Microsoft Shares Blame For 'Love' Bug?

Not In Your Opinion: We Said Outlook's Flaws Made Matters Worse, But Readers Didn't Agree

The Love Bug still has everyone in an uproar, including readers of this column, who responded to my list of nine things you can do to avoid a virus. (Click to read that column or skip ahead for feedback on hard-drive horror stories and Linux as an alternative to Windows.)

We asserted that Microsoft's pervasive e-mail program, Outlook, has so many design flaws that the Rich Guys from Redmond should shoulder some of the blame for the "Love" craziness.

Did readers join in the chance to beat up on Bill? You'd be surprised.

Don't Blame The Victim (Microsoft)

"And it's safe to assume that whatever the most popular e-mail program is, that's the one that will be subjected to attack."

That's true. However, Outlook can actually be set up so that it automatically opens attachments when you click on the e-mail icon -- rather than just previewing the message area. That's a very bad thing indeed. CNET raised some of the same points the day after the outbreak ("Microsoft criticized for lack of software security" and "Virus hoax illustrates Microsoft e-mail security issues").

If you don't believe me, take it from the man who tracked down the writer of the Melissa virus, Richard Smith, as quoted extensively in one of this site's news articles, "Virus Tracker: Microsoft Could Prevent Bugs" by M.R.F. Buckley:

The Brookline, Mass., man who helped hunt down the perpetrator of last year's Melissa virus said Friday that there will be more virus attacks like Thursday's "I Love You" cyber-assault unless Microsoft takes some simple steps to improve security in its Windows operating software.
"The ball is really in Microsoft's court. They make most of the software we use," Richard M. Smith, a retired software engineer, said, explaining that the world's largest software maker has the ability to take steps to eliminate security problems with its products if it chooses ...

Microsoft won't change that flaw in Outlook. Consumers can, but most don't even know that it exists.

Any E-Mail Can Spread It, But Not As Fast As Outlook

The "ILOVEYOU" virus is like a match that can "set fire" to your computer. Outlook allowed the match to ignite in a "pure oxygen atmosphere" that exploded across the Internet. When you say, "Outlook simply allowed the rapid spreading," you're blithely dismissing the fact that the rapid spreading created the real disaster and amplified the destruction like a chain reaction in a nuclear explosion.

I haven't seen anyone speculate on what the damages would have been without Outlook vulnerability, but I think it's safe to say that we're not talking about a factor of ten or a hundred or even a thousand times less destruction without Outlook's vulnerability. I think the magnitude of the problem attributable to Outlook's vulnerability is far, far larger.

Thanks for writing, though. You gave us the theme of the column!

Blame The Virus Busters?

"Don't you think you're overreacting a bit by blaming Outlook for security lapses? Believe me, I 'm in no way a Microsoft or Bill Gates fan, but it seems to me that anti-virus software should have been a bit more adept at catching this one in the first place. The file extension .txt.vbs is a pretty common string to look at for virus checkers."

She pointed us in the direction of an article on the Computer Virus Myths site (kumite.com/myths/) that said that many people are guilty of hysterical overreaction to the "Love" bug -- from Tom Brokaw to self-declared computer experts. "Did the virus itself clog up your company's e-mail system," kumite.com asks, "or did hysterical virus alerts clog up your company's e-mail system?"

True, virus protection should be better, but Outlook is still part of the problem. I happen to use Netscape e-mail on my laptop computer and Pegasus Mail on my desktop computer. I prefer to be part of the solution, at least for now, rather than part of the problem.

Guns Don't Kill People, Monkeys Do

"If someone gives a gun to a monkey and the monkey shoots someone, does the monkey get all the blame?

"Microsoft chooses to rename security holes in its software as features and so must shoulder most of the blame. There will always be vandals out there and they should be punished for what they do. Microsoft, however must be held accountable for making it so damn easy for them. Macintosh, BeOS, Linux, and such did not get the bug. PopMail, Eudora, and GroupWise did not automatically spread the bug. Any parasite needs a welcome host and Microsoft has provided a very rich blood supply for the Virus Coders to tap into.

"So in answer to your question, Microsoft is very clearly culpable."

Media Covering For Microsoft?

"One of the things that I've found annoying about all the 'Love Bug' news stories is that most news sources have been very tight-lipped at the fact that this is a Microsoft problem.

"The produced a Script program [one that can be executed without the user's command] that had as much power as Wscrip has and didn't tell anyone. I didn't know it existed until this whole thing came out, and I consider myself somewhat in the know (one of the reasons people keep calling me to get their hosed systems up and running) ...

