Business-like, isn't he?



news that works for you


ISSUE 557: The high tech office- June 27 2000


Virus vulnerabilities made easy by Microsoft

When the potato, native to the Americas, arrived in Europe, farmers quickly became more productive growing the new crop. Many started to rely on it as their main foodstuff, replacing a wide range of former crops.

The new and improved diet made it possible to support more people, until the spread of potato blight wiped out the crop and led to famine.

History is repeating itself with the widespread success of Microsoft's Office, its Word word processor, Outlook e-mail software and other programs. Microsoft's overwhelming market share has benefits for users, who can pretty much take file compatibility for granted. And it's created an entire industry making products to work with or enhance MS Office.

But, as with the Irish reliance on potatoes in the 1840s, business reliance on a single product can lead to disaster. Today's security problems are the result of
a series of well-intentioned but misguided design decisions made by Microsoft.

To understand the problem, we again have to look back into history, to computer software in the mid-1980s. Standard business applications included word processors such as WordStar and Word Perfect and spreadsheets such as Lotus 1-2-3.

Power users made use of "macros," customized routines to automate repetitive tasks. But macros for Lotus 1-2-3 wouldn't work for Word Perfect and vice versa. This was initially true for Microsoft's products as well, even after the company started bundling Word and Excel together as its Office suite. But the company promised to provide a universal macro language. It did, with Visual Basic for Applications (VBA) offering a standardized format based on Microsoft's popular and (relatively) easy to use Visual Basic programming language. In fact, VBA offered most of the power of a full-fledged programming language, disguised as a humble macro-editor.

Most users ignored this, along with most of the other high-end features of word processors, spreadsheets and the like. But, once again, the Internet changed everything. Now, e-mail can spread documents worldwide. And with Microsoft Office and Outlook as near-universal standards, almost everyone could run documents containing Office-style VBA macros.

That changed the face of computer viruses. Virus-writers discovered that Visual Basic macros embedded in Word or Excel documents could spread themselves as soon as a user opened the document. Typical Word macro viruses infect all the Word documents on a user's system and can quickly spread across a company's network. Just as individuals and organizations pretty much got a handle on Word macro viruses, though, infections such as last year's Melissa virus and the recent Love Bug started spreading, taking advantage of similar vulnerabilities in Microsoft Outlook. And while Word macro viruses had to wait for a user to unintentionally send an in-
fected document to someone else, these Outlook viruses take over the user's e-mail address book and send themselves. The Love Bug reached up to 26 per cent of worldwide Internet users, according to a survey conducted by the Angus Reid Group and Symantec Corp.

Microsoft has recently posted
a security update for Outlook 98
and 2000 users at www.officeupdate.

The company notes: "This update limits certain functionality in Outlook to provide a higher level of security."

In other words, it turns off the Visual Basic Scripting functions that most users never asked for in the first place. While this update was released in a reasonably timely fashion following the Love Bug panic, it's been a year since the similar Melissa virus attack. I can't help but wonder why it took this long for Microsoft to take Outlook's vulnerability seriously.

The minority of users of non-Microsoft systems, Apple and Linux users (and even Windows users running other e-mail clients) find themselves in the position of an 1845 Irish farmer growing wheat. They can watch from a position of relative safety while the Office and Outlook users around them suffer from the blight. *


Search WWW Search

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan