November 30, 2001, 10:32 AM — The blame for the latest round of viral congestion can be laid squarely with Microsoft Corp. according to one anti-virus expert in New Zealand.
BadTrans is the latest worm to hit Outlook Express users and is currently creating mayhem around the world as it quickly reaches saturation point on networks.
But Nick FitzGerald, director of Christchurch-based Computer Virus Consulting Ltd., says not only is the patch released by Microsoft inadequate, Microsoft's approach to mail clients is leaving its users wide open to such worms.
"There are two problems with Outlook -- the first is that it can be easily driven by another program. Melissa did it and lots of other viruses have followed suit."
FitzGerald says the second problem is that both Outlook and Outlook Express interpret HTML components in multi-part MIME messages. MIME (Multi-Purpose Internet Mail Extensions) allows users to send more than plain text via e-mail, such as video or audio.
"There is an HTML part and a text part and they will always display the HTML part using Internet Explorer which is a bag of bugs. Sensible people would disable the HTML capability in both if they could but Microsoft hasn't given them the option." FitzGerald recommends installing a mail client that doesn't use Internet Explorer for the HTML component.
"You'll be a lot better off."
The other problem, says FitzGerald, is that Microsoft's patch for the security hole in Outlook doesn't fix the problem but instead simply launches the standard dialogue box Microsoft uses for download warnings.
"The dialogue box asks if you want to save the file to the local drive or run it. We're talking about users who've clicked on something to read an e-mail message. They'll say 'I don't want to save it, so the other one must be the right option.'"
FitzGerald describes this box as providing a "a completely un-intuitive and unexplained option" that has led users astray.
"They're getting infected even though they're patched because they're selecting the wrong option at that point. They don't know why it popped up." FitzGerald says Microsoft needs to address the complaints about the patch that are circulating.
"Even though it has now 'restored' the program to its originally designed behavior, that behavior is still pretty damned stupid."
Microsoft New Zealand's Internet customer business unit manager Terry Allen says users do need to learn about attachments and how to handle them. He believes the Microsoft patch is doing its job well.
"It's not practical to switch off all attachments for all time -- there has to be some middle ground where attachments are allowed but users are aware of the potential danger."
Allen says users should definitely purchase virus protection software and keep the virus definitions up to date.