The best way to stop ‘ILOVEYOU’ is to stop using Outlook.
So how many times do people have to be whacked on their heads by a Melissa-like virus to get the point?
So far I’ve been “ILOVEYOUed” six times today. Unlike many of you, however, other than being annoyed, I don’t have the bug, I’m not going to get the bug, and I’m certainly not going to spread it.
Why? Because I’m some kind of computer-demigod who knows all? Hardly! But I do know the basics of avoiding bugs. Here’s how you do it.
First, you scan your systems every livelong day for bugs and make sure your mail server has an antivirus shield installed.
What if it’s too late for those sound measures? Say you couldn’t catch VBS.LoveLetterA the first time around because it sprang out of nowhere and it has attacked faster than any other e-mail virus/worm in history.
According to Symantec’s Marian Merritt, group product manager for Norton products, you wouldn’t be the only one. “This will be worse than Melissa, because it sends messages to everyone, not just the first 50 people, on your address book. We expect e-mail servers to be shut down across the world.”
But, wait. There’s more; the program also loads itself up in your MP3 music and JPG graphic files. Can you say “wrecked system”? I knew you could.
If the antiviral programs didn’t catch it, what should you do? Well, for starters, you can set your mail server or client to zap automatically any e-mail that comes along with “ILOVEYOU” in the subject head or has “LOVE-LETTER-FOR-YOU.TXT.vbs” in the attachment title.
You also should update your antiviral program within the next 24 hours. The antiviral companies are working like dogs to deliver fixes. Symantec, for example, expects to deliver a LiveUpdate fix to block ILOVEYOU infections by 2 p.m. EDT on May 4. A fix for already infected files should be out by May 5. Some antivirus companies already have fixes out; everyone will have them done by next Monday, at the latest.
Prevention Now
Without all that necessary protection, I still avoided getting a fatal ILOVYOU hug. How? First I delete all messages with attached files unless I’m expecting one. We all know people who want to send us Word or PowerPoint files for no good reason. I consider the potential risk from such messages to be high enough that I just blow them away on sight.
You should be doubly suspicious of any message with a cute name attachment. For some reason, mail bugs writers seem to always give their bugs dubious names. I know one guy who opened an e-mail with ILOVEYOU because it was from a Dow-Jones newsletter and he figured that they couldn’t possible send him a virus. Oh please. Big companies, a lone guy with an 80386 and a 2400-baud modem–any and all of them can give you an e-mail worm. (Although, my real question to this guy was why the heck did he think that Dow-Jones would be sending him a love letter?)
But you know the most important reason why I’m not going to be part of the ILOVEYOU problem? I’m not running Microsoft Outlook. Now, if I ignored my advice from above, I could still get LOVEd with any e-mail client, but only Outlook passes it on.
I’m on record as saying that Outlook is a security hole that also happens to be an e-mail client. If this mess doesn’t convince of you of that, I don’t know what I can do. Just like Melissa, ILOVEYOU only transmits itself to others if you’re running Outlook. If it weren’t for the fundamental flaws of Outlook having minimal security and its too-close integration with Windows, we wouldn’t have a Melissa or an ILOVEYOU at all.
Now, a Microsoft security spokesperson is saying that while Microsoft is working closely with antivirus companies, it doesn’t have any plans to issue a patch or security warning. Thanks guys, good of you to pick up the ball like that.
So, because Microsoft isn’t going to fix the Outlook vulnerabilities, which leads to worms, you’ve got one choice. Change your e-mail client today. As an individual, you’re opening yourself up to losing use of your Windows computer for a day or two. As an IT professional, if you’ve deployed Outlook, you’re insuring that every so often a Melissa-like worm will give your company’s e-mail heart a heart attack. Try Pegasus Mail, Eudora, Notes, GroupWise, you can get a bug at any of them, but at least you won’t give it to everyone else in your company.
Frankly, considering how much money and time incidents like these waste, if you were my employee or integrator and you refused to change, I’d fire you. And, Microsoft, if you want to keep Outlook a top mail client, fix it and fix it now.
No, Microsoft is not the villain of this piece. That honor seems to belong to a kid in the Philippines. But so long as you leave the door open to our e-mail houses, others will follow him. And, bad as this is, next time will be worse.
Is Outlook itself to blame for the latest security meltdown? Talk back below and let me know what you think.
A version of this story was first published in Sm@rt Reseller.