Microsoft believes it is a target for antivirus writers because it has such a large profile and because its products dominate the marketplace.
Microsoft NZ executive Terry Allen argues security vulnerabilities can affect all computer users as hackers and others produce new viruses as new technologies develop. But if people take the recommended precautions, they will be protected from most “vulnerabilities”, he says.
Allen says recent security concerns such as Oracle 9i buffer overrun issues, AOL’s instant messaging and CDE/Solaris highlight that this is an industry-wide problem and not limited to Microsoft.
Take, for example, the SNMP vulnerability — a flaws in the widely used network protocol affecting thousands of products — announced last month.
“This was a security issue with an internet protocol that was designed 20 years ago and affects just about every computer platform on the planet. At Microsoft, we had patches freely available for Windows customers within a few days of the announcement.” While critics might suggest a more rigorous approach to software security, Microsoft says most email-borne viruses can be stopped in their tracks by taking computer users installing the Outlook email security update. Updates are available for Outlook 2000 and Outlook 98 and it is built into Outlook 2002 in Office XP.
The update prevents users accessing file types including executables, batch files and other file types that contain executable code often used by malicious hackers to spread viruses.
A dialogue box alerts users when an external program attempts to access their address book or send email on their behalf and active scripting within restricted sites is disabled by default.
Microsoft suggests corporate email administrators review the list of attachments that the Outlook update blocks and mimics this behaviour at their inbound and outbound mail gateways. This list can be found here.
As well as the Trustworthy Computing initiative, last year Microsoft also announced the Strategic Technology Protection Program, a program designed to help its customers stay secure. Microsoft recommends that system administrators utilise the Corporate Windows Update and join the product security notification service here.