-- Welcome to the summer of our software discontent. We are being swarmed by bugs and stung by careless coding. The latest example is the recently publicised e-mail system screw up, which affects Microsoft Outlook 98, Outlook Express and Netscape Communicator.
In an ugly new irony, an e-mail message with an attachment - made possible by the latest Multimedia Internet Mail Extension (MIME) protocol capabilities - can fire a destructive piece of code into your network. You don't even have to click open the message to launch the attack. The wonders of technology have brought us to the point where merely moving the mouse and highlighting the file name can do the trick.
Naturally, Microsoft and Netscape raced to post the fixes for this bug - officially called the "long file name mail vulnerability" - on their respective Web sites. That's the Internet Age equivalent of closing the barn door after millions of horses have bolted. How many business users will take the time to hunt up and download that fix?
These flaws in Microsoft and Netscape products aren't even new mistakes, as any long-time programmer can tell you. The security risk of "buffer overflow" in coding is so well-known that there are automated hacker tools available to check for it and exploit it. But these products are big and the competitive time-to-market window is small, so vendors rush their heavily loaded programs out at slapdash speeds. They serenade us with enough bells and whistles to drown out any nagging doubts about the higher risks involved now that our company networks lay open and vulnerable to the world.
Yet another part of the problem is our own quest for ease of use at the expense of tighter security. We push technology to perform unnatural acts, such as sending a variety of attachments ill-suited for Internet e-mailing. A far safer practice would be to send a text message and include a URL address, leaving that fancy attachment sitting safely on a Web server elsewhere on the Net.
But who will sacrifice convenience for safety? Maybe the answer is in that next e-mail attachment.