Security efforts can't be mailed in

Federal agencies need to ensure that their e-mail systems are as secure as possible, and the best way to do that is by doing a thorough check of the system, according to Christopher Klaus, founder and chief technology officer at Internet Security Systems Inc.

"Some security holes have been found in all e-mail products," he said. "I'd recommend doing a security assessment to see if all the security patches have been installed and if all the security settings are where they should be."

Though smart security policies are more important than the choice of an e-mail system, Microsoft Corp. products are more often targeted by virus and worm writers because of the company's high profile. That doesn't mean that the company's products have more security flaws, only that more attacks are designed to target them.

Choosing lower-profile products can reduce the likelihood of being attacked, but that isn't the best approach to security, Klaus said. "The security risk doesn't go away, it is just that less people are focused on" that e-mail system, he said. "The long-term solution is the ability to stay on top of security problems."

Using other software would only encourage more attacks on those other products, he pointed out. "If we told the whole world to switch from Microsoft to [other products] for security concerns, we'd be in the same mess."