|
midrange.com
If you put on that patch you will not be able to uninstall it. below is an
excerp from Woodyss Office Watch about the Patch.
OUTLOOK EMAIL SECURITY UPDATE
It has been a long time since we were so astounded and
disappointed with a release from Microsoft. The 'Outlook
Email Security Update' for Outlook 98 and 2000 would appear
to be a good thing, giving you protection against email
borne viruses. However, the price you pay for this
protection is heavy indeed.
As the messages from WOW readers (
OutlookPatch@woodyswatch.com ) indicates, the update can
stop parts of your system working in the way they should,
especially synchronization with non-CE handheld devices
like Palm or Handspring. Above all, this Update means that
you won't be able to access many incoming email attachments
at all - instead of just stopping easy access to
potentially dangerous attachments you can't access some
file attachments at all.
Buried amongst all the hype on the Microsoft web site is
some information on these problems, but there are no
prominent warnings on the downside of an update that
Microsoft 'strongly recommends'. We've already seen many
complaints from Office users who checked Office AutoUpdate
having received notice of a 'critical update' - they
installed the Security Update seeing no warning of the
consequences.
Microsoft does say: "make sure, before you install the
update, that you understand the functionality that may be
affected." and they are absolutely right. Sadly this
warning is buried deep on their web site where most users
will understandably overlook it. Even if you do decide to
try 'understanding the functionality' you'll find
yourself in a morass of incomplete and unfinished web
pages.
If you do find something wrong with the update and you
decide that it's too much trouble you'll discover there's
no in-built 'exit strategy'. No uninstall, no options to
disable - an 'all or nothing' one-way street from Microsoft
to confusion and difficulty.
Here at WOW we've long been advocates of better anti-virus
measures but that doesn't mean that anything under the
guise of improved security is necessarily good. The
Microsoft Outlook Email Security Update is a classic
example of an overly restrictive and ill-conceived attempt
at security.
In this issue of WOW we'll tell you the effects of this
update both good and bad, how to install it. Most
importantly we'll tell you how to uninstall the update -
Microsoft says it can't be done and they're wrong.
'VIRUS' PROTECTION IN THE SECURITY UPDATE
Despite the claims, the Microsoft Email Security Update is
not really virus protection in the way most people think of
it. It is NOT checking incoming messages for viruses, nor
is it linking with your anti-virus software in any way.
There are three main parts of the Update, two are prudent
while the third is causing all sorts of trouble for
non-Microsoft programs. You can't pick or choose between
the three parts of the Email Security Update - it is all or
nothing.
ATTACHMENT SECURITY
Both the 'Melissa' and 'Love' strain of viruses spread so
rapidly because people would open incoming file attachments
without checking them, and this gave the virus code the
opportunity to run on the computer to do damage and spread
itself to others.
The Update simply works on the broad assumption that all
email attachments with certain file extensions are bad and
therefore it blocks all access to them. There's no way to
check a file sent to you for viruses, and you can't even
send it to your network administrator for checking.
That mean that if someone emails you a piece of shareware
or even an Access database you won't be able to even view
it if you have this Security Update installed.
The update will show messages indicating that an incoming
or outgoing file attachment is 'potentially unsafe' or 'may
contain a virus' which can mislead people into thinking
that something untoward has been detected. In fact all
that has happened is that the file has one of the
extensions (such as .exe, .bat, .vbs etc) that could
contain a virus.
Microsoft has categorized files into three levels for their
purposes:
Level 1:
are files that could contain a virus, this includes all
EXE, COM and VBScript files plus other more obscure
possibilities. We've set out the list of Level 1 file
extensions in an appendix below.
Incoming files in this category cannot be opened from
inside Outlook if they are sent to you. You can't save
them to disk or forward them. The attachment is kept with
the message but there's no direct way to access it. That's
correct - if you install the Outlook Security Update you
will no longer be able to either Open or Save to disk any
file attachment sent to you if it has a filename extension
of .exe, .bat, .inf, .mdb, .url, and many more. You simply
won't be able to access them.
Outgoing files designated as Level 1 can be sent as an
email attachment however you'll see a warning that they are
'potentially unsafe'. This does NOT mean they have been
scanned for any virus activity, it simply means that the
file is one of the Level 1 types.
Level 2:
files with extensions in Level 2 can be saved to disk from
Outlook before they are saved (this is the same as the
effect of the last Outlook Email Security Update). No
files are listed in this category, only network
administrators can add files to this list if they wish.
The third category is every other file extension. Any
incoming file that doesn't have an extension covered by
Level 1 or 2 can be accessed from an email message as at
present.
Office Documents
You'll note that Office documents are not included in the
Level 1 list even though they can and do contain macro
viruses ('Melissa' to name just one example). Microsoft
contends that this is because you can enable their
so-called Macro Virus Protection in those products.
However the update doesn't check your settings in Word,
Excel etc nor recommend any changes as part of the
installation of this update.
Access Files
Access doesn't have any macro security settings (don't ask
why, you won't get a sensible answer) and so Access MDB
files are included in the Level 1 file list. Anyone who
used to swap Access databases by email will have to find
another way by using one of the workarounds suggested in
'Workarounds For The Security Update' below.
INCREASED OUTLOOK SECURITY
An increasing groundswell of concern over access to active
scripting has been addressed in this update. It is
possible for an incoming HTML message to contain malicious
embedded code that could run simply when you open the
message. This has been a concern for sometime because the
security settings supplied with Outlook permit this.
The Outlook Email Security Update raises the security level
to stop most scripting and ActiveX controls running without
your permission.
This change you can do manually without the intrusion of
the Outlook Email Security Update. Barry Simon gave the
details in WOW
http://www.woodyswatch.com/office/archtemplate.asp?v5-n25
of how to do this.
Hope this helps
Bruce Collins
MIS Manager
Twitchell Corporation
4031 Ross Clark Circle NW
Dothan, AL 36304
(334) 792-0002
(334) 673-4121
bacollins@twitchellcorp.com
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
