Outlook patch option shores up security

Microsoft Corp. Outlook users looking to shore up their systems against viruses now have an option to the patch Microsoft released last week.

Reliable Software Technologies Corp. has developed a free program that stops viruses from propagating by exploiting Outlook. The JustBeFriends.dll installs on desktops and blocks calls to Outlook by monitoring the Visual Basic Scripting Engine.

The patch will not prevent a virus from damaging files, but it will help contain viruses and stop them from spreading. The "love bug" virus was a Visual Basic script that used the Outlook address book to quickly distribute itself throughout e-mail systems.

"Our patch works outside of Outlook and monitors applications calling Outlook," said Gary McGraw, vice president of corporate technology for Reliable. "We prevent the scripting engine from invoking Outlook and sending out e-mail on the user's behalf."

If a request for access to Outlook comes from a script being run from the desktop or from an attachment, access is denied. Otherwise, the user is asked to confirm that the application should be allowed access to Outlook.

The patch is a Dynamic Link Library (.dll) that lives inside the "appinit" Registry Key and is installed using a standard InstallShield setup.

The patch can be used in conjunction with the just released Outlook E-mail Security Update from Microsoft, or it can be run on its own. The Microsoft patch prevents Outlook from accepting a number of attachments, including .VBS, and adjusts security zone settings to prevent scripts from running by default. The patch also prevents applications from using the address book to send e-mail.

The Microsoft patch works with Outlook 98 and 2000, while the JustBeFriends patch works on all versions of Outlook, including Outlook Express. However, JustBeFriends only works on desktops running Windows NT or Windows 2000.

For more information about enterprise networking, go to Network World Fusion. Story copyright 2000 Network World Inc. All rights reserved.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.