I continue to stand by my positive comments about Windows XP in the
first two segments of this series. Look for other justifications for
migrating to this new operating system in the next couple of weeks;
however, this week I take a break from my praise to raise a flag on
some of the predefined security restrictions inherent with Windows XP
and Office XP. While these issues do not technically fall within the
mantle of Windows XP interoperability, they do represent a significant
change that will require client-side attention. I welcome reader
We are all aware of the number of well-publicized viruses, worms, and
hacks into Microsoft systems. While I don't believe Microsoft products
are, by definition, any more vulnerable than other operating systems,
they are unquestionably a bigger target for those individuals in the IT
community that derive pleasure in harming others. Mindful of these
problems, Microsoft has instituted a number of predefined precautions
aimed at minimizing the impact of viruses like the Love Bug. To its
credit, the company is attempting to correct a problem; however, they
may be overreacting.
Let me use an example to illustrate my concern. The other day, my co-
author of our best-selling Windows 2000 book and a forthcoming
Windows.NET book, Mark Walla, attempted to send me an e-mail message
with several Visual Basic scripts (.vbs files). As Love Bug was based
on a VB script, precaution should always be taken when opening such a
file. Since I knew these files were coming, I felt confident that Mark
would not unleash bad things on my system so I attempted to open and
save the file attachments. To my surprise, Office XP's version of
Outlook gave me the following message "Outlook blocked access to the
following potentially unsafe files."
My first reaction was, OK, Microsoft has preset Outlook XP at a
security level that intelligently detects files that are known to cause
problems. Great, I thought. Now all I have to do is reset the security
level so that I can get to those attachments. Unfortunately, no such
option existed. As I sought help on the blocking message, I received a
statement that "No Help Topic is associated with this item." Undaunted,
I did an advanced search within Outlook's help facility and received
the following troubling explanation:
"There are two levels of attachment security. Access to level 1
files is blocked and can't be changed. When you receive an
attachment with a level 2 file type, you will be prompted to save
the file to your hard disk. If you use Microsoft Exchange Server,
your administrator can add and remove file types for both levels of
My reaction was natural: "Well isn't that special ???"
I learned that the following common file extensions are, by default,
Level : .adp, .ade, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz,
.mse, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .url, .vb,
.vbe, .vbs, .wse, .wsf, and .wsh
So what does this mean?. Unless you have a friendly system
administrator and your mail system is Exchange Server, you are S.O.L.
if you want to exchange items like Java or Visual Basic scripts. For
professional developers and administrators, this will not come as good
news. One way around this problem, though, is to package the scripts in
a ZIP file format. You can then unzip the file and away you go. But
does this solution help prevent unleashing viruses? Not really. When
opening a ZIP file in Windows XP you are prompted to either open or
save it to disk. If you open the file, then infection begins.
So what has Microsoft achieved? Well, this procedure will undoubtedly
prevent much virus infection. However, there are still ways around
these safeguards. The fact the Level 1 restrictions can be changed by
the client is simply too much protection for my liking. I regrettably
may be returning to Outlook 2000 because my need to get work done
outweighs this type of inflexible security restriction.
Your comments are welcome.
Next week: More really positive reasons for looking at Windows XP.