Locking up Outlook

Computer viruses are being shut out of Microsoft Outlook

By BBC News Online internet reporter
Mark Ward

Microsoft has finally released a program to help protect people against computer viruses such as the Love Bug.

The update closes many of the holes that viruses exploit in Microsoft's popular Outlook program.

The Love Bug, which caused havoc in early May, travelled as an attachment to e-mail messages. Opening the mail activated the attachment and helped it spread.

The patch stops Outlook running 40 different file types that could be hijacked by virus writers.

Delay in May

Originally, the program was due to be released on 22 May. But was delayed after complaints about early versions of it.

Those who got hold of the pre-release versions complained that the program was too draconian. The update simply stopped Outlook opening the attachments - not all of which would be harmful.

Once the patch is installed, users will be warned when potentially unsafe e-mail messages turn up. They will be given the choice of running the attachment or deleting it.

The update also warns when attachments are attempting to hijack other applications such as the address book.

The patch will cause problems for those who use handheld computers like a Psion or a Palm and synchronise its address book with the one in Outlook

The patch can be used with the Outlook program for Windows 2000 and 98. It does not work with Outlook Express.

Those using Office 2000 may find installing the patch onerous. Microsoft recommends that before the patch is downloaded, customers ensure they have installed updates to Office 2000.

This update is up to 40 megabytes in size and will take a couple of hours to download via a modem.

Electronic pox

But it remains an open question as to how long the update to Outlook will protect users.

Virus writers are always searching for ways around security and new ways to deliver viruses.

Reports are emerging that in a virus called Downloader, writers have found a way to hide a type of program called a Trojan in a video clip posted to some sections of the web, where pornographic clips are swapped.

Just like the wooden horse of Troy, this program looks innocuous but conceals a dangerous payload.

Virginia-based Network Security Technologies discovered the program and suspects it could be used to launch a distributed attack on a website.

It claims that it has been inadvertently installed on 2,000 computers.

In February popular websites such as Yahoo, Amazon and Ebay were briefly crippled by denial of service attacks that flooded them with bogus requests for information.

Other anti-virus companies said the trojan is unlikely to do much damage and many existing security systems would stop it working.