Vulnerability in Outlook...

GoPC · 03-23-2006, 03:55 PM

I read some time ago, back in the Win98 days, that MS Outlook had massive shared vulernatbilities in the program allowing hackers to gain access to critical windows files through these vulnerabilities.

I had also read a statistic that states 95% of the worlds virus programs were written to take advantages of the shared file attributes inherant withing windows including the Outlook vulernability.

For that reason, I have ALWAYS used Netscape because Netscape has NO shared permissions within Windows... even today.

So here's the question... Is that STILL the case? Did XP fix those vulerabilities or did they just bury them a bit deeper behind the new firewalls and other XP fustrations, but not eliminate it?

I still use Netscape and avidly share with people the FACT that I have never, once been hit by a virus. Partially, I'm sure, due to the constant use of NOD32 but also because Netscape's inability to take advantage of Windows shared file environment.

Any thoughts on this? I don't know if there even IS and answer but it would be nice to know that MS actually did something about these problems outside of SP2 and a few hotfixes.

GoPC

**Lyte** · 03-23-2006, 05:36 PM

Hey GoPC,

I recall some service packs I downloaded sometime ago related to this issue. Here's what I found on MSN...

http://www.microsoft.com/technet/sec.../MS04-009.mspx

http://www.microsoft.com/technet/sec.../ms06-003.mspx

There's an update function in Microsoft... click Start, Programs and then Microsoft Update. A new browser will open up and you'll be prompted to "Check to see if you need updates for Windows, your programs, your hardware or your devices."

There's a similar update for Windows too... click Start, Programs and then Windows Update. A new browser will open up and you'll be prompted to "Check to see if you need updates for Windows, your programs, your hardware or your devices."

There's an auto update feature too which when you do the manual update it will prompt you to turn the auto version on. This a good thing so you don't miss out on important security updates.

Lyte

GoPC · 03-23-2006, 07:32 PM

Ah yes, but that will download SP2 onto your machine if you've not already installed it.

And if you HAVEN'T installed SP2... DON'T DO IT!!!

The only time a successful install of SP2 is possible is with a fresh install of XP. If you've put anything on your PC and then install SP2, your machine will die a slow on unavoidable death only to be saved by UNinstalling SP2 the hardway or just wiping the drive and starting over.

The problem with using windows update is that it will automatically install the updates it feels are needed... including Service Pack 2 (the eveil spawn of satan himself).

So I and many like me, have TURNED OFF the updates.

that being said, I don't see any of those updates resovling the shared file issues in Outlook except to try and put a better firewall on board to make getting to outlook harder to begin with.

The problem is, if you open an infected or trojan email that is engineered to exploit outlook, you're screwed anyway... it's attacking from within and a firewall is pretty much useless at that point.

Let's review the stats

95% of all viruses are designed to use Outlook as the entry point... which is to say, that only 5% of the worlds viruses will even attempt to infect Netscape. So why use Outlook and increase the odds of an attack?

I'd like to see some assurance from MS that these issues are being handled better than with "more strict security protocols".

Quit putting a bandaid on it and just fix the problem.

GoPC

**Lyte** · 03-23-2006, 07:43 PM

I thought that the majority of viruses came via Internet Explorer. Where did you get 95%?

I've always used Outlook and Auto Updates. I've gotten a couple spyware and adware but never a virus. I'll have to read futher on this! Do you have any links regarding this issue?

"If you've put anything on your PC ... " What do you mean by anything??

Thanks!

Lyte

firestorm · 03-27-2006, 08:38 PM

Yea, dont install SP2, way to many restrictions on the comp to give Gates even more control and I just don't like it all that much. I don't even touch outlook anymore. I check my mail on linux with Kmail and other cool stuff like that and have a gmail acct that is awesome. Just stay away from IE and Outlook as well as SP2 and your set. Heck, just stay away from Windows lol.

GoPC · 03-27-2006, 09:17 PM

Quote:

Originally Posted by Lyte

What do you mean by anything??

I mean ANYTHING!!!

Think through the process...

You buy a new hard drive.

Install said drive in your PC

Install Windows.

STOP - RIGHT HERE - This is where you install SP2 before ANYTHING - If you must!!!

That's what I mean by "before you install anything". LOL!!!

GoPC

**Lyte** · 03-28-2006, 01:14 AM

Well, this is odd cuz I'm reading over on the malware/virus prevention sites that one should always have the most recent security updates.

Lyte

GoPC · 03-28-2006, 09:41 AM

It's nothing more than good intentions versus really bad software bugs.

SP2 has a serious software flaw... that's really the point. Having the latest stuff IS important but when it destoys your OS, it's useless anyway. In fact, I would venture to say that SP2 has caused me more grief than any virus or sofware malfunction that I have ever had.

I'm not saying DON'T install SP2... just don't do it if you have ANY data on your machine that you ever want to see again. Because it will eventually crash your machine and you WILL have to wipe the drive and install windows again.

A CLEAN drive... that's the only wat to install SP2. Fresh copy of windows, then SP2 and THEN (and only then) any programs or data.

There are versions of XP out there now with SP2 already installed/upgraded on the OS. That's a perfect way to do it.

If your machine is running slower and slower and slower... and startup times are forwever... take a look at your Installed Programs in your Control Panel. Scroll down towards the bottom and look and see if you have installed/upgraded Service Pach 2. 9 times out of 10, you have and 9 time out of 10 UNINSTALLING it will speed up your machine but unfortunately, you can't get it ALL out of there so you will, eventually, still need to clear the drive and start over.

It's sad... but true.

GoPC