NEWS
Microsoft Outlook and Outlook Express have been banned from Cambridge University's Newnham College (in the U.K.) due to the amount of viruses the college has received. The college has 700 users and the impetus for the decision has been put on the Klez virus. So far Newnham's mail servers managed to block 200,000 copies of the infected e-mails, but more time was spent clearing up actual infections on the system.

Computer officer Paul McLaughlin said, "We have banned all users connected to the college network from using Outlook or Outlook Express on their machines as I am tired of having to allocate resources to clean up virus infections caused." He then added, "We've taken a phased approach: Outlook is banned but not immediately, to give people a chance to change over."

Users are being encouraged to use the Cambridge University-developed Mulberry e-mail program, but the Netscape mail service is also recommended for anyone who wants an Outlook-style interface. Some users have complained that they don't know how to use any other programs, but in this case the security of the network had to come first.

Neil Barrett, Technical Director of Information Risk Management, said, "It's not a great surprise - I'm surprised that more people haven't already taken this step." Barrett also stated that the automatic execution of Java and XML through Outlook is what makes it attractive to virus writers.

Microsoft has yet to comment on the matter. 

Read more at vnunet.
 

MATTHEW'S OPINION
Klez strikes again! It seems this virus just won't go away. If more universities start taking this approach then it could have consequences for Microsoft. Outlook and Outlook Express are the most popular e-mail clients at the moment, but if educational establishments start to ban them students are going to start leaving university favoring different software.

Now there are two potential problems Microsoft has: MSOffice losing users to OpenOffice and less people using Outlook to view their e-mail. Maybe it will at least make Microsoft think about security more in the future.

The article does point out that Outlook is targeted by virus writers due to it being so popular, so if there is a shift in software they will just start targeting whatever else becomes popular.
 

USER COMMENTS 127 comment(s)

Heh ...(10:22am EST Thu May 23 2002) I bet Bill has already sent his hit squad out after Paul McLaughlin. Ol' Billy can't be too happy about this. - by Oz

Yes!!!(10:22am EST Thu May 23 2002) Microsoft's gonna get real nervous about this! Stock's probably gonna drop a few points today just because of it.  MS cannot be the most powerful company forever. Just like IBM, MS *will* cool down to some degree. - by DJ

weakness(10:25am EST Thu May 23 2002) Somebody seriously needs to take advantage of the weakness that MS is showing right now!!! Everytime there's a weakness, there's a chance to compete with MS. Seems like nobody has the guts to put together a big company backed by billions of dollars of Venture Capital to trash Microsoft. Hello somebody??? I guess that will have to be me! - by DJ

This, I have been (10:31am EST Thu May 23 2002) advocating for a couple of years. Microsoft should be found negligent with these horrible-designed pieces of....software. It has got to be the worst in history. Some of their billions should be redistributed to those who have suffered from Outlook's shortcomings. - by UrGeek

What weakness?(10:39am EST Thu May 23 2002) "weakness that MS is showing right now" A bunch of college kids don't know to not open an ".exe" attachment. I've been using outlook for three years now at home and at work and I have as of yet to open a virus--because I exercise a modicum of common sense. Maybe if the sys admin filtered out all attachments with certain extensions (exe, vbs, etc.)the college wouldn't have all those problems. Don't blame MS because people are idiots, blame MS because it underestimates the intelligence of its users - by StEvE

Funny(10:44am EST Thu May 23 2002) Hah-hah! - by Barney-The Simpsons

Higher Education(10:53am EST Thu May 23 2002) why would a place of higher education use such a dumbed-down POS anyway ? They're doing their students a favor, not a dis-service. - by Eyad

Banned, on the run? (11:03am EST Thu May 23 2002) I don't allow it on my home network. We're using IE on the windows machines for browsing, and Netscape for mail. Some small furry animals here may not realise it, but with Outlook or OE you don't HAVE to click an exe. All you have to do to execute a virus in O or OE is view the body of the message in the preview pane. You have no active-x in Netscape or any other email. Only Microsoft would automatically execute a file some stranger sent you. With other clients, you actually have to be ignorant to get a virus, but not microsoft's substandard piece of crap. Of course, some juvinile flamer will say "but they fixed that!" Yeah, they fixed it a hundred times now. Maybe they'll get it right some day. Gates was dead serious about secure computing. Unfortunately, "secure computing" to Gates means Microsoft is secure, not YOUR machine. - by Clippy

"Popular?"(11:06am EST Thu May 23 2002) I guess that depends on how you define it. If you mean, "used more than anything else on Windows systems," then of course they're more popular. Outlook is bundled with MS Office, and Outlook Express is bundled with Windows, so everyone who has Windows OS (which is just about everyone who has ever bought an IBM PC-compatible, thanks to MS's illegal marketing tactics) has (and probably uses) OE. But if you mean "loved more than other mail clients," then Outlook and Outlook Express are probably the least popular. - by Icesnake Frostfyre

re: article(11:11am EST Thu May 23 2002) "Some users have complained that they don't know how to use any other programs" You're at OXFORD... Newnham College, albeit, but OXFORD!? I thought people that got in to Oxford schools were generally smart, even the administrative staff... - by US/UK DualCitizen

Actually...(11:20am EST Thu May 23 2002) They are at Cambridge. Although Newnham is an all girls college... -o - by A Cambridge Student

Actually .... (11:43am EST Thu May 23 2002) ...They are in a small Island called Great Britain. Don't mention it. - by Florida St. student

Bloody Stupid(11:46am EST Thu May 23 2002) What a slap in the face.  Gates has recently given these guys millions of dollars in cash. Poor administrative practice is at fault here.  Outlook is now one of the safest systems out there when run properly. I work for a corporate that has outlook everywhere and we havent been hit by any viruses recently. Clearly Cambridge University has very poor system administrators. - by Purple

So what about Virus Protection (11:47am EST Thu May 23 2002) I work for a very large (15,000 + people) multi national company and we run outlook on our pc's. We use Nortons at the server level so if an E-mail comes in that is infected the server sends the user a messege saying that a file has been deleted because of a virus. Shouldn't schools be doing the same thing? or at least have somethign in place that protects against virus's.  I use outlook at work and at home and have yet to have a problem with a virus. If an E-mail has an attachment i just do not open it. Or if its possibly something interested i scan it first. of course if its a new virus this may not work all the time but i have never ever had a problem with it. Also, is Cambridge really going to check all users computers. Or was this E-mail just about computers that are already connected to the network. If im using a dial up connection from home are they going to ban me from using it at home as well. - by hmmmm

I'm sorry, but this is just another example of lazy network administra (11:48am EST Thu May 23 2002) tors. There's about 3 things you can do to incoming email. 1: You strip it of attachments. 2: You strip it of java. 3: You put it through a set of filters. All of which are easily done. And yes, they did fix all those automatically running stuff problems. But only if you are intelligent enough to click 6 times to use WindowsUpdate.com to update your computer (*cough*). And if the network administrators are going as far as to ban Outlook, then they have proved that they can't manage the network. They have chosen the easy way out, ban Outlook, rather than look up some books on email filtering. What about email servers other than the campus server? Require all students to use campus email only. That's not much of a requirement. It IS a college after all... Separate thing: If you ever get a virus/worm/whatnot, it's your own damn fault. If you're stupid enough to not be able to use Norton Antivirus, TheCleaner, ZoneAlarm, etc to remove the virus/worm/whatnot, then IT'S YOU'RE OWN DAMN FAULT. Don't have money? GET A FREE SCAN. Klez trashed your Norton Antivirus? GO CALL TECH SUPPORT. Network Administrators at Cambridge: If your heads are so thick as to be unable to teach people how to use virus/trojan removal/firewall software, then you deserve to be attacked by Code Red v2. - by True Logic

