REDMOND, Wash., May 15, 2000 — Microsoft Corp. furthered its commitment to computer security today with the announcement of the Outlook® Email Security Update, a significant security enhancement to the Microsoft® Outlook messaging and collaboration client designed to thwart the spread and impact of many computer viruses – including those similar to the recent
“I Love You”
and
“Melissa”
viruses. This update limits certain functionality within Outlook to provide a significantly improved level of security for Outlook users. The new security enhancement will be available to download free of charge from the Office Update Web site ( http://officeupdate.microsoft.com/ ) the week of May 22, 2000.
“Given the global impact of the I Love You virus and the growing threat of malicious hackers, we strongly believe we must take the unprecedented step of limiting certain popular functionality in Outlook to provide a significant, additional security option for our customers,”
said Steven Sinofsky, senior vice president of Microsoft Office at Microsoft.
“While this new security enhancement won’t eliminate the threat of viruses, we believe it can greatly help eradicate the damaging class of viruses that have resulted in the I Love You and Melissa viruses. We strongly recommend that customers download this update to help safeguard against these types of viruses.”
Industry security experts at national security centers and at antivirus software vendors laud Microsoft for providing additional protection against many of the viruses that have become an industrywide problem for computer and software makers.
“The battle against hackers and virus writers will not be won overnight, but Microsoft’s update to Outlook is a great step in the right direction. The new security enhancements seem to set a new high bar for security in e-mail programs. We encourage other e-mail products to follow Microsoft’s lead,”
said Peter Tippett, chief scientist at ICSA.net.
“Customers can protect themselves by installing these kinds of updates, ensuring they have the latest antivirus protection, and by using services that assure they have effective operational security.”
Security Solution Provides Significant Security Enhancements
By design, Outlook is a flexible and extensible product that millions of customers rely on everyday. Organizations and industry partners have created thousands of custom solutions due to the extensible architecture of Outlook. However, all software products must carefully balance security and functionality, and in today’s growing environment of cyber-terrorism, Microsoft believes that stronger security options should be built into Outlook for all customers. The Outlook Email Security Update limits some of the flexibility and functionality of Outlook, but provides a powerful security safeguard when combined with previous Office security features, protections provided by antivirus software, and safer computing practices by individuals.
The Outlook Email Security Update will offer the following security enhancements:
-
E-mail attachment security prevents users from accessing several file types when sent as e-mail attachments. Impacted file types include executables, batch files and other file types that contain executable code often used by malicious hackers to spread viruses.
-
Object Model Guard prompts customers with a dialog box when an external program attempts to access their Outlook address book or send e-mail on their behalf, which is how insidious viruses such as I Love You spread.
-
Heightened Outlook default security settings increase the default Internet security zone setting within Outlook from
“trusted”
to
“restricted.” The restricted zone disables most automatic scripting and ActiveX® Controls from opening without the user’s permission. Users who prefer less security can easily change their Outlook settings to trusted zone.
These security enhancements will be offered to Outlook 98 and Outlook 2000 customers. Customers who are using Outlook 2000 will need to download Service Release 1 (SR-1) prior to installing the update. SR-1 contains additional security provisions that provide the highest level of security for Office users. Nearly 1 million Office 2000 customers have already downloaded the SR-1 update in its first eight weeks of availability. The SR-1 update is also available free of charge from the Office Update Web site (connect time fees map apply).
The security enhancements in the Outlook Email Security Update build upon the security improvements in Office 2000, as well as previous versions of Outlook. Today, the Outlook 2000 Email Attachment Security Update provides an explicit warning in the dialog box when attachments such as executables are opened and forces users to save these attachments to their hard drive before opening them. Other Office 2000 security improvements allow for automatic disabling of unsigned macros, digital security signatures for macros and increased e-mail encryption protections.
Founded in 1975, Microsoft (Nasdaq
“MSFT”
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software – any time, any place and on any device.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.
