David,
Thanks for your message. I followed the designated site well past June
2000, but I am in no mood to quibble with your version of history.
How do you feel about filtering winsock connections to TCP port 25 in
a way such as would allow the user to confirm that a particular program
could always do so, but would be asked to approve the connection when
programs without prior approval do so? That would take care of the
SirCam strain.
A general winsock version of the tcpwrappers utility might go a long
way, too, but might be subject to other forms of abuse.
Cheers,
James
Date: Sat, 28 Jul 2001 19:33:43 -0700
From: "David Lemson" <dlemson(_at_)Exchange(_dot_)Microsoft(_dot_)com>
The correct solution is to find out who at Microsoft refuses to put
security safeguards on the address book(s) and allows scripts to
fully send messages instead of queueing for approval. I find it
amazing that they haven't implemented such easy fixes in the past
couple of years, after things started getting really bad.
Good news. This exact safeguard has been available as an add-on "patch"
for Outlook 98 and Outlook 2000 since June 2000, and it is built-in to
Outlook XP (aka Outlook 2002, released several months ago). People
using Outlook 98 or 2000 with the patch, or anyone using Outlook XP will
not propagate viruses that run as script within Outlook.
You can read more at:
http://www.microsoft.com/Office/previous/outlook/downloads/security.htm
(related to the patch for Outlook 98 and 2000)
http://www.microsoft.com/Office/it/solutions/security.htm (related to
features in Office XP - information on this feature begins on page 15)
David