I was just about to comment on that... (11:48am EST Thu May 23 2002) "Some users have complained that they don't know how to use any other programs" How long does it take a student at one of the top UK universities to learn to use a mail programme? - by Ex-Durham Student

dumb...(11:50am EST Thu May 23 2002) Paul McLaughlin, learn how to do your job first. It is your job to clean up after virii! Banning software of any kind is pure BS, especially free, mainstream business software. Oh wait, use our client instead! What's next? Will Berkley ban Linux & Windows and force students to use BSD or Mac? Sure MS has to get their act together so it doesn't take a dilligent user to ensure your computer isn't one big virus vector. However, McLaughlin is just an unqualified idiot, undeserving of his job, who wants publicity for his school. You can't just go around banning the e-mail client that holds over 75% of the marketshare just because some moron is too lazy to take measures to protect individuals from viruses using conventional techniques that offices use everywhere. - by Steven

Our server got hit by "ramen worms" (11:57am EST Thu May 23 2002) ...so I'm going to ban the internet. Its too difficult to actually read product documentation and patch *NIX servers. Microsoft actually makes me load a webpage to update my server, even more difficult, so I am just going to ban all internet access in our company. That will ensure safety on our network. I'll also remove all floppy, CD, and zip drives from each computer to ensure that no viruses come in through "sneaker-net." I'll have the safest network on the planet.  Can I have a position as a "Computer Officer" at Cambridge too? - by F**kOff

filters ect...(11:58am EST Thu May 23 2002) Why should the sysadmins have to set up filters and virus scanning software just because one email client is poorly designed. Banning outlook is a good idea, and alot easier then trying to keep all the various new exploits of outlook out of the system. Sysadmins have a limited amount of resources and constatnly updating the system to accomodate outlook security holes isn't a good use of their time. - by Fisban

Fisban(12:03pm EST Thu May 23 2002) Updating the system to accomodate security holes is their JOB. It is a REQUIREMENT of their time. Ever look at the work description of a sysadmin? - by True Logic

so..(12:09pm EST Thu May 23 2002) By your logic the university should hve to spend a million or so dollars to cover the security holes that outlook opens? Serverside anti-virus software is not inexpensive and the man hours required to setup and maintain it aren't either. It's the sysadmins job to keep the network working and providing services for it's users, if the best way to do that is to ban a poorl performing program form the network then it's there choice to do so. There job is not clean up after outlook, it's keep the network working. - by Fisban

You obviously(12:12pm EST Thu May 23 2002) have never installed software nowadays have you? - by True Logic

An anology, Fishban.... (12:18pm EST Thu May 23 2002) Internal combustion engines release toxic, carcinogens, like benzene into the air. Internal combustion engines running gasoline are poorly designed, release too much toxic emissions, and deplete valuable nonrewable resources. Gasoline engines are causing cancer in road workers. Lets ban gasoline engines. Lets force drivers to ride electric, hybrid, or ethanol cars to work, especially in crowded urban areas. There is no doubt we would be better off if the government banned gasoline engines, unfortunately 99% of the cars on the road have gasoline engines. We disrupt our automobile culture like that just for the safety of the people we pay to service us. If outlook and outlook express didn't hold the vast majority of the POP client marketshare, this could be a feasible plan. However, making 700 people, who are PAYING YOU to provide network services, switch the tool they depend on dearly is incredibly stupid and would not be tolerated anywhere but a university.  Tell your boss that he has to switch the tool he, and the majority of people in his situation, depend on every day because it is too much work for you to do mainstream procedures which every other company with a highly paid admin is doing and see how long you can keep your job. This isn't news because Outlook sucks. We all know outlook sucks. This is news because some dumbass stepped out of line and screwed everyone using his network because he doesn't want to do extra work. He forgot that he has a job to serve the people, not the other way around. - by Steven

You obviously(12:20pm EST Thu May 23 2002) have never done a cost analyst on software installation and tco. Installation of server software isn't as easy as you think particularily on a large network, it's not like you throw in a cd and watch the wizard walk you through the steps. - by Fisban

Fisban(12:26pm EST Thu May 23 2002) Setup Wizards are standard nowadays for all expensive software. - by True Logic

Steven..(12:28pm EST Thu May 23 2002) Your analogy is irrelevent and inaccurate, and rather ironically wrong. The goverment has banned internal combustion, or at least has begun to. In california for example they are forcing a slow convertion away from gasoline powered vehicles. By your logic ther should be no emmision standards and everyone should be able to pollute as they see fit, or at least as long as the majority of the rest of the people are as well.  The university network is a private network (unlike roads) and they have the right to dictate how it is used and to remove people or programs that abuse the system. I don't think that it's the admin not wanting to do more work, but rather doesn't have the resources to do the work that is neccesary to support outlook. - by Fisban

Hmm...(12:29pm EST Thu May 23 2002) You know, it never fails to amaze me how many "braniacs" are still surfing the Internet with such blissful ignorance. These students are in Cambridge and they STILL can't take the time to do a little background research on the subject of safe Email practices huh? Amazing. Paper smarts is all they have. No clear logic in any one of their heads. Think of it like this, you wouldn't think of driving a car without some kind of background first (ie. lessons, studies, etc)...but these people think that they can just turn on the computer and they know how to work it?? Sad. Ignorance of the details is NO excuse. You don't know...LEARN first! As for the Admin staff there, they should've done more homework -- if they had this might never have happened. They get paid to be on top of things. Drop the donuts and do your jobs! - by Jinx©

True Logic..(12:30pm EST Thu May 23 2002) Have you ever done server installation? Especially on none windows machines? Even if there is a "wizard" to help you through the steps it's not a simple process and setting up the filters ect.. will take considerable time. - by Fisban

Hmm...(12:30pm EST Thu May 23 2002) You know, it never fails to amaze me how many "braniacs" are still surfing the Internet with such blissful ignorance. These students are in Cambridge and they STILL can't take the time to do a little background research on the subject of safe Email practices huh? Amazing. Paper smarts is all they have. No clear logic in any one of their heads. Think of it like this, you wouldn't think of driving a car without some kind of background first (ie. lessons, studies, etc)...but these people think that they can just turn on the computer and they know how to work it?? Sad. Ignorance of the details is NO excuse. You don't know...LEARN first! As for the Admin staff there, they should've done more homework -- if they had this might never have happened. They get paid to be on top of things. Drop the donuts and do your jobs! - by Jinx©

Please, someone build an email client (12:30pm EST Thu May 23 2002) with an antivirus, file attachment analyzer, and a file attachment zipper. - by mad as hell

And there is a reason Cambridge (12:32pm EST Thu May 23 2002) would use *nix/*BSD on servers with Windows Clients? - by True Logic

Good News(12:33pm EST Thu May 23 2002) The English are a lot smarter than the Americans, they realized Outlook is a piece of insecure crap and chose to BAN the Junk. Now if only the U.S. would wake up and also BAN this and other MicroSoft Junk maybe the computer industry could clean its self up. - by WhackedOut

MS anyone?(12:33pm EST Thu May 23 2002) I tried OpenOffice eagerly when it came out but do not think it is serious competition to MS Office. I actually uninstalled it after a few days and do not plan to use it at my firm. But what the hell has XML to do with security holes and scripting? Anyway, don't think Outlook is worth apad (a patch a day). - by jac

The real problem (12:46pm EST Thu May 23 2002) I agree that some of the problem is bad administration and itchy clicking fingers. With novice users that don't care about the network or that try to get on every spam list, I suppose you may have to do something that drastic. Even Outlook can easily be configured to block virus like attachments. I suppose if I was in charge of a network like that I would prbly make everyone use hotmail or something like that. Too bad functionality sucks on most of those email programs. - by Hak

True Logic...(12:59pm EST Thu May 23 2002) ...you are SO wrong. There is no reason to put up with the abuse from Microsoft Outlook. No other product has had so many updates, so many holes, and I venture to speculate, so many holes yet to be found. There are soooo many better email programs in the world (all of the others!), that in my personal view, any system admin worth her salt would strongly recommend to management to use an alternative. - by UrGeek

Oultook Security Update (1:11pm EST Thu May 23 2002) at my office I've installed/mandated the Outlook security update. when a new virus hits, it arrives on my network at around 10am PST. IT gets through all the virus definitions on the exchange server and on the client workstation. BUT Outlook with th security update does not allow the user to open any attachment that COULD contain a virus. It relies on stopping EXE, PIF, SCR etc. So even if my virus definitions are not up to date the Security Update will stop it. Since the update we have had no issues. I also roll out all the Microsoft updates to the clients (weekly now) - by JimboJim

