ILOVEYOU Worm Fastest Yet

If you are a company officer who allows Outlook as the company's standard, you are neglecting your fiduciary duty.





3-May-00 - ILOVEYOU Worm rips through the world's Windows computer systems. Lots of details at ZDNet.

Outlook equates to neglecting fiduciary duty? Harsh words, but true. Microsoft Outlook may be a mail client, but it is also the biggest security hole a hacker could hope for, because it links seamlessly with Word and Excel. To use a favorite Microsoft expression, "This behavior is by design". Recovering from an attack can be rather expensive, especially in lost business, as are the measures you must take in your continuous attempts to stave off such attacks.

By design? Yes. The features that allow a new virus to shut down you entire email system within minutes, and which may compromise or disable your workstations, are possible because of the tight integration Microsoft builds into all their products. There are no security layers between applications because this might make them less "easy to use". The tight integration also, incidentally, locks out all competitors.

Automation Access recommends PMMail (OS/2 and Windows). While it is far more powerful than Outlook, we don't expect many of you to use it because it has three "flaws".

  1. It isn't free with Windows (cost about $37).
  2. It isn't from Microsoft, so your company may not allow it at all.
  3. It imposes some security on your network, so users might see it as inconvenient.

Of course, if you use PMMail, but still use Word and/or Excel, your workstation's still going to get clobbered, but the virus won't spread over the company network.

OK, since you're going to continue using Outlook, Word and Excel, because you "have no choice", here's what to do to protect yourself.

  • Never open an email attachment if you aren't expecting it and don't know exactly who it came from. Just delete that mail.
  • Realize that some very clever viruses don't need you to actually open an attachment, so you could get hit anyway.
  • Update your anti-virus software at least once a week and see that it is rolled out to all workstations.
  • Since the anti-virus you downloaded today isn't going to be effective against today's virus, monitor security news every morning. The virus may already have hit Asia and will probably have hit Europe by now, so you can get the warnings out.
  • If you have high mail volume, contract with an ASP to virus check all email before it gets to your mail server.
  • Make good and comprehensive backeups of all important data every night.

For more, check out this article, and particularly the commentary that follows it.

Fortunately the fast moving email viruses we have experienced to date have not been particularly destructive. Be aware, this is only temporary.

©:Andrew Grygus - Automation Access - -
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners