Microsoft is claiming that independent privacy auditor TRUSTe has found and fixed any remaining flaws in its accident-prone email service, Hotmail.
But last week's announcement has provoked outrage and disbelief at Cirencester-based ISP Star Internet.
Between 1 September and 14 October, Star's virus scanners trapped 122 viruses in emails sent by Hotmail users. That score kept hotmail.com resolutely the top source of infected emails.
Shocked anti-virus programmers at Star said they had done the work Microsoft had just paid TRUSTe to do. And worse, they had told Microsoft about a serious security hole in Hotmail in May 1999, then watched in disbelief as Microsoft had acknowledged it - then left it open.
The usual suspects
Five months after it was brought to Microsoft's attention, a serious flaw in Hotmail's virus scanner still leaks emails infected by the most pernicious macro viruses - including Melissa, Marker, Ethan, Story and Footer.
That flaw has singlehandedly made Microsoft's hotmail.com domain the biggest source of email viruses sent to Star Internet's 1000 business customers.
It's symptomatic of what engineers feel is a poor approach to Hotmail's security policy.
Read all about it
How easy they were to fix - and how cheap - is easy to quantify. $39.95, to be precise.
But this flaw-by-flaw approach has security experts seething.
Microsoft is treating the individual symptoms, he says, when it should have taken a step back and looked at all the problems coherently.
For evidence that Microsoft did not consider the implications of known security holes, look no further than its response to discovering that Hotmail did not have the tools to detect and clean modern VBA macro viruses from email attachments.
Six months after Melissa was first discovered, Hotmail users still receive and forward the powerful virus in email attachments.
Star has repeatedly demonstrated this by successfully sending Melissa-infected emails from a Hotmail account to a virus trap. Last weekend it sent emails containing the five common VBA macro viruses, including Melissa, through Hotmail.
"There are about 56 VBA macro viruses in the wild that will go through it," said Star anti-virus expert Alex Shipp.
Like many Internet companies, Hotmail's email servers run on FreeBSD. But unlike many Internet companies, Hotmail runs all its email traffic through virus detection and removal software. That software is version three of Network Associates' McAfee range of enterprise anti-virus products.
Although version three runs happily on FreeBSD, only version four can detect VBA macro viruses, and version four only runs on the most popular enterprise operating systems: Sun's Solaris and Windows NT.
By May this year, Hotmail's engineers were well aware of the problem. They may have been aware of it even earlier - probably soon after Melissa first woke up the world to VBA macro viruses. But they were unable to do anything about it.
Their options were limited: anti-virus vendor Sophos has a scanner for FreeBSD, but Microsoft did not buy it. Its other option was to move Hotmail and its 40 million user accounts on to a different operating system - a daunting project. Especially when the only alternative operating systems are Windows NT, whose history with Hotmail is well documented, or Solaris, an operating system that belongs to arch enemy and courtroom adversary Sun Microsystems.
The option was not an option.
FreeBSD and all that
In August, rumours began to seep out of Network Associates (NAI). The company had won a very big contract to supply anti-virus software to a very, very big company. The anti-virus software would run on FreeBSD and sniff out VBA macros.
Sources inside NAI confirm that Hotmail took delivery of a beta anti-virus program for FreeBSD in mid-September.
That Star was still able to run VBA macro virus through Hotmail in early October shows that it has not yet been installed.
Open and shut case
Microsoft said its decision to call in TRUSTe will reassure users that Hotmail is secure. It refuses to discuss questions about Hotmail's anti-virus software, but there is little doubt that this would quickly seal the VBA hole too.
The only question that remains unanswered is why Microsoft left its systems open for so long.
The former employee says that Tesla fired him for bringing the accusations to management internally
Insecticides based on sulfoxaflor might be as bad for bees as neonicotinoids
Intel teases forthcoming new graphics card accompanied by the text "We will set our graphics free"
Think your password manager is completely secure? Think again...