 |
• December 4, 2001 •
Microsoft added a security setting to Outlook Express 6: Do not allow attachments to be saved or opened that could potentially be a virus. This setting is not enabled as default, but Microsoft is suggesting it in this document entitled Using Virus Protection Features in Outlook Express 6.
I had even suggested myself that this should have been set as default, to reduce the number of worms spreading, due to the fact that most people just seem to open any and all attachments they receive, without giving it a second thought.
But this week I was contacted by David McSpadden, a Network Administrator from the Indiana Members Credit Union, who asked me for some advice on a problem he seemed to be having: When he tried to forward an e-mail with a "blocked" attachment, the attachment becomes available to be run or saved!
I did a little test myself, and must admit that he is right. That renders this "security" option useless.
When contacted, a person from Microsoft's Security Response Center wrote in an e-mail: "The capability to forward an email with an attachment is a feature in Outlook Express that is by-design. As you mention, Outlook Express does allow the blocking of unsafe attachments.
It looks like Outlook Express successfully blocked the attachment in the Inbox for David McSpadden.
It is important for users to recognize that greyed-out attachments are not safe to be opened and, users should be deleting, not forwarding an email with a greyed-out attachment."
Do I need to say more??? (It's a "feature" not a bug!)
