HOME
TOPICS
ABOUT ME
MAIL

 
You need to make some choices.
   technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

Why anyone can use Outlook Express to place a virus onto your Windows PC


May 7, 2000

By Al Fasoldt
Copyright ©2000, Al Fasoldt
Copyright ©2000, The Syracuse Newspapers

   I like Internet Explorer. I think Microsoft did a great job designing some of the features of this Web browser. But I don't use it.
   In most ways I like Outlook Express, the e-mail software from Microsoft. It's easy to use and works quickly. But I refuse to use Outlook Express. I won't let it in my house.
    Am I crazy? No.
    Am I trying to make a trendy statement now that Microsoft has been judged guilty of illegal activities?
    No. Microsoft's corporate behavior has nothing to do with this. I refuse to use Internet Explorer and Outlook Express because they are not safe.
    I've discussed this before -- the articles are on my Web site at http://twcny.rr.com/technofile -- so I'll spare you the details. The point is simply this: Internet Explorer and Outlook Express let any jerk sabotage your Windows PC.
    Proof of this came just this past week, when Windows users all across the world unwittingly passed along messages containing the "I Love You" virus. It does not need to arrive in an attachment, the way other viruses do. It can just ride along inside a text message, thanks to the way Microsoft designed Internet Explorer and Outlook Express. (The creator of the "I Love You" virus did place it in an attachment, possibly because Windows users typically open attachments without any thought about the dangers they pose. But it did not have to be an attachment. It could have been written into HTML code.)
    Those two programs work in tandem. Outlook Express, the e-mail software, can't run without code from Internet Explorer.
    Internet Explorer is the big problem here. It's the one with the big security hole. Because Outlook Express uses Internet Explorer's code, both are bad news if you care about the safety of your Windows PC.
    Internet Explorer and Outlook Express were designed to respond to remote commands. They can be run by remote control, in other words. That's done by VBScript, which Microsoft invented after deciding it did not want to use the accepted and very safe scripting language called Java.
    Microsoft did this intentionally. I wish I knew why. If you were a Microsoft project engineer and you mistakenly thought the world was a place where nobody did anything bad, a place where nobody would ever want to break into someone else's computer, you might design Internet Explorer and Outlook Express with the VBScript remote-control capabilities.
    Even as I write this, I find myself double-checking my brain. Is my head still attached? Am I really saying that the world's most common Internet browsing software was intentionally designed for remote control?
    Yes. And I'm even saying something more shocking than that. Building remote-control capabilities into Internet Explorer is crazy enough in a world as perilous as ours is for Windows users. What Microsoft did is beyond understanding.
    Microsoft gave the power over that remote control to anyone who wants to slip a virus into your PC, anybody clever enough or mean enough to create an "I Love You" VBScript virus.
    If you bought a new TV with a nifty remote control and discovered that strangers walking by your house could click a button on their own remote control to change your channels, you'd be outraged. Think of how angry you'd be if you discovered that strangers thousands of miles away could click their own remote controls and empty your safe or set fire to your furniture.
    You should be just as upset about the remote-control capabilities of Internet Explorer and Outlook Express. By writing a few simple VBScript instructions into an e-mail message, anyone can take control of your Windows PC. The part that's hardest to fathom comes next.
    Microsoft knows how vulnerable Windows is. After reports that Microsoft's own installation CDs might be infected by viruses, the company posted an article about how it makes these CDs. The article is very clear: Microsoft creates the CD-ROM disks on Unix computers.
    It doesn't do it on Windows computers.
    Why? Here's a quote from Microsoft:
    "The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows-based and Macintosh-based viruses."
    ("Unix" is the term Microsoft uses for Unix and Unix-like operating systems -- in other words, for Unix and Linux. Microsoft avoids referring to Linux, the fastest-growing competitor to Windows, whenever possible.)
    If you have a Windows PC at home, you need to realize these dangers to your files and your privacy. Internet Explorer and Outlook Express will allow anyone to insert a virus into your Windows computer. This is done by remote control.
    This remote-control design does not use Web cookies, so turning them off won't help. It does not get blocked by firewalls. Good anti-virus software that is updated every few weeks or once a month might be able to help catch VBScript viruses, but don't reply on them to do it. Many anti-virus programs won't help at all.
    If you care about your privacy and the safety of your files, you need to make some choices. You've got the information. Do what you think is right. Netscape makes a good Web browser. It has decent e-mail software built in, as part of the Netscape Communicator suite. It's free. Go to http://www.netscape.com.
    Opera makes a good Web browser with built-in e-mail software, too. Go to http://www.operasoft.com.
    Internet Explorer and Outlook Express are not required by your Internet service provider, regardless of what your ISP says. Don't let your ISP determine your safety. Do what you think is right.