Microsoft Outlook users hoping to shore up their client software against virus attacks now have another option to the patch Microsoft released last week.
US-based Reliable Software Technologies has developed a free program that stops viruses from automatically propagating by exploiting Outlook. The JustBeFriends.dll installs on desktops and blocks calls to Outlook by monitoring the Visual Basic Scripting Engine. The patch, however, will not prevent a virus from damaging files on a user's hard drive. It will, however, help contain viruses and stop them from spreading. The insidious "ILoveYou" virus was a Visual Basic script that used the Outlook address book to quickly distribute itself throughout e-mail systems.
"Our patch works outside of Outlook and monitors applications calling Outlook," said Gary McGraw, Reliable vice-president of corporate technology. "We prevent the scripting engine from invoking Outlook and sending out e-mail on the user's behalf."If a request for access to Outlook comes from a script being run from the desktop or from an attachment, access is denied. Otherwise, the user is asked to confirm that the application should be allowed access to Outlook.
The patch is a Dynamic Link Library (.dll) that lives inside the "appinit" Registry Key and is installed using a standard InstallShield setup.
The patch can be used in conjunction with the just released Outlook E-mail Security Update from Microsoft, or it can be run on its own. The Microsoft patch prevents Outlook from accepting a number of attachments, including .VBS, and adjusts security zone settings to prevent scripts from running by default.
The patch also prevents applications from using the address book to send e-mail.
"Together we think the two patches provide the best security," McGraw said. But Reliable also believes it thinks the Microsoft patch is too big and complex to be a trustworthy security measure.
The difference between the patches is that JustBeFriends works outside of Outlook by monitoring the VB Scripting Engine that is part of the operating system. The Microsoft patch actually works inside of Outlook, adding functionality and providing additional security settings.
"When you're working from inside Outlook, the question is are you covering every possibility" for a security breach, McGraw said. "Also, if there is a bug in the software it could make the patch fail or become obsolete."For example, the Microsoft patch blocks a variety of e-mail attachments, but zip file attachments aren't blocked. That means if a virus is contained in a zip file, it could circumvent the block - much like what was done with the Melissa virus.
There are other differences as well. The JustBeFriends patch is much smaller at 300KB, compared with 8MB for the Microsoft patch. Additionally, the Microsoft patch cannot be uninstalled without reinstalling all of Microsoft Office, while the JustBeFriends patch has an uninstall feature.
The Microsoft patch works with Outlook 98 and 2000, while the JustBeFriends patch works on all versions of Outlook, including Outlook Express. However, JustBeFriends only works on desktops running Windows NT or 2000.