greenfreak
New Member
Does anyone use Office XP and have a problem with sending/receiving attachments? I purchased a copy for work and was testing it and it kinda pisses me off that you can't send .bat, .exe and .inf files and that there's no easy way to override that like Outlook Express. I've found a MS link that explains how to override this and after reading it, I don't see how they could have made this any more of a pain in the ass than they have. 
A quick fix would be Zipping everything... But my users can barely click on the "Save to Disk" button instead of "Open", much less unzip something.
While searching for information, I found an old article on this (I took excerpts, this isn't the whole thing). What do you think?
http://news.com.com/2100-1001-255431.html?legacy=cnet
A quick fix would be Zipping everything... But my users can barely click on the "Save to Disk" button instead of "Open", much less unzip something.
While searching for information, I found an old article on this (I took excerpts, this isn't the whole thing). What do you think?
Microsoft's virus antidote: Ban attachments
By Joe Wilcox
Staff Writer
April 6, 2001, 9:35 AM PT
http://news.com.com/2100-1001-255431.html
Is Microsoft making the cure worse than the sickness?
Responding to the rash of e-mail viruses that started with Melissa and I Love You, the Redmond, Wash.-based company is clamping down on the types of file attachments that will work with the newest version of its Outlook e-mail software.
Outlook 2002, a new e-mail application included with Microsoft's forthcoming Office XP business software suite due later this spring, will by default reject more than 30 types of files sent as e-mail attachments, according to company executives.
The files, deemed by Microsoft as most likely to be used by hackers to transfer viruses, include some of the most common types, such as program execution files, batch files, Windows help files, and Java and Visual Basic scripting files. Also blocked are photo CD images, screensavers and HTML application files, according to a list supplied by Microsoft.
Opponents to the plan say Microsoft will make it much more difficult to share routine--and harmless--information via e-mail attachments.
With Outlook 2002, Microsoft will compel everyone to adopt the new security measure. The company also makes it nearly impossible for individuals and very difficult for corporations to disable the feature, which the company says is necessitated by the threat the attachments pose.
"We felt that in order to provide a level of protection many of our customers were asking for--as well as make sure that people became aware of good e-mail protocols--we needed to take a bit of a harsher step," said Lisa Gurry, Office XP product manager.
But in taking that "harsher step," Microsoft also made the feature difficult to turn off, offering the average user no simple or direct means of disabling the function.
Band-Aid approach?
For companies offering tech support or for software developers--two groups that routinely send e-mail files Outlook 2002 won't accept--their jobs could get a lot harder. For everyone else, Microsoft insists e-mail will be safer to use.
But some people question Microsoft's approach of blocking file access from e-mail, arguing the company is not dealing with the real problem, which is how certain file types affect both Outlook and Windows.
"I do suspect this is a Band-Aid to a much larger problem Microsoft seems to have with regards to the security of their products," Goodwin said. "As a friend of mine commented recently, 'I think this hoof-and-mouth disease is the only virus that doesn't affect Outlook.'"
The problem has more to do with Windows than with Outlook, said Bill Jaeger, applied research director for MetaSes, an Atlanta-based security services firm and Meta Group affiliate.
"This is most certainly a Band-Aid for the greater security problems inherent in Windows," he said. "The appropriate solution is for Windows to not blindly run any content that looks like an executable."
Companies with Outlook attached to a server running Microsoft Exchange would have some ability to adjust the default security settings, Gurry said. But she would not go into detail about how that might be done.
"For businesses or small businesses that don't have that server option, we're providing an additional option with Office XP you can choose to turn off the attachment support," Gurry said. "But that's something we don't recommend that people do."
In fact, Microsoft makes turning off the feature downright difficult. Office XP users must physically edit the Windows Registry--an internal database of Windows information--to turn off the attachment restriction function. Microsoft makes it fairly easy to adjust other security features in its products; for example, an easily accessible control can be used to adjust how Internet Explorer responds to potentially dangerous Web content.
Microsoft won't provide instructions on how to tweak the registry "until Office XP is broadly available," Gurry said. Office XP is due to reach store shelves May 31.
Security expert Richard Smith, who had a hand in uncovering the Melissa virus' origins, believes Microsoft is taking tough action where it is warranted.
"I'm very supportive of it," he said. "I think it's socially unacceptable to send executables around, even legitimate ones. This kind of enforces that rule, and we'll kind of have to get used to it."
Smith sees a simple solution for people absolutely needing to send executable file attachments: Compress the file using popular utilities like WinZip.
"Us programmers are going to have to get used to zipping things up first," he said. "It's called changing social behavior."
But Jaeger, in some ways, sees Microsoft's solution as dangerous.
"This doesn't solve the greater problem and simply leads to a false sense of security," he said. "It's time for Microsoft to start curing the problem, not treating the symptoms."
Bishop said he expects some controversy over Microsoft's handling of the matter but doubts there will ever be a consensus on the approach.
"I don't think you'll be able to get people to agree on whether it's too little or too much," he said.
http://news.com.com/2100-1001-255431.html?legacy=cnet