"Secondly, the 'virus' copies itself with Microsoft's e-mail reader (which they've done a good job of shoveling at people). Hats off to you for bringing up Pegasus [an alternative e-mail system], something I've used for years myself with no regrets.

"Hats off to you. I'll be looking for more of your articles and such from now on."

I Feel Your Hard-Drive Pain

Editor's Note: When Tom detailed his hellish experiences trying to replace his hard drive -- and missing out on the sunny spring weather -- some readers were sympathetic.

Brian Hassett of Minneapolis was succinct:

"I enjoyed your story, especially since I fix computers for a living. My advice: get a Mac."

That's still my overall plan. I'm waiting for the release of Macintosh's new operating system OS X, expected sometime this summer. I'm also waiting to see if Apple upgrades to the new Radeon video chip by ATI, which supports HDTV (high-definition television). I'll be making a choice between the PowerBook, with AirPort wireless networking, or the G4 if it has HDTV capabilities.

Brian Klawitter of Lake St. Croix Beach, Minn., sounded a similar note:

"Ya know, Tom, after reading your article about your HD's, I think you should try the same thing with a Mac. I think you would have a tan by now! ;-)"

I think you're right! You know, I've finally thought of something nice to say about Bill Gates -- he's helping to stamp out skin cancer.

John Walick of Bobtown, Penn. directed us to one of our Internet competitors:

"Go to www.zdtv.com/callforhelp and/or zdnet.com/community -- different ways of asking questions and you have the whole world of geeks out there to help you, questions and tips, community board …"

I appreciate the suggestion. Actually, I do watch "Call for Help" and "The Screen Savers" quite frequently via DirecTv. It's an inspiration to me that Leo Laporte has even more gray hair than I do.

Marsha Vanskike of Oregon sure sounds nice:

"I am sorry to hear about your computer trouble, but the story put a smile on my face. You have a great sense of humor, and think of all the useful info you can give up with your 'INSIDE' information.

"I hope that you will be free to enjoy the sun when there is another nice day ... sometime in July, I think.

"Thanks for the laugh, and don't download anything weird ... at least for a while." George A. Revay at Cleveland State University said we suffered needlessly:

"You could have partitioned the larger drive to accommodate the Windows system.

"I have Window 95 with an 8.4-gigabyte drive and two 16.8-gig drives with no problem. What size drive were you trying to install?"

To understand hard-drive storage capacity, click here.

The drive was a 6-gig from Seagate. I've had it on the computer before, but I really don't like using drive-mapping software. I find that it makes maintenance more difficult and problems harder to solve.

Wants To Dump Windows, But Scared

"My first computer was an Apple IIE with two floppies and 16K of RAM [memory]. Since then, I've been through a second Apple, a 8086, an Altos multi-user system running Xenix [an operating system that preceded Unix], a 286, 386, 486 and three Pentium machines -- culminating in my current Dell 450, lots of goodies and DSL access to the Web.

"I still write for a living, and still have a love/hate relationship with the computer, mostly related to Bill Gates and his kludged-up operating system.

"Therein lies my question -- do you use Linux in your work? How good is the application software available for Linux -- particularly with regard to sharing files with the rest of the world?

"I'd love to dump Windows forever, but without give-and-take capability for Excel, Word and PowerPoint files, my clients would soon dump me.

I'm trying to get Linux up and running on my desktop system, but I apparently own the only video card in the universe which isn't supported under Linux: It's a Diamond Fire 1000 Pro.

The software package I've purchased is supposed to have full file compatibility with MS Office, but I haven't yet tried it. For non-Microsoft word processing software, I've actually purchased the WordPerfect Office Suite 2000, and I also have a free copy of Sun Microsystems' Star Office, so I should be covered for all my business needs.

The other good news is that driver programs are under development so that Linux can run high-quality MPEG video files through decoder boards made by Hollywood Magic and Creative Labs.

So if I can get Linux installed, I'll be able to dump Windows entirely. At least, that's the plan.

I've also heard that software is under development that would allow Microsoft Office applications to run on the Linux OS. Now that would be interesting.

--Tom Egan has worked the information business from photography and journalism to video production and online editing. He writes about technology from his home in Saint Paul, Minn., within three blocks of four bars that serve Guinness on tap. He can be reached at egan@ibsys.com.

Copyright 2001 by wesh.com. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.