Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 

   

By: Cherry A. Beado (cbeado@outlookexchange.com)

Next DYK ..... "Did you know what MALWARES are?"

Probably, you were one of those or you knew someone who have been plagued by the recent outburst of so many kinds of viruses and worms spreading around. And maybe, these article can help us understand better these viruses and worms and maybe, just maybe can help us prevent these too ...

This article will briefly discuss these worms and viruses and how we can use Outlook security  to prevent their circulation.

So read on ....

What is a  Malware?

Malwares are becoming so rampant. Let's start with them. What is a  Malware? Basically, I myself, has just came across this term when I did a TECHNET Session for Microsoft’s Virus Protection for Messaging. Malware is a catch-all term for any kind of code that was written with malicious intent. Generally, it covers viruses, worms, Trojan horses, malicious ActiveX controls, among other things. To these date, the most popolar form of Malware is the worm. Worms are self-propagating malwares that are usually executed as stand-alone code andthey propagate by copying their executable codes to other PC’s, file shared on the Fileservers or to any webservers hosting FTP’s . The most notable class of worms were the so-called macro viruses, including Melissa and ILOVEYOU, Code Red and the latest variant, the NIMDA. These don’t actually infect existing executables, but they do propagate very rapidly. Because worms are often implemented using VBA macros, they are the most common malwares associated with Office documents; one very common vector for spreading worms is the accidental release of an infected Word or Excel documents.

How do malwares do their trick?

Some of the malwares were developed to access the Global address lists, the personal address book or the Outlook contacts and propagate by sending itself to the addresses found, as the case of the Melissa and ILOVEYOU. Some are executed as macros developed using VBA’s, JScripts or Active X controls.

An ounce of prevention is better than a pound of cure – Implementing Outlook Security

Undoubtedly, the mode of transmitting worms and viruses is through electronic mails or emails and in the form of email attachments. Thus, the challenge is how to prevent the malware from circulating and from spreading further. This can be done by implementing Outlook security.

Outlook has heightened its security settings by automatically blocking attachments of some extension types and by having the Scripting functionality disabled by default. Doing so minimizes the threat of these malwares. The enabled Outlook security is the default setting for Outlook XP. For Outlook 2000 users, these security settings can be availed of when the OL2K security patch is applied.

There are 38 file types that Outlook automatically blocks. And these file types are categorized into two levels – Level 1 and level 2 file types.

Level 1 file types, such as .bat, .exe, .vbs, and .js, are blocked by Outlook and you cannot see or access the attachment. Your Inbox will display the paperclip icon in the Attachment column to let you know that the message has an attachment, and you will see a list of the blocked attachment files in the InfoBar at the top of your message. In addition, when you send an attachment that has a level 1 file type extension, you will see a message warning you that other Outlook recipients may not be able to access this type of attachment. If the file type is level 2, you can see the icon for the attachment, and when you double-click it, you will be prompted to save the attachment to your hard disk. Once you have saved the attachment, you can decide how to handle it.

The 38 file types automatically blocked by Outlook are as follows:

  • .ade      Microsoft Access project extension
  • .adp     Microsoft Access project
  • .bas      Microsoft Visual Basic class module
  • .bat      Batch file
  • .chm     Compiled HTML Help file
  • .cmd     Microsoft Windows NT Command Script
  • .com     Microsoft MS-DOS program
  • .cpl       Control Panel extension
  • .crt       Security certificate
  • .exe      Program
  • .hlp       Help file
  • .hta       HTML program
  • .inf        Setup  Information
  • .ins       Internet Naming Service
  • .isp       Internet Communication settings
  • .js         JScript file
  • .jse       Jscript Encoded Script file
  • .lnk       Shortcut
  • .mda     Microsoft Access add-in program
  • .mdb    Microsoft Access program
  • .mde     Microsoft Access MDE database
  • .mdz     Microsoft Access wizard program
  • .msc     Microsoft Common Console Document
  • .msi      Microsoft Windows Installer package
  • .msp     Windows Installer patch
  • .mst      Visual Test source files
  • .pcd     Photo CD image or Microsoft Visual Test compiled script
  • .pif       Shortcut to MS-DOS program
  • .reg      Registration entries
  • .scr       Screen saver
  • .sct       Windows Script Component
  • .shs      Shell Scrap Object
  • .url       Internet shortcut
  • .vb       VBScript file
  • .vbe      VBScript Encoded Script file
  • .vbs      VBScript file
  • .wsc     Windows Script Component
  • .wsf      Windows Script file
  • .wsh     Windows Script Host Settings file

The Outlook Object Model Guard

 The Outlook Object Model Guard is responsible for restricting access to the address book data, access to the recipient data and to prevent a programmatic sending of emails. The next question is how the OL Object Model Guard does these things.  

  1. Access to Address Book Data – It blocks access by worm viruses and other programmatic access from accessing metadata from the Address Book.
  2. Access To Recipient Data On Items – Prevents access to recipient data that may be contained in the an email in an inbox or contained in a calendar appointment.
  3. Programmatic Sending Of Email – Prevents the silent sending of the email by prompting with a warning and asking for a response before sending.

But in cases where a virus creates an mail message and prompts the user to send the mail message there is not a safeguard against stopping the message from being sent.  The user’s only option is to not send the message.

In summary, Outlook provides a way to prevent the outbreak of viruses, but Outlook in itself is not an anti-virus application, it only compliments your anti-virus solutions.  So it will still be very safe to implement your own Anti-virus strategies. 

That wraps our DYK article for this issue .... for any questions, comments, suggestions or violent reactions, feel free to email me ... :-)

Cheers !!!!

Cherry

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008