Microsoft has finally caved into industry pressure and has begun to improve the security weaknesses in its Outlook messaging software that aid the rapid spread of viruses such as the Love Bug.
The software giant was recently criticised by Gartner for what the researcher described as a "permissive" attitude to security. Gartner said the trail of destruction caused by the Love Bug virus was a wake-up call to Microsoft to upgrade the security of its products - something the researcher said it asked Microsoft to do more than three years ago.
Like the deadly Melissa virus that hit companies worldwide last summer, the Love Bug spreads by emails that multiply once opened by a recipient, sending new messages to everyone in the user's address book, bringing down entire mail servers in the process.
Microsoft said today that it will issue a patch for Outlook that will warn users about or even prevent them from accessing several file types when sent as email attachments. These include executables, batch files and other file types that contain executable code often used by hackers to spread viruses.
The patch will also provide users with a dialog box that warns when an external program attempts to access their Outlook address book or send email on their behalf, which is exactly how viruses such as the Love Bug and Melissa spread.
The patch will be available for download from Microsoft's Office update site from 22 May.
Members of the antivirus industry welcomed the move, but said it is "well overdue".
Ian McManus, technical manager at antivirus company Panda Software, said: "Any antivirus vendor will tell you that the bane of their life is not virus writers but Microsoft. Almost all virus problems, with very little exception, are on Microsoft's platforms. They make it so easy for virus writers to write viruses.
"Up until now, they've done nothing to stop this and they could have done things years ago. But the Love Bug and Melissa meant they got a huge backlash from users. With the dialog warning box at least they're putting the onus back onto the user, but there's room for them to do more."
Eric Chien, head of antivirus research at Symantec, warned: "It is important to remember that while we applaud Microsoft on this technology change, we reiterate that this scheme does not solve the virus problem - it merely adds one more layer of protection."
Since the Love Bug struck almost two weeks ago, more than 26 new variants of the virus have been created. Worryingly, many of them include the email subject line 'Official virus and bug fix'.
This is a list of 26 variants of Love Bug, with their subject lines, that have been identified so far by antivirus vendor Panda.
- VBS/LoveLetter.B - Susitikim shi vakara kavos poudukui
- VBS/LoveLetter.C - fwd: Joke
- VBS/LoveLetter.D - ILOVEYOU
- VBS/LoveLetter.E - Mothers Day Order Confirmation
- VBS/LoveLetter.F - Dangerous Virus Warning
- VBS/LoveLetter.G - Virus Alert!!!
- VBS/LoveLetter.H - ILOVEYOU
- VBS/LoveLetter.I - Important, Read carefully!!
- VBS/LoveLetter.J - How to protect yourself from the ILOVEYOU
- VBS/LoveLetter.K - Thank You For Flying Arab Airlines
- VBS/LoveLetter.L - Bewerbung Kreolina
- VBS/LoveLetter.M - ILOVEYOU
- VBS/LoveLetter.N - Variant Test
- VBS/LoveLetter.O - ILOVEYOU LOVE
- VBS/LoveLetter.P - Yeah, Yeah another time to DEATH...
- VBS/LoveLetter.Q - LOOK!
- VBS/LoveLetter.R - Virus Alert!!!
- VBS/LoveLetter.S - I Cant Belive This!!!
- VBS/LoveLetter.T - Recent Virus Attacks
- VBS/LoveLetter.U - BUG & VIRUS FIX
- VBS/LoveLetter.V - PresenteUOL
- VBS/LoveLetter.W - IMPORTANT: Official virus and bug fix Bug and virus
- VBS/LoveLetter.X - ILOVEYOU
- VBS/LoveLetter.Y - ILOVEYOU
- VBS/LoveLetter.Z - 3 de septiembre en Roma
Citrix claims Workspot has 'continued to mislead the market' and use Citrix-patented features
Using proven technology from wireless, coax and ADSL/VDSL communication
Touts crowding genuine fans out of the market, claims government
Users complain they haven't been able to access their accounts or withdraw money