Gone are the days when your Microsoft Outlook program will happily open almost any file. In response to criticism after the globally destructive ILOVEYOU virus, the company is to narrow its popular e-mail program to try to prevent computer viruses gaining entry.
Up until now, Outlook has accepted and run almost anything attached to mail messages – a policy that can help viruses to spread. Now Microsoft is to issue an update that will limit the types of file attachments it can open. The update will be available on 22 May and will stop users opening files containing the suffix ‘.vbs’, as well as other program files ‘.exe’ and ‘.bat’. The patch will stop Outlook running nearly 40 types of files which can be subverted by virus writers.
Attachments with a ‘.doc’, ‘.htm’, ‘.jpg’ and ‘.mp3’ and many others will not be stopped, so some types of malicious programs may still get through the safety net.
The ‘Love Bug’ spread vociferously through an Outlook feature that lets it run a visual basic script (vbs). This enabled the virus to hijack many of a computer’s functions.
The update will warn users when a program is trying to access their address books or send e-mail on their behalf. This was the tactic by which the Love Bug spread itself around the world.
The default internet security setting in Outlook will be shifted from ‘trusted’ to ‘restricted’, disabling the automatic scripting and ActiveX Controls that the Love Bug used.
Steven Sinofsky of Microsoft Office, said that given the global impact of the ILOVEYOU virus and the growing threat of malicious hackers, they were to limit certain Outlook functions to provide additional security for their customers.
Word macro viruses are the most common type of malicious programs, and experts believe that stopping Outlook launching files with certain suffixes will not solve the virus problem, and educating people to be suspicious of their e-mail is best.