Windows XP Interoperability, Part 3: Frustrating Security Features


I continue to stand by my positive comments about Windows XP in the

first two segments of this series. Look for other justifications for

migrating to this new operating system in the next couple of weeks;

however, this week I take a break from my praise to raise a flag on

some of the predefined security restrictions inherent with Windows XP

and Office XP. While these issues do not technically fall within the

mantle of Windows XP interoperability, they do represent a significant

change that will require client-side attention. I welcome reader


We are all aware of the number of well-publicized viruses, worms, and

hacks into Microsoft systems. While I don't believe Microsoft products

are, by definition, any more vulnerable than other operating systems,

they are unquestionably a bigger target for those individuals in the IT

community that derive pleasure in harming others. Mindful of these

problems, Microsoft has instituted a number of predefined precautions

aimed at minimizing the impact of viruses like the Love Bug. To its

credit, the company is attempting to correct a problem; however, they

may be overreacting.

Let me use an example to illustrate my concern. The other day, my co-

author of our best-selling Windows 2000 book and a forthcoming

Windows.NET book, Mark Walla, attempted to send me an e-mail message

with several Visual Basic scripts (.vbs files). As Love Bug was based

on a VB script, precaution should always be taken when opening such a

file. Since I knew these files were coming, I felt confident that Mark

would not unleash bad things on my system so I attempted to open and

save the file attachments. To my surprise, Office XP's version of

Outlook gave me the following message "Outlook blocked access to the

following potentially unsafe files."

My first reaction was, OK, Microsoft has preset Outlook XP at a

security level that intelligently detects files that are known to cause

problems. Great, I thought. Now all I have to do is reset the security

level so that I can get to those attachments. Unfortunately, no such

option existed. As I sought help on the blocking message, I received a

statement that "No Help Topic is associated with this item." Undaunted,

I did an advanced search within Outlook's help facility and received

the following troubling explanation:

"There are two levels of attachment security. Access to level 1

files is blocked and can't be changed. When you receive an

attachment with a level 2 file type, you will be prompted to save

the file to your hard disk. If you use Microsoft Exchange Server,

your administrator can add and remove file types for both levels of

e-mail security."

My reaction was natural: "Well isn't that special ???"

I learned that the following common file extensions are, by default,

Level : .adp, .ade, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,

.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz,

.mse, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .url, .vb,

.vbe, .vbs, .wse, .wsf, and .wsh

So what does this mean?. Unless you have a friendly system

administrator and your mail system is Exchange Server, you are S.O.L.

if you want to exchange items like Java or Visual Basic scripts. For

professional developers and administrators, this will not come as good

news. One way around this problem, though, is to package the scripts in

a ZIP file format. You can then unzip the file and away you go. But

does this solution help prevent unleashing viruses? Not really. When

opening a ZIP file in Windows XP you are prompted to either open or

save it to disk. If you open the file, then infection begins.

So what has Microsoft achieved? Well, this procedure will undoubtedly

prevent much virus infection. However, there are still ways around

these safeguards. The fact the Level 1 restrictions can be changed by

the client is simply too much protection for my liking. I regrettably

may be returning to Outlook 2000 because my need to get work done

outweighs this type of inflexible security restriction.

Your comments are welcome.

Next week: More really positive reasons for looking at Windows XP.

ITWorld DealPost: The best in tech deals and discounts.
You Might Like