Updates..(1:16pm EST Thu May 23 2002) work fine in a corporate enviroment where you have control over all the clients, but at a university where you can't update the clients it doesn't help at all. People are using email protocols to connect and they aren't connecting to an exchange server at all so the problem remains. - by Fisban

Oh Come On...(1:23pm EST Thu May 23 2002) >>> if educational establishments start to ban them students are going to start leaving university favoring different software. I doubt very much that students will reject a college based on the e-mail client in use. >>> Now there are two potential problems Microsoft has: MSOffice losing users to OpenOffice and less people using Outlook to view their e-mail. I use OpenOffice on my cheap laptop that came with Lotus. Although more compatible with MS than Lotus, it still fails to translate WP and spreadsheets very well. Anything I need to share with others has to be fixed in Excel or WP first. Not very productive. In addition, OO apps lack some fundamental features that serious Office users use every day. It's fine for people with very simple needs but most businesses will still need Office to get their work done. This school tried the Netscape Mail route. A large telecom around here that I contracted with also used it. It was AWFUL and, in true Netscape tradition, buggy and crash-happy. Maybe the Cambridge homegrown system is fine, but how many schools have the resourses to develop basic apps in-house? One college admin demanding the banning of Outlook doesn't change the computer industry. I got it! Let's strip all potential hacker features from mail systems. Hey, let's all go back to paper and ink for all corrospondance! That would solve the problem of computer viruses. Oops... I forgot about Anthrax. I don't have time to clean up anthrax, this school is immediately banning all postal mail and packages. - by LOL

Not just outlook people like (1:41pm EST Thu May 23 2002) You are forgetting that many people like to use outlook as it connects well with the other microsoft products. I have not seen many softwares that deal with business contact info as well as outlook, it stores lots of relevant information on clients or leads. Only ACT does more but that is a different story. These guys seem a tad lazy to me, better to put some time into educating the students on what not to open... - by Jack

Change to Netscape 6 or 7 beta, or use linux (1:41pm EST Thu May 23 2002) We used Netscape in my previous job. We never got infected or spread any email virus. Our other office which standardized on Microsoft Outlook/Outlook Express were the source of our email virus. Using Linux is a better option. It is harder to spread email viruses because there are no standard emailers or PIMs. There are several emailers and PIMs to choose from. Windows virus does nothing on Linux boxes. Linux viruses are very hard to spread. Even if you download a Linux virus, you have to change the execution bit to run it. (Why would you do that? If you did it would do damage to the user account not the root account.) - by Hate WinXP Crashing

Oddly enough.(1:43pm EST Thu May 23 2002) 20% of broadband users only use an email client. I don't know about dialup, but I can check with the worldcom people & probably find out the #s are even higher(price/performance). We complain about users not being able to renew ips but there are many users with much less skills. I like mail clients, & setup is easier than server install. I think that user education is most important. Users need to know whats ok & whats not, & if they don't then services need to be removed. It is the net admins job to setup & run mail, but by the same token, it's his job to decide what apps to allow. - by tech

Steven(1:52pm EST Thu May 23 2002) OK, I lied, ONE post today... Your analogy with the cars would be a good one if cars were free and throwing them away didn't cause its own pollution and landfill problems. However, cars cost tens of thousands of dollars and disposing of them costs thousands more in both cash and environmental damage. Changing browsers is a no brainer. It doesn't cost anybody anything, but it DOES make it a lot harder to infect an individual machine. Get rid of Word and Outlook (express) and 90% of your security problems go away. Firewalls, antivirus, and common sense takes care of the rest. Any more /sm posts today will not be mine. The other "/sm"s can go to planetcrap.com if you want to play games. The fellows over there will make short work of them. - by /sm

Re: Jack(2:12pm EST Thu May 23 2002) "I have not seen many softwares that deal with business contact info as well as outlook, it stores lots of relevant information on clients or leads" Netscape 4.79 has business contact/calendar info also and provides tools to synchronize with your palm. - by netscape user

In retaliation against Cambridge... (2:16pm EST Thu May 23 2002) http://www.newscientist.com/news/ne ws.jsp?id=ns99992311- by New Scientist

Ignorant People (2:56pm EST Thu May 23 2002) Apparently some of you people don't catch the jist of the problem... They could have e-mail filtering already in place. How else would they find all of the viruses on their campus? Besides, even if they didn't have anything for cleaning viruses and filtering e-mails at the server side, there is a lot of overhead and costs in putting something like that in place. That sort of thing doesn't just run on your everyday home PC. Obviously they can't strip off the attachments, and java, and all that sort of thing. That basically defeats the purpose of using e-mail most of the time. Perhaps banning Outlook from the campus is a little extreme, but it will fix the problem. Outlook clearly has a lot of bugs that have yet to be worked out, and people who disagree are wrong. I've used a number of e-mail clients, but because of all the problems that have been associated with Outlook in the past, and even now, I have never used, and will never use that application. - by SysAdmin

overhead and costs in putting something like that in place (3:50pm EST Thu May 23 2002) My work just got a quote for $205 for five systmantec (I think that's how you spell it) antivirus licenses for servers (that's for five, not each). If that's expensive for you, then I would hate to see your home setup. You can also set almost every antivirus software to automatically update ever day, hour or minute if you want. - by Art Spiegel

Art again(3:51pm EST Thu May 23 2002) Symantec...sorry, I couldn't think of it until I read the email. - by Art

how/(4:02pm EST Thu May 23 2002) How are they ever goin to block people from using outlook on their own computer? - by confused

I hate viruses(4:03pm EST Thu May 23 2002) if every one switched to nescape people will write viruses for that, and then microsofts outlook will be the viruse free one. - by duh

confused(4:06pm EST Thu May 23 2002) Easy, the users are clueless about security or they would have a different mail client. All the admin has to do is look on their hard drives. The login script pobably gives him a door into every PC on campus. - by Not Confused At All

Art.(4:09pm EST Thu May 23 2002) My home setup cost me $0(USD). Thanks to WinMX.  - by Thankyou WinMX

Right(4:12pm EST Thu May 23 2002) Blame MS for user stupidity.  It's a very simple concept: don't execute a program unless you know exactly what it is. Whether it's through email or an IM, delete it or scan it for viruses. However, I can't blame the universities/colleges for *trying* to protect themselves from stupid users (although it's not entirely the fault of MS). I don't see how it will stop anything though ... people can still spread viruses through Netscape, IRC, ICQ, AIM, MSN, floppies, CDs, etc, etc, etc. Besides, can't administratos filter these things? I think they should go one step further, though. Ban computers completely. That way, non of their stupid users can damage their precise network. - by Never had a virus

Not so..(4:19pm EST Thu May 23 2002) ""I thought people that got in to Oxford schools were generally smart, even the administrative staff..."" Book smart doesnt mean that a person is everyday smart. Just means they are academically agressive people.  - by jv

Thankyou WinMX (4:32pm EST Thu May 23 2002) Word. I am a kazaa man myself. I wouldn't suggest stealing your antivirus software though...but if a fucking ivy league school can't get off of $1,000 for anti virus protection...then they deserve to be take down every day. - by Art

One last point (4:36pm EST Thu May 23 2002) As an AIX system administrator for IBM, it is not my responsibility to scan user data for viruses. If they somehow get a virus on their machine, I could really care less. The problem with Outlook is that it doesn't stop there. Outlook with all it's extra links into other microsoft software has lots of holes that lets it spread the viruses to other machines without the user even knowing. This is all fine with me, as long as it doesn't come back to the servers in any form. The administrators are trying to protect their servers. They could probably care less about the student machines. Also, in response the post by Art Spiegel, the licensing fees are the least of their problems. Don't you think you would need a server to run all that on? If it's a large campus, e-mail can be a pretty large process, so scanning every piece in addition to processing user requests is a lot of overhead, and would need a pretty significant machine to do all that. If they're running this off of a mainframe system, they could probably handle it, but software licensing for a mainframe is a little higher than your $200 estimate. - by SysAdmin

One step further, jv (5:14pm EST Thu May 23 2002) "Book smart doesnt mean that a person is everyday smart. Just means they are academically agressive people." And "book smart", or even "everyday smart", doesn't mean that a person is computer literate. - by bakkacha

POP(3) Quiz(5:20pm EST Thu May 23 2002) "Some users have complained that they don't know how to use any other programs" OK, I'll let the support staff off on this, HOWEVER... For faculty: This is your overnight assignment. Download, install and upgrade Eudora. Learn to use each and every feature of the full version, if any, of Eudora. Read all documentation and Help Files. Your Outlook will be un-installed at Midnight, leaving only your mailboxes behind. The test will be practical and didactic and comprise 80 percent of your course grade.  You may begin... - by DeafDude

To check client (and more) (7:52pm EST Thu May 23 2002) I believe there is info in the header stating that mail was written in outlook. If I am correct, the sysadmin can have the SMTP server reject outlook generated messages. They cannot check your computer if you configured it correctly, but they can just block your messages. One issue I have here is that the jerk-off in question is getting paid to support these students by tuition and probably taxpayer money (even private schools get tons of grants and gov. funds). If you own a company, it is your right to say: "If you want to work for me, you can't run Outlook."  I wouldn't get enraged if a company did that. I am getting enraged because this moron is getting paid by the users to provide a service. He is not working for the one paying them. He is working for them.  /sm, In regards to the car/e-mail analogy, although my analogy wasn't the greatest, the fact remains: If you forced people to switch engines in their cars, you would have numerous problems from ignorant mechanics to a lack of gas stations for your alternative energy vehicles. It is disasterous to force a large number of people to switch the method of which they accomplish a critical task. It would be tolerable to make a small percentage switch to the mainstream choice, but to block the mainstream choice with few good alternatives is a stupid idea. - by Steven

Netscape....(7:57pm EST Thu May 23 2002) I used Netscape e-mail for many years. Do not use it unless you are stupid and LOVE losing information. Netscape 4.x was the worst written client in history. I lost lots of half-written messages when my browser would routinely crash.  Outlook is a business-grade tool. Netscape e-mail is a toy. I used to love Eudora, but I wouldn't depend on them too much. The problem here is that only one company is making money off e-mail clients (unless you count proprietary systems like Lotus) and that's MS.  Oh well, its not my problem. I don't attend that University. Let the students deal with their idiot network admins. My school's admins were idiots and jerks also. - by Steven

Hmm...(1:12am EST Fri May 24 2002) You know, it never fails to amaze me how many "braniacs" are still surfing the Internet with such blissful ignorance. These students are in Cambridge and they STILL can't take the time to do a little background research on the subject of safe Email practices huh? Amazing. Paper smarts is all they have. No clear logic in any one of their heads. Think of it like this, you wouldn't think of driving a car without some kind of background first (ie. lessons, studies, etc)...but these people think that they can just turn on the computer and they know how to work it?? Sad. Ignorance of the details is NO excuse. You don't know...LEARN first! As for the Admin staff there, they should've done more homework -- if they had this might never have happened. They get paid to be on top of things. Drop the donuts and do your jobs! - by Jinx©

Hmm...(1:12am EST Fri May 24 2002) You know, it never fails to amaze me how many "braniacs" are still surfing the Internet with such blissful ignorance. These students are in Cambridge and they STILL can't take the time to do a little background research on the subject of safe Email practices huh? Amazing. Paper smarts is all they have. No clear logic in any one of their heads. Think of it like this, you wouldn't think of driving a car without some kind of background first (ie. lessons, studies, etc)...but these people think that they can just turn on the computer and they know how to work it?? Sad. Ignorance of the details is NO excuse. You don't know...LEARN first! As for the Admin staff there, they should've done more homework -- if they had this might never have happened. They get paid to be on top of things. Drop the donuts and do your jobs! - by Jinx

I like it(4:09am EST Fri May 24 2002) The university students don't care, especially the non-technology students like buisness majors. I ran across a lot of them when I was at the Uni and most of there attitudes was that they would hire someone to handle 'that'. I know, extrememly naive of them but it is a common attitude until they actually start working.  Then for all the people who keep trying to beat a dead horse on the issue that the admin needs to do the patches. Get off of it. They can also decide (very often they do have the authority to decide What will be run) to install other versions of software. They decided for a different software solution. Namely, quit trying to repeatedly fix the problem and eliminate the problem. I approve. - by tom

a logical solutions is to (4:41am EST Fri May 24 2002) get rid of the user, yeap, that dreaded PITA. People who want to use a computer, must EARN that privilaged right. - by BOFH

Whiners(7:32am EST Fri May 24 2002) "But I don't know how to use any other e-mail clients" It's called a College so LEARN - by Lord Naughtius

Outlook(7:38am EST Fri May 24 2002) I want an email client which: a) is free b) allows me to leave selected messages on my ISP's computer automatically (via filters) I don't want the headers, I don't want to read the mail remotely, I just want to leave specific messages behind based on addressee/subject line. c) allows me to drag emails to disk, then drag them back into another copy of the program WITH the attachments enclosed.  Outlook express does all three. I'd like to use something other than Outlook because it's the best virus launcher known to man but I don't want to download two dozen email clients just to perhaps find one which may do what I want after several hours mucking about. Oh, and if you use Tiny Personal Firewall to block off Outlook's access to your HTTP port you don't get pics in your html spam -) - by Spacejock

That's a stretch (8:20am EST Fri May 24 2002) Do you actually think that there's a possibility students would leave Cambridge because they can't use Outlook? Your opinion snippets are usually pretty insightful. But you really missed the mark with that one. - by Bill T.

Lazy users(8:38am EST Fri May 24 2002) Surely all users having up-to-date anti-virus software will nip most of the problems in the bud. In this case the Cambridge students have no excuse, as the university has a licence for them all to install norton anti-virus....they even provide a step-by-step idiots guide to setting it up properly, including the auto-update feature. This is provided by the university computing service (which provides the network infrastructure and services which the college networks plug into), so doesn't affect the budget/time/etc of the college sysadmin at all. AFAIK the college sysadmin only sorts the network inside his college, up to the router to the university backbone, a small college web server and any issues with computers connected to the network within college (hence it's a pretty big part of his job). I am at a different Cambridge college, where we have actively encouraged all students to install this anti-virus software, and we've had no problems. Oh, and I believe the statement "Newnham's mail servers managed to block 200,000 copies of the infected e-mails" is misleading, as all the student e-mail accounts are delt with on a univserity-wide server (with proper filters, which only felt any real strain from klez during the 2 days after students returned from the vacation) - if Newnham have their own mail server, it shouldn't be dealing with student mail accounts. Admittedly virus clean up would be the responsibility of the college sysadmin - although recruiting a few student volunteers has worked very well for such tasks in my college (Emmanuel if you're wondering), and thus allowing our sysadmin to stop grouching about it. - by cambridge student 2

Steven(10:07am EST Fri May 24 2002) "They cannot check your computer if you configured it correctly" These are USERS, Steve. 90% probably have file and pring sharing enabled with no machine password. - by Chromedome

Steven(10:15am EST Fri May 24 2002) "It is disasterous to force a large number of people to switch the method of which they accomplish a critical task. It would be tolerable to make a small percentage switch to the mainstream choice, but to block the mainstream choice with few good alternatives is a stupid idea." If you were talking about, say, switching from Excel to Lotus I'd agree with you. However, a mail client is a mail client. It doesn't take any training or disruption to learn one. The mainstream choice is just a BAD choice. The sysadmin, if he has upper management's blessing (as I'm sure this lady does), has every right to tell users what they can and cannot connect to the network he must maintain. In short, imo he has every right (and likely responsibility) to say "if you use outlook, use AOL, because you ain't gettion' in OUR network with that virus vector." - by /sm

/sm, that is where we differ... (10:50am EST Fri May 24 2002) I don't think this guy has the right. He is a paid employee of the students. It is not the employee's job to boss around those who pay him. These students don't have the ability to fire him for this. If I mouthed off to my clients and said "don't write your web content in Word because it is too difficult to efficiently translate into clean HTML", they would fire me. They wouldn't switch their business procedures, they would switch their engineer. This jackass is exploiting his role and doing inappropriate things that he should be fired for. If the students could fire him, I wouldn't care, but this man has no accountability to the people he inconveniences. There are a dozen ways to prevent virii on a network. Removing outlook may be the most effective way, but in this case, it is not the best for the students that are paying to use this network.  The students should have the right to use THEIR network (not his) in ways THEY deem appropriate (not him). - by Steven

Portland Oregan Schools switching to Linux (11:01am EST Fri May 24 2002) "By September, Portland (Oregon) schools will have opened 16 new Linux-terminal computer labs at a cost of $240,000, half of what those labs would cost if outfitted with the usual Microsoft trappings. " For schools, it's Microsoft's way or the free way http://www.oregonlive.com/news/oreg onian/steve_duin/index.ssf?/xml/sto ry.ssf/html_standard.xsl?/base/news /1021982499141752.xml- by Linux guy

Good, Linux Guy (11:40am EST Fri May 24 2002) I think it's good that students learn about different operating systems, expecially if they want to go into the computer field as a profession. It's not a totally Microsoft world out there! Especially if a student wants to do something like engineering, scientific research (astronomy, biomedical, etc.) or math modeling and operations research. For these fields you MUST know UNIX. - by Broad Horizons

Retards(11:52am EST Fri May 24 2002) Let's face it. Many viri target Outlook. If a considerable amount of time is spent fighting infections, then it makes sense to discourage its use. I don't know how effectively they can limit Outlooks use. Blocking attachemnts only work if the users aren't receiving email from alternate sources (external email servers, hotmail ect) In the end OUTLOOK IS A SECURITY CONCERN! Until they fix outlook and suggest that everyone find a better alternative. - by Pissed-Off

to Steven(11:55am EST Fri May 24 2002) The schools network resources are the University's property. Consequently they have every right to set policy. if it costs them more to maintain, then tuition will rise to cover yhe added costs!!! - by Make MS fix it

oh great(12:19pm EST Fri May 24 2002) you must all use PINE now!!! muhahahahahah - by BenTheWorm

Oops(12:19pm EST Fri May 24 2002) Apologies to all in this thread...it seems as though my messages DID get through (although it kept sending me to a 'shock error' screen when I tried). Sorry. Now, onto the subject. Everybody seems to be missing the point here. To ban or not to ban...that is the question. Outlook's been banned and that's that. The Admin staff has already answered for this error in judgement by now, I'm sure. The students are in a foam because now they can't use their favorite mail program. What to do? Move on. Simple as that. The students are in the wrong for being ignorant of the Email 'world', and all its hazards. The Admin staff is in the wrong for not having the IQ themselves for plugging the holes before they had a chance to be exploited. With the abundance of free Email providers, finding an alternative should be no problem. You can't retrieve POP accounts with it? Too bad...guess that means you have to cut down on how many you have then huh...simple logic. - by Jinx©

Stevens..(2:19pm EST Fri May 24 2002) Using the internet is a privledge, the students are customers and if they don't like it they can leave, but really is the inconvienience worth leaving over? Not likely. By your logic if a student was running a spamming service from his account he shoule be allowed to do so as it's THEIR network. This is of course wrong as it's the universities network, now if the network were run by the student's union or something then maybe you would be making some sense. As to saying he's not accountable, that's not true he's accountable to his superiors, who obviously didn't have a problem with his decision. Outlook does no more of less then most other email clients when in a non corporate enviroment. Most of outlooks advanced "features" require an exchange server so changing to another email client is only a minor difficulty.  To use the car analogy if there were one brand of car that kept loosing control and crashing into buildings the university could (and should) ban the use of the cars on the universities roads. It's not the universities job to set up baricades all over the road just to accomodate a poor brand of cars. - by Fisban

Steven(3:19pm EST Fri May 24 2002) "He is a paid employee of the students" NO, he is a paid employee of the UNIVERSITY. Big difference thare. I agree if he doesn't have the board of regents (or whoever) he's out of line, but my guess is they're backing him on this. "If I mouthed off to my clients and said 'don't write your web content in Word because it is too difficult to efficiently translate into clean HTML, they would fire me" Very likely, if you put it to them like that. However, if you made the suggestion that Word's difficulty would make it more expensive for them but you would use whatever they wanted, your job would be safe. Again, the admin doesn't report to or work for the students. He is employed by the school and answers to the University president and likely others, but not the students. "this man has no accountability to the people he inconveniences" Well, I get annoyed by MS products all the time. I am to a microsoft employee what a student is to this guy. The microsoft employee is only bholden to me in the most roundabout way. It isn't his network OR the students' network. It is the University's network. - by /sm

oops sorry(3:24pm EST Fri May 24 2002) looks like fisban already said it - by /sm

retarded idiots (3:53pm EST Fri May 24 2002) Its truley amazing. Everytime Microsoft is in the news, you idiots waste everyones time complaining about Microsoft, how they suck, how you hate them, and how everything else is better. With no real proof, evidence or insite of what you are saying. Talk about loopholes, your falsified facts have loopholes. Clippy, UrGeek, and especially you, Fishhead, I think your brains need a Inteligent update or patch. Clippy, what are you talking about, I've never seen a virus yet that you don't have to click on to activiate it. Fishhead - so your saying that if we get ride of outlook, we will no longer need an antivirus solution. Great, we can sell it, and it's liscenses and by something else. And what about not being able to update the clients at universities. Why, are all the computers stand alones? All having their own ISP's for email, seems rather expensive to me.  Sysadmin - "Outlook with all it's extra links into other microsoft software has lots of holes that lets it spread the virses to other machines". What? You sound like microsoft is at fault. Lets remember, they didn't write the virus, some cynical asshole like yourself, did. Did you write the virus? If this world class university bans outlook, whats next, the internet, floppy disks.  We have outlook and have no problems. We update our antivirus software daily and have no problems. This crap about manhours and overhead is bullshit. It takes 30 seconds to update our antivirus software. When users login, they are automatically updated. Filters are not that big a deal either, quite simple to set the email serve to not exept attachments with the .vbs or .scr extension. The point is that if you aren't prepared for common problems like virus's, regardless of your platform its your own fault. Not microsofts, not Billy, just you or your sys admin. - by Tron

Tron(4:38pm EST Fri May 24 2002) From Microsoft's own site http://www.microsoft.com/technet/tr eeview/default.asp?url=/technet/sec urity/bulletin/MS01-020.asp "Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail." What was that you were saying about intelligence? Read 'em and weep, pal. - by Clippy

Close, Fishban....(4:59pm EST Fri May 24 2002) "By your logic if a student was running a spamming service from his account he shoule be allowed to do so as it's THEIR network." "their" is plural. Running a spamming service would piss of a lot of people. How many students really want outlook BANNED? I don't think this is the choice of the students or even in their best interests. Again, this is to save some jackass from doing things in a little more difficult way. BTW, it this guy is salaried, it is unlikely to cost the University much of anything. Filtering strategies are not so labor intensive that they would require the University to hire. It means that the jackass would just have to learn how to use another product or a more advanced mail server. - by Steven

good(5:04pm EST Fri May 24 2002) proof. Thats what I am talking about, give me evidence. Thank you. However, in the same article is the link to download the patch to fix it. Do you think they wanted this to happen, you make it sound like they did, and should thus never be used. - by Tron

Re: Tron(6:48pm EST Fri May 24 2002) "If this world class university bans outlook" If the Portland School goes to linux in the previous post, the school board will save money and spread less email virus and tax payers will save by not spending the Microsoft tax - by Hate WinXP Crashing

Re: StEvE, 5th post. (10:23am EST Sat May 25 2002) ..er, you mean Microsoft OVERESTIMATES the inetelligence of its users?...But you are right all through. - by Crosswind

