news."

Open Windows

The patch will still allow many common types of e-mail attachments to pass unchallenged. Attachments given a ".doc", ".htm", ".jpg" and ".mp3" and many others will not be stopped. This may mean that some types of malicious programs such as the Melissa word macro virus continue to proliferate.

Mr Cluley said that Word macro viruses were still the most common type of malicious programs.

He added that stopping Outlook launching files with certain suffixes was not going to solve the virus problem. Far better, he said, to scan the internal format of e-mail attachments to see if they contained any virus-like elements.

Although the patches may stop some viruses spreading, Mr Cluley said, technology was never going to solve the problem once and for all.

More important, he said, was educating people to be more suspicious: "People need to practise safe computing."