Information Security News mailing list archives
Re: Microsoft to Blame for 'Love Bug'?
From: Barry H Gill <barry () UUNET CO ZA>
Date: Fri, 12 May 2000 19:46:14 +0200
The Dodger Wrote:
I was under the impression that Outlook 2000 automatically ran the ILOVEYOU VBScript attachment when it previewed the mail (i.e. as it does automatically in the preview pane). In other words, the user didn't have to open the attachment.
Fortunately, I can't be certain of this, because my company hasn't had any problems with ILOVEYOU, so perhaps someone else could confirm/deny this?
I run Office 2000 unfortunately and am sad to see people defending such a flagrnt disregard from the part of Microsoft when we all discuss these issues. Outlook, Outlook 98 and Outlook 2000 have a feature called the Preview Pane. Any embedded scripts, .vbs, .hta etc will BY DEFAULT be run automatically when a message is previewed. To disable this feature is extremely simple but has to be done once Internet Explorer 5 (another great web disaster) has been installed as it installs a Windows Scripting Host which is enabled by default. For what? So that users can have a look at some pretty embedded MS features when browsing smut? The worm poses a risk to users that have Windows Scripting Host (including Win '98 users, users who have installed IE 5.x in default mode, users who have installed WSH specifically, and probably users of Windows 2000) So ja, it becomes a big question of who is fooling who. Do we ALWAYS have to spend the extra dollars purchasing Firewalls with E-Mail virus and maliscious script scanners? How much faith do we put in the vendors that create the perpetual loop of resource wasting while there are so many different beneficial things we could utilise our resources on? I for one would be most grateful if I could nuke my notebook but as it is Corporate Property and has to conform to the requirements of the Company, I will continue to use what I have to and run my own private boxes as I see fit. Getting the Great Microsoft Marketing Machine to accept any responsibility for its shortsighted irresponsibility (look at the security loopholes in Windows 2000 Professional, a desktop designed not for home use but for corporate work environments) is going to be an impossibly long and drawn out task with the embattled few fighting against millions. The only way out of it all is to become a vendor of superior products that assist in closing the potentially harmful holes that MS seem loathe to admit exist. My two cents worth B <Ignorance used to be Bliss> ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft to Blame for 'Love Bug'? William Knowles (May 12)
- <Possible follow-ups>
- Re: Microsoft to Blame for 'Love Bug'? William Knowles (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Felix von Leitner (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Aj Effin ReznoR (May 12)
- Re: Microsoft to Blame for 'Love Bug'? The Dodger (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Barry H Gill (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Bronc Buster (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Erik Moeller (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Barry H Gill (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Chico (May 12)