Darn it...(5:24pm EST Sat May 25 2002) Why the hell are they running that Windows shit anyway? Microsoft Outlook is a highly-functional pile of turd (with as many problems as it has functions), Outlook Express is far superior to Outlook (having less functionality), but it's still crap and too open to exploitation. I gave up Windows completely and now run Linux. Outlook 97 was shit, Outlook 2000 was improved shit, I always used to run Outlook Express. P.S. Steven, there's some major brown-nosing toward the anus of Microsoft spoutin' out of you. Are you related to Outlook or somethin'? Hell dude, it's shit!!! Bugs, bugs, bugs, bugs, bugs. It was by the grace of Microsoft producing shit that I was saved by the Penguin. Anyway, I guess I'll let you get back to patching your Windows box, then patching it again because the latest Microsoft patch doesn't work, then patching it again because IE or Outlook Express has another flaw... etc. :) - by Fuckin' Bastard Bob

Geek Commentators(8:03pm EST Sat May 25 2002) You know who is a fucking queer, that idiot Rob who does that opinion thing in the bottom of some stories. This fucken shitty ass website has some of the least news worthy headlines I have ever seen. This is my first time here and this is my last. Geek.com and that faggot that works for them, Rob, can go sit on a dick. - by Rob sucks

Virus' have been around longer than Outlook (3:45am EST Sun May 26 2002) This banning of Outlook (OL) is similar logic to the music industry shutting down Napster because 90% of all MP3's were shared through it. But as soon as (or even before) Napster was gone, the void had been filled. The belief is that since most virus infections occur because of OL, then banning OL will solve the problem. This is very short sighted. The problem isn't OL, the problem is the existence of virus'. Always define the problem before developing the solution! Virus' have been around longer than OL. Virus' will still continue to happen. And even if enough places "ban" OL so that it is no longer the number one used e-mail client, the new number one will be the new target of the next big, bad virus infection. Now, from a user perspective. As an OL user for many years who has never had an infection, whether it be because of luck, fantastic system/network administration, timely and proper OL updates, up-to-date antivirus software, or other, no one can stop me from using OL as my e-mail client without stopping all other standard MAPI clients. It would take me less than 30 minutes to write a new MAPI32.DLL that would replace the OL identifiable text in the connect message. It is as simple as renaming the current "real" MAPI32.DLL to something like RealMAPI32.DLL and then my DLL would just call it on every other function besides replacing the specified pieces of text. I would have a registry setting(s) for what to replace and another for what to replace it with. Then I would send my DLL, with instructions, to all my friend and tell them to pass it on. As for someone looking at my hard drive to see if I have OL installed, assuming they could do it in the first place, let me point out that they may have the right to try and stop me from using OL on their network, but they have no right to tell me what software I can or cannot have installed on "my" PC. Who’s to say that theirs is the only network that my PC is used on? - by GetReal

Angry Geeks(6:30am EST Sun May 26 2002) RE:(Fuckin' Bastard Bob & Rob sucks), you guys better watch what you say on this NOT FREE SPEECH Web Site.  Steven is allowed to use this site as his personal Soap Box to Yell and Scream the Greatness of his beloved Microsoft. Any person with a different opinion or who makes any NEGATIVE Microsoft statements WILL find himself BANNED from the site with NO ability to post any comments. You have been WARNED!! - by THE WATCHER

Java in Outlook?(10:45am EST Sun May 26 2002) Two things: First, I suspect all this talk of Java programs running in Outlook is incorrect. It's JavaScript (or rather JScript) that is the culprit, nothing to do with Java. They are barely related. As far as MS is concerned, Java is a "four-letter word"... Second, although I read Geek.com regularly, the Geek comments seem increasingly to be written by people who confuse invective with intelligence. Thinking allowed, not thinking aloud, please. - by GreyTec

Get real GetReal (1:44pm EST Sun May 26 2002) Yeah, sure virii have been around long before Outlook (duh!), but I firmly believe that you won't find an application that attracts virii quite as well as Outlook does. Replace Outlook (OL) with something non-Microsoft and you should find the probability of virus infection is lowered dramatically. It doesn't stop morons from running an infected attachment, but it cuts out a multitude of lovely M$ holes, flaws, bugs, or whatever you call them these days. And by not running Outlook (OL) you'll be increasing the stability of your operating system. : ) - by Stinky Pete

Exe files are not the problem (8:45pm EST Sun May 26 2002) "A bunch of college kids don't know to not open an ".exe" attachment." Nope there are scripts that are run in Outlook. A lot of the time the files are opened automatcally. MS is the only compnay to inlcuded such poor security in an e-mail client. Euroda all the way. - by Dave

Bad security design Outlook Express (9:36pm EST Sun May 26 2002) I removed all my contact list from Outlook Express so I would not be source of infection. With I blank out contact list, I would reply to an email on Outlook Express or add to buddy list on MSN messenger, these actions would start adding to my contact list. The only option is to use another emailer to stop the spread of infection. - by Security computing

life along the astral plaine........ (1:13am EST Mon May 27 2002) my problem is that winXP wont let me delete outlook. the bitch just pops back up in less time then i can,,fuck,,its back.........perspective seems crashed against a wall here, how big is this uni ? how many other institutions already disallow Outlook? how many would it take to cause microsoft a problem? how does microsoft make money off of this freeware anyway??? - by tung lov

banning outlook not the answer (4:44am EST Mon May 27 2002) I am amazed at how people want to ban outlook. It seems to me that maybe if the system administrators had been doing their job they wouldn't have all these problems. 1) always have a virus checker that is current running. 2) make sure all your programs are current. 3) train users on procedures. getting rid of outlook will reduce virus attacks, but its not the right answer. The right answer is to use the tools available to try and prevent attacks. If the sys admin feel that this is the answer, I feel sorry for the organization they work for. If the sys admin was maintaining his network against attack, in the first place, he would not let his employers down so often. - by usux

Banning outlook a good idea (7:51am EST Mon May 27 2002) You have to remember that this is a university run network, but with peoples own computers on the network. This is not a business where all the computers are run and maintained by the company. Also, amazingly, I would expect that at a girls college like Newnham, there would be very few computer scientists. It would be mostly English, History, Arch&Anth, Politics, and all of that. Email and computer security is not their forte. Cambridge university manages the central email system. It has decent filters and all of that, and that system is one of the best maintained email systems in the world. However it doesn't help when the users use Outlook to download mail from the university mail server (properly filtered) and from free web mail systems (poorly filtered) and thus get the virus on their systems spewing out crap all over the university network. So in this case, banning outlook is sensible. It was never approved anyway. The approved method is running Pine via telnet into the email system, or using a secure email client to download the mail. Usux wrote "always have a virus checker that is current running" - yeah, great if you MANAGE THE COMPUTERS YOURSELF, but they don't. The students own the computers. You can try all you like to get someone to install anti-virus software on their own machine, but you can't guarantee it. Usux wrote "make sure all your programs are current" - again, the computers are not run by the university or college. How can they enforce current software, or that people with little computer knowledge or care factor will update their systems? Usux wrote "Train users on procedures" - this is a college, not a business. Many of the colleges at Cambridge have little money or no money anyway. None of them would turn up for this training anyway, AND IT IS PROVIDED BY THE UNIVERSITY COMPUTING CENTRE but NO-ONE turns up. - by Hattig

freeware?(8:08am EST Mon May 27 2002) "how does microsoft make money off of this freeware anyway???"  NSA pays them for their "spyware". Or they make deals with the DOJ. - by paranoid android

