Microsoft Upgrades Outlook Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft Upgrades Outlook Security

Stinging from repeated hacking attacks, Microsoft promises a more secure Outlook

As part of its Office XP launch May 31, Microsoft is tightening security in its near-ubiquitous E-mail software, Outlook. Outlook 2002, part of Office XP, will also be bundled with the Service Pack 1 release of Microsoft's Exchange 2000 server, expected this summer.

It's been a scary year for Outlook users. Starting with last year's Love Bug Visual Basic script worm, Outlook has been relentlessly targeted by copycat infections, including the recent Mawanella and Homepage worms.

Microsoft says it's been working diligently to secure the besieged program. Mark Croft, Windows XP lead product manager, says one of the most important new features is the software's ability to keep programs from automatically running from within E-mail messages or attachments. That should plug one of the most common ways virus writers spread malicious software, or malware.

Network administrators can also make security-vs.-functionality choices. For instance, administrators can choose to always block certain types of applications, such as the notorious Visual Basic scripts. Scott Culp, program manager at Microsoft's security-response center, says Outlook also sports operating-system-level security improvements. According to Culp, XP also lets administrators make sure only digitally signed applications can run. "You can prove with great assurance that the program the person is trying to run has not been modified in any way and is from a trusted party," he says.

"The fact that Microsoft is trying to make Outlook more secure can only be a good thing," says Forrester Research analyst Frank Prince. "But administrators will have to make difficult choices between security and functionality."

Gartner analyst John Pescatore says, "This means every 'good' executable will have to be inspected and digitally signed by IT--a huge workload. Or IT will have to create a list of sources of trusted executable, which isn't easy."

Pescatore sees two problems with this approach. Any software from a company deemed trustworthy would be accepted without question. And large companies could have proportionately large lists of "approved" companies. The more "approved" companies, the lower the security.

If companies find those approaches too onerous, then XP defaults to asking recipients if they want the application they selected to "talk" to Outlook. "This is a great way to just train users to always hit the 'yes' button. Not a good security practice," Pescatore says.

Overall, analysts say Microsoft is moving in the right direction. Says Pescatore, "On a scale of one to 10, the security provided by Windows 95/2000 against viruses is a zero. The XP features are about a six--dramatic improvement but not good enough to mean antiviral software isn't required at the desktop."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
News
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll