Re: Microsoft to Blame for 'Love Bug'?

[Bronc Buster <bronc () ATTRITION ORG>]

 I think the main focus of the problem is that Microsoft attempts to make
things TOO convient for users. At least if someone attached an .EXE file
and you had some kind of virus scanner you might stand a chance of
catching it. With Outlook, and other MS Office products, a lot of things
go on behind the scenes a user never knows about. Look at macros in Word
docs, as well a VB scripts embedded in other files. Would it be that hard
for someone to at least make a pop up box to tell the user what is about
to happen and that there is some kind of embedded code, or that they are
running a script, and not a .TXT file (which ILOVEYOU.TXT appeared to be
since Windows hides the file extension) like they think they are?

 How long have these problems existed and how many times will it have to
happen before someone at least makes at attempt to put on the breaks?
After Mellissa and the $5 Million (?) price tag on it, and now with
ILOVEYYOU and the $8 Billion (?) price tag, what else will it take for MS
to take some kind of action? Maybe even a built in script/virus checker
included in the Office suite and Outlook - something - ANYTHING!

 Just because you shouldn't do something doesn't mean people won't do it.
Just because people shouldn't abuse attachments and scripts is no reason
not to have some kind of security measures to insure people don't.

regards,

   Bronc Buster



On Fri, 12 May 2000, Barry H Gill wrote:

> The Dodger Wrote:
>
> > I was under the impression that Outlook 2000 automatically ran the
> > ILOVEYOU VBScript attachment when it previewed the mail (i.e. as it does
> > automatically in the preview pane). In other words, the user didn't have
> > to open the attachment.
>
> > Fortunately, I can't be certain of this, because my company hasn't had any
> > problems with ILOVEYOU, so perhaps someone else could confirm/deny this?
>
> I run Office 2000 unfortunately and am sad to see people defending such a
> flagrnt disregard from the part of Microsoft when we all discuss these
> issues.
> Outlook, Outlook 98 and Outlook 2000 have a feature called the Preview Pane.
> Any embedded scripts, .vbs, .hta etc will BY DEFAULT be run automatically
> when a message is previewed.
> To disable this feature is extremely simple but has to be done once Internet
> Explorer 5 (another great web disaster) has been installed as it installs a
> Windows Scripting Host which is enabled by default. For what?
> So that users can have a look at some pretty embedded MS features when
> browsing smut? The worm poses a risk to users that have Windows Scripting
> Host (including Win '98 users, users who have installed IE 5.x in default
> mode, users who have installed WSH specifically, and probably users of
> Windows 2000)
>
> So ja, it becomes a big question of who is fooling who.
>
> Do we ALWAYS have to spend the extra dollars purchasing Firewalls with
> E-Mail virus and maliscious script scanners? How much faith do we put in the
> vendors that create the perpetual loop of resource wasting while there are
> so many different beneficial things we could utilise our resources on?
>
> I for one would be most grateful if I could nuke my notebook but as it is
> Corporate Property and has to conform to the requirements of the Company, I
> will continue to use what I have to and run my own private boxes as I see
> fit.
>
> Getting the Great Microsoft Marketing Machine to accept any responsibility
> for its shortsighted irresponsibility (look at the security loopholes in
> Windows 2000 Professional, a desktop designed not for home use but for
> corporate work environments) is going to be an impossibly long and drawn out
> task with the embattled few fighting against millions.
>
> The only way out of it all is to become a vendor of superior products that
> assist in closing the potentially harmful holes that MS seem loathe to admit
> exist.
>
> My two cents worth
>
> B
>
> <Ignorance used to be Bliss>
>
> ISN is sponsored by SecurityFocus.com
> ---
> To unsubscribe email LISTSERV () SecurityFocus com with a message body of
> "SIGNOFF ISN".

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".