This won't help at all. (10:03am EST Mon May 27 2002) This won't solve anything at all. It's gonna be funny when they don't notice a decrease in virus activity. Outlook isn't the problem, it's the obvious lack of virus and attachment protection. Blaming this on the Klez virus is equally as lame since it so easy to block it's not even funny. Only moronic admins the school uses don't know how. One, if you had IE6 which has been out for more than a flippen year, you'd be ok, and more importantly, if you blocked useless attachments at your mail server like .exe .pif, .scr, .bat. or .com you'd be ok. There is no reason to be sending around these kinda files in email, it's just dangerous in ANY mail client cuz stupid users will always execute it whether or not it does it on it's own. If you wanna send executables, compress them, rename the extention, anything. It's simple and easy. Any competent admin will have this emplimented on their system already and the users would be educated on it the on the first use. Email really should be used as a file transfer protocal anyway. That's why we have FTP. I say just don't allow attachments over email at all, ever, on any platform. Email will run smoother, faster and a clean virus free. teach users to use the right tools for the job. - by Dink

Re: Dink(11:33am EST Mon May 27 2002) "This won't solve anything at all. It's gonna be funny when they don't notice a decrease in virus activity. Outlook isn't the problem, it's the obvious lack of virus and attachment protection." Of course it is the problem. You are dealing with students who don't upgrade their software, have little or no virus protection. If Outlook didn't tie their emailer so tightly with VB and their address book, the spread of email virus would be reduced by magnitudes. - by don't use outlook

100th poster(11:37am EST Mon May 27 2002) Many foreign schools and university are now switching to Linux to save cost and to be more secure. Now american schools are beginning to doing the same.  Check out this news story about Portland's schools For schools, it's Microsoft's way or the free way http://www.oregonlive.com/news/oreg onian/steve_duin/index.ssf?/xml/sto ry.ssf/html_standard.xsl?/base/news /1021982499141752.xml- by 100th poster

Re: "what weakness?" (11:46am EST Mon May 27 2002) Its a huge gaping hole in MS outlook based products...You dont HAVE to run the .exe file to get infected with the virus, only select the message it came it and it's already infected your computer. That's a big screw up on MS's part - so I DO blame MS for horrible security measures. - by bonio

Uni != normal network (11:51am EST Mon May 27 2002) Most uni's allow students to connect from home / dorms / etc. It would appear from the original that many times the infection is being continued from student's private computers and propagated back onto the school network. Obviously these "smart" people haven't updated their personal computers and/or are not running up-to-date anti-virus programs. - by Ahnteis

The problems are: (12:17pm EST Mon May 27 2002) 1. Most of these systems that are sending the viral emails are from student's own computer at home, which the university has no obligation and no way to protect. How would you feel if your system admin has the right to remote assess to your home machine to update it at will? You would be crying bloddy foul over the invasion of privacy!! So there's not much a system admin can do on the server side. 2. All the "server side antivirus software" aside, there is still huge amounts of money investment to protect the system from "idiotic users". Processing power is money. Scanning through each and every email is a time consuming and processing intensive process. Would anyone of you want your ISP service fee or your tuition to go up 30-40% so that your system is protected? Many people won't. The "big" argument that these people are paid for is not so valid. The point being that Cambridge has to use its money wisely to provide education and a school like that should not spend more money than needed on email system and let education suffer. 3. Outlook (and Outlook Express) are the only email program that automatically launch all types of scripts including Java script, ActiveX and VB Script. None of the other email clients do that. This so called "convenience" is the cause of majority of problems. - by Flav

More problems are: (12:19pm EST Mon May 27 2002) 4. On filtering out attachments. As a university student myself (in Canada), I know that I use attachments a lot to send experiment data, project proposals and others to my peers. so attachment deletion is not possible in this context.  5. This is what most of you who have argued for Outlook has neglected. Even with the proper filters and security measures in place, the amount of traffic generated by these worms / viruses are enormous. Don't try to tell me that bandwidth don't cause money either. That's tax payer's money too. Since Outlook is responsible for the propagation and automatic generation of these viral emails, it would be right for the school to ban Outlook all together. - by Flav

Waste of space admins (12:59pm EST Mon May 27 2002) If they had got any kind of AV protection they would never of had any problems. The system admins must be a bunch on losers. - by Mike, Bristol, UK

Re: Admins(1:35pm EST Mon May 27 2002) To Mike from Bristol It's not if they have got AV protection or not. The problems is more to do with the lack of AV sense in user systems. That's no way to "educate" users enough for them to update. AV protection does not prevent traffic explosion from infection either. More than 90% of all systems out there have zero patches in the system. 'Nuff said. - by Flav

Retargeting viruses won't work... (1:37pm EST Mon May 27 2002) Most of why people target Outlook as a vector is because it's so common _AND_ it's such an easy target because of a lack of security involved with it's design. Tell me again why I need HTML mail, Active-X scripting, etc. in my Mail? If I use a client that doesn't do that stuff, I can't get zapped that way. If everyone else does so too, they won't get zapped either. - by Frank C. Earl

Outlook sucks anyway... (2:07pm EST Mon May 27 2002) I personally hate downloading e-mails which I don't want to download, so I use PopCorn e-mail client which shows my e-mail headers directly from server and lets me decide which to download or delete directly from my ISPs server. I highly regard their decision, but think they didn t solve the problem alltogether, only if their client works like my lovely PopCorn. I highly reccomend it, it's also free and can't show bloody html e-mails -). Great for those spam e-mails we can't escape...cheeerio. - by DuX

Flav is right(3:07pm EST Mon May 27 2002) All of you people defending Outlook and trashing the sysadmins have no idea what it takes to run a system or network.  I run an email server here, and I *DO* scan every email (and block infected ones) that comes through here. In the last 3 years, EVERY case of email virus propagation has occured through Outlook as the agent. Yes I know there are patches available, and users should be running virus scanners, and should be educated to not blindly open attachments. I constantly push such with the users. But the fact remains that Outlook is the common denominator in all cases, when only 50% of my users actually use Outlook (I have been "suggesting" alternatives for years).  The problems arising from Klez-H are 3 fold.  1) increased server utilization - and that doesn't come cheap.  2) false "from" addresses leading to accusations in all directions  3) increased network bandwidth from both the above - again not cheap.  Mosquitoes don't cause malaria, they are just the carriers. Does that mean we shouldn't control their population?  - by dht

i'm gay(5:25pm EST Mon May 27 2002) I like gay people... but seriously all people suck... people send virus's out using spoofed emails and it pisses me off - by I'm gay

lame(6:32pm EST Mon May 27 2002) Um, if you have Norton and keep your virus definitions up to date, it will detect the klez32 virus BEFORE the email is even accessible for you to open. It just automatically pops up a window saying that a virus was detected in an attachment and then asks you what you want to do. And if you're opening attachments from people you don't know, you're an idiot and I hope your computer blows up. - by your mom

Re: by your mom (10:17pm EST Mon May 27 2002) Of course you are right, but try telling that to the students of Cambridge. This is the real world. There are many PhD Cambridge candidates (a defininately not an idiot) who probably don't know how to update a virus definitions or even install a virus program. - by Real World

Life after College (7:20am EST Tue May 28 2002) 1. Most business use Outlook 2. Most students learn to use Outlook in College 3. Students that do not know how to use Outlook will have a harder time getting a job. 4. I would not hire a person, for my staff, that did not know how to use Outlook. 5. Good luck. It will be fun for some to use Outlook even when the admins tell you not to. And when the admins have all moved to Mulberry, I will bet that they STILL will get a virus. - by Business Owner

Business Owner (9:17am EST Tue May 28 2002) Trained monkeys can learn how to use Outlook. If a college student is majoring in anything that takes balls he/she will need to know UNIX/OpenVMS, etc. I remember helping fellow students in the lab...the dullest and by far the ones that needed the most help were business majors, marketing majors, mass communications, and the like. - by Joe Cool

Re: Business Owner (10:09am EST Tue May 28 2002) You are really stupid. You hire people who can learn new task. You are a pretty bad Business Owner if your employees are stuck on Outlook and can't learn new task. If you and your business can't change with the times, you and your business are doomed. - by Real World

