Outlook Security Patch

Are you using Outlook (either Outlook 98 or Outlook 2000) at home? If you are, then you probably should take a close look at the Outlook Security Update. Yeah, I know quite a few people dislike this update, but spend the time yourself and take a look (note: in the corporate environment there may be good reasons not to install this patch).

Before going any further, let me give you some background on this patch. A few years ago, Microsoft made a terrible error, a mistake that has probably cost business of the world tens or hundreds of billions of dollars in damage. Oh, I know that Microsoft will never admit to this mistake, but believe me, it's huge. What was it?

To put it simply: email scripting. It was one of the stupidest, most idiotic things that has ever been done by this company. What does email scripting do? It allows an email message to execute a small piece of code (called a script) so that it an do custom tasks (like, for example, send a message, update a database or do some other fancy thing). I know it sounds useful, but to my knowledge (several hundred companies and thousands of users) not one person has ever had a legitimate use (with one exception) for the feature. As far as I can tell, the only people who use this are virus creators.

Theoretically at least, the feature is something that you would use in a corporate environment to use email for advanced features. Again, that's good theory but in practice I have never seen it used. Outlook is a reasonably good email client (although no better really than any other client), but it has a long way to go before it's up to snuff with full-fledged collaboration products like Lotus Notes (even Outlook XP is far short of that goal). 

For years Microsoft has watched virus after virus burn through thousands (millions?) of systems and denied that there was a problem. Finally, however, the mighty "I Love You", "Melissa" and their cousins forced a solution. Microsoft released a security patch to disable the parts of scripting that cause problems.

Corporations may want to think through installing this patch very carefully. Some installed it quickly and found it broke some of their applications. However, individual home users have, in my opinion, no reason to hesitate. Install this patch and many of your virus woes will disappear. Yes, you still MUST install a good virus scanning program such as Norton Antivirus because viruses can get into your system via other means, but this patch will plug a big, gaping, huge hole.

Some important notes:

  • This update HAS NO UNINSTALL. Later if you decide you want to remove the update, you must completely uninstall Office and reinstall the entire office suite (and any other updates you installed).

  • If you prefer, you can simply stop using Outlook or Outlook Express for email and use a program like Eudora instead. The problem is specifically with the Outlook and Outlook Express products.

  • Outlook Express is NOT patched by this procedure. There is currently no patch for Outlook Express.

  • Outlook XP (or Outlook 2002 as it is sometimes called) has been fixed (pre-patched, so to speak). There is no need to patch Outlook XP.

The major benefits of this patch are as follows:

  • You will no longer be able to open certain types of files at all. These include most, if not all, executable file types. This feature will prevent most of the common viruses from being able to even be opened to infect your system. You will see something like the example below instead (graphic is from the Microsoft article about this patch):

Warning that access to a file has been removed

It is important to understand that the attachment has not been scanned for viruses. It is marked as unsafe simply because of the file type.

  • If Outlook attempts to access your address book (and certain other features on your computer) you will be asked if that is okay. This is intended to prevent a "Melissa" type virus from sending itself to everyone in your address book. This would be most noticeable to people who need to do something like synchronize their handheld or palmtop computing devices. This can also make mail merges more of a hassle.

  • This patch raises the default security level for email attachments from "internet" to "restricted". This means HTML emails will not generally be able to perform functions such as executing an ActiveX control.

The procedure is as follows. 

  1. If you are running Outlook 2000, be sure you have installed the Office 2000 Service Release 1.

  2. For Outlook 98, download the Microsoft Outlook 98 Update: E-mail Security Patch.

  3. For Outlook 2000, download the Microsoft Outlook 2000 SR-1 Update: E-mail Security Patch.

  4. Once you have downloaded the appropriate file, be sure you have closed all Office programs (including any synchronization software for any palmtop or handheld systems).

  5. Double-click the downloaded file and install the update.

  6. Restart your computer when the update is finished.

Additional Information

  • Backing Up Your stuff - Part 1 Backup may seem to be a pain, but it's one of the most important things that you can do to protect your system.
  • Backing up your system is an essential part of your security scheme Backups are extremely critical to keep your system secure. If your system is damaged by a virus or an intruder you have a way to recover. Remember, however, that you must think through and test your scheme. 
  • Products - Norton Antivirus You need antivirus protection for your computer. Norton Antivirus is by far and away the best solution for the desktop.
  • Products - ZoneAlarm Pro ZoneAlarm Pro is quite possibly the best firewall product for personal home use that currently exists. Highly recommended.
  • The Ultimate In Virus Protection Learn how to protect your computer and your hard work. Start with a backup plan, install antivirus software and subscribe to newsletters.
  • Viruses The most important thing you can do to protect your system is install a virus checker (also known as an anti-virus program). These programs will scan your system for viruses and Trojan horses and delete or repair them. There are several products including those by McAfee and Norton (Symantec).