Security Scene Errata


http://www.zdnet.com/zdnn/stories/news/0,4586,2568904,00.html

   Microsoft's Outlook: Cloudy security
   Business information technology managers are increasingly at odds with
   how Microsoft reacts to virus attacks.

   By Scott Berinato, Dennis Fisher and Roberta Holland, [50]eWEEK
   UPDATED May 15, 2000 8:54 AM PT [INLINE]

   IT managers and security experts, increasingly cynical and sharply
   critical over virus assaults through Microsoft Corp.'s Outlook e-mail
   client, are questioning not only Microsoft's technology but also its
   reaction to the latest attacks. 

   [snip...]
   
   Microsoft: Customers want scripting
   Microsoft officials maintain that the scripting code is a feature
   users desire.
   
   "Customers have asked Microsoft to include this functionality in its
   products because of the increased flexibility, customizability and
   extensibility scripting can provide," said Microsoft Office Product
   Manager Lisa Gurry via e-mail. "Every operating system is capable of
   running scripts, and viruses can be written for any application or
   platform."

[This is an odd claim. Consider the amount of viruses found on Unix
platforms or mainframe OSs. Virtually none! Yes, every OS can run scripts, 
but Microsoft makes it exceptionally easy to run them (or runs them automatically
in some cases), without consideration that they may be harmful.]
   
   Microsoft executives refused to acknowledge that Outlook was the
   specific target of both Melissa and ILOVEYOU. Chairman Bill Gates
   chose to make light of the situation in his N+I keynote. "Recently
   I've been getting a lot of mail that says 'I love you,'" Gates joked.
   But he made no further references to the virus while talking about the
   need for users to improve their security measures.
   
   Still, a massive overhaul of e-mail clients is unlikely in the face of
   the Love bug, for a variety of reasons, including a need to retrain
   users and the heavy financial investments in Microsoft products.
   
   "(Outlook) is definitely susceptible (to attacks), but I don't think
   this was a big-enough scare to have a company meeting and say we need
   a change," MyHelpdesk's Miller said.

[If the 8 BILLION dollars in alleged damages isn't enough, what is?]