Re: Life after College (12:38pm EST Tue May 28 2002) My gosh, this post is just bad. Allow me to rebute-- re: 1. You do not know that most business' use Outlook where'd you get that information...the Census Bureau? Since when did companies report their program usage to the Census? That's right...they don't! re: 2. See #1 above actually I used Novell GroupWise over a web browser at my college (a highly-populated Penn State school).  re: 3. I got a job just fine out of College, and one of the questions of the interview was NOT asking if I knew a certain e-mail program or not. Gee, do chefs at cooking businesses get asked this question? re: 4. your loss. but then, if that fits your business, and one of YOUR filters on candidates, then hey, more power to ya and your company. re: 5. ~ incoherent rambling on your part, i couldn't decipher it to rebute ~ (LOL) Not knowing Outlook is NOT the end of the road for post-College graduates. In fact, I think it will be a trend that will continue and grow. - by phillyTIM

re: dht(1:12pm EST Tue May 28 2002) People with HIV don't have aids, but they carry it. Should be kill them too? - by Tron

Re: Tron(2:49pm EST Tue May 28 2002) People with HIV would have certainly died but they have those drug cocktails to thank. Now they have to worry about the possibility of HIV mutating becoming drug resistant which may kill them. - by Outlook is Crap

I love to listen to this piece of new (5:48pm EST Tue May 28 2002) I have received about 10 mails with infected mails to our student association mailing list. Of course we use linux so we don't mind at all. But I can't imagine why should an inteligent person use an expensive program when you can have a free one. If it is more secure and open source and helps break the software monopoly it is still better. Please don't talk as if the Outlook where the best thing of the world becouse I've seen better things with friendly interfaces and they were really free. - by In peace warrior

Getting a what? (5:56pm EST Tue May 28 2002) Business Owner said  "5. Good luck. It will be fun for some to use Outlook even when the admins tell you not to. And when the admins have all moved to Mulberry, I will bet that they STILL will get a virus." You mean thouse .exe files that sometimes alarm the server. Oh, sorry, but most of them only work Windows. Luckly my file protection system works, my internet connections uses secure protocols and if there where a security hole it would be fixed in days or hours by the open source developers (GNU LINUX to the power ) and i can do it myself I'm worried about it.  Did I mentioned that you don't have to pay for it? As the code and the new versions of course. - by In peace warrior

lazy admin's opinion (2:44am EST Wed May 29 2002) some users seem to think of their email client as wordprocessing-desktop_publishing-o ffice_connector+++ those people CAN NOT have a secure system. chose a system able to transmit standard email, DO NOT interprete the contents further then displaying plain text messages (html without any active nonsense would be ok, too) and simply save attachments to the file system -> a very ignorant user is necessary to infect the system add a network virus scan and you will be by far more secure then at the standard microsoft environment with all work done (having that many points to attack there will allways be exploits) - by LazyAdmin

Tron(12:36pm EST Wed May 29 2002) (Outlook vs Mosquitoes vs People) You certainly don't make these people your main source of blood transfusions.  So in that sense, you don't "use" them in a capacity that directly exploits their capacity as a carrier.  If you wish to use Outlook in a capacity that doesn't allow it to be used as a "carrier", then do so.  But while people infected with HIV are useful outside their capacity as HIV carriers, I am not aware of any use of Outlook that would not expose it's capacity as a virus/worm carrier.  - by dht

Steven...(1:14pm EST Wed May 29 2002) U seems to be happy woth your cars analogy. But it's a very, very, very wrong analogy. The fact is that there is not REALISTIC ALTERNATIVES to gasoline engines... Not now at least. But THERE ARE A LOT of realistic alternatives for a mail client. Or are u telling that if there were cars whith less combustible compsuntion, more ecologyc and cheaper than gasoline ones, people should still have to use them, cuz they like the CD player fashion? And for all of u telling about the sys-admyn job... It's always safer, cheaper and more efficient to deny a possible source of problems (as outlook is) than trying to catch in time any possible hole for such source. BTW... I work in a large company. We have antivirus software, updated everyday, in all our machines. We are filtering extensions in attachments. And we DON'T use MS Outlook. Why? Well, we are obviously worried about security... Why are we going to fall down in a high potential risk when there are pretty cool alternatives? We have no problems using our business mail service s without MS Outlook. Just be smart and don't be stuck on an unique piece of software from an unique provider. - by Just-Another-Adm

Other solutions(2:57pm EST Wed May 29 2002) It doesn't matter what client is used, viruses will still get through. Here are two points to reduce the problem. 1. Get a good AV product on the server and desktop, and do auto-updates daily to the virus definition files. 2. Do file filtering for those types of files that harbour viruses.  We have over 5000 desktops, most are running Outlook and are connected to several Exchange servers. We use one of the best AV server products, Antigen, and McAfee on the desktop. An auto-update process is run on the desktops daily and auto-upgrade (engine) weekly. The server software runs daily updates, and we have also setup a procedure that when an virus definition file update notice is received during the day, that kicks off the update process on all servers. We filter .exe files and other known files that contain viruses. We have had next to no viruses come in. Those that have are from a source other than the Exchange servers. So the problem isn't necessarily the software, even though I'm sure improvements could be made, but rather the design of the messaging system and the ability of those managing the infrastructure to stay on top of the situation. Outlook and Outlook Express are just a large target because of the installed based. I'm sure that if one of the other mail clients had a larger installed base, virus writers would be attacking them. - by AnotherAdmin

Outlook 2002 is safe from Klez (3:02pm EST Wed May 29 2002) Klez doesn't present any problems on my Windows ME laptop because I am running Outlook 2002. Outlook 2002 automatically deletes all attached executable files which effectively kills off almost all email worms. I've probably received close to 100 copies of the Klez worm, but they are harmless in Outlook 2002. The latest service pack for Outlook 2000 also provides this same protection against email worms and viruses. - by Richard M. Smith

Other Solutions(9:30pm EST Wed May 29 2002) Outlook's problems are NOT part of the "messaging infrastructure". There are plenty of alternative mail clients that don't have the carrier/infection vector's that Outlook contains. Most (all?) of them work equally well with an Exchange server as Outlook does.  I realize that other clients can also be used as a carrier, but there are 2 factors that increase the risk with Outlook: 1) The prevalence of Outlook as the mail client across many desktops means that it is a prime target for the virus writers. Other clients don't have the same "critical mass" as an attraction to the writers.  2) The MS "ease of use" (ignoring security) approach that allows scripts and executables to be automaticly executed as soon as the end user opens the mail. All for the sake of "saving the user a mouse click"? Come on!  Windows is the dominant desktop (monopoly?) environment. Outlook is installed on all these desktops (look how hard it is to get rid of it!). Common sense says it should be HARDER to use Outlook as an infection vector than the alternatives. Default install should restrict the capability to automaticly execute any code, including javascript (in mail??) and any other code. I would make the case that such "auto execute" capablity should not even have an option to be enabled in the "default mail client on all Windows desktops".  Deleting "offending" attachment types at the server is NOT an option. To do this, the server must be aware of (or control) EVERY application on the client side that registers to handle a particular "type". The only way to guarantee things, would be to delete/disallow all attachments, a totally unreasonable requirement.  The only acceptable way to handle this at the server side is to virus scan each and every message, which requires a large amount of system resources on a busy mail server. Just check out messagelabs pricing to see what it can cost if you contract out this service.  - by dht

The reason it's a target... (11:17am EST Thu May 30 2002) Matthew opines: > The article does point out that  > Outlook is targeted by virus writers  > due to it being so popular, The reason it's targeted by virus writers is because it has such glaring security holes. There is no way that antivirus softare can keep up with the flow of new viruses that take advantage of its structure. Klez, alone, is enough to keep you busy. Microsoft's tactic of rushing embarrassingly unprofessional code to market and making it dependent on proprietary protocols and practices is finally coming back to bite it. It's an incredibly irresponsible way to write software, and all just to squeeze the competition out of the marketplace. The interesting thing will be to see whether any class-action suits develop over time, seeking, retroactively, damages due to Melissa and "I love you" and Klez and all the other Outlook-enabled email viruses... and then there are the MS Office macro viruses.... May Microsoft live in interesting times. - by Nick Pitt

Geek.com Useful Links

Buy Geek.com Gear -- Show your Geek Pride! Comparison Shop for computers and parts Sign up for a Geek.com WebBox - US$10 / year Sign up for Geek.com Newsletters