William Kennedy comment

I am emailing regarding William Kennedy's article on Microsoft Outlook
blocking attachments without user control:
http://office.microsoft.com/en-us/as...894211033.aspx
I work for a Value Added Reseller and much of our business is Microsoft.
What concerns me about the article is the following:
Mr. Kennedy states that Outlook is the main target of virus attacks and that
is why MS removed the ability to accept certain attachments. I have no doubt
that removing user ability to accept these file types has reduced attacks on
Outlook. It has also reduced the effectiveness of Outlook. The comment
suggests that MS made this change to affect a market perception and not to
improve the product. Outlook is the subject of attacks partly because some
in the technical community (less scrupulous ones) find Microsoft's corporate
policies suited to corporate benefit and often not user benefit. The article
is a case in point. I suggest that a comprehensive security solution is the
way to deal with this problem, rather then controlling user behaviour to
compensive for a lack of comprehensive security being built into the product.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/comm...installat ion

Given that this feature has been in place for 6+ years and that current versions provide various ways for network administrators and end users, as appropriate, to control the behavior, it's hard to understand why this issue seems to be a priority for you or how Outlook's effectiveness has been reduced.

Network administrators are quite happy that Outlook's attack surface is much, much smaller than it was in March 1999.

If you have some ideas on what such a comprehensive email attachment security solution might look like -- one that protects unwitting users from opening dangerous files, allows power users to get any file they want, and allows network administrators to control behaviors in their domains -- I'm sure Microsoft would be interested in reading your suggestions.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003
http://www.turtleflock.com/olconfig/index.htm
and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers
http://www.outlookcode.com/jumpstart.aspx


"Concerned reseller" Concerned wrote in message ...
I am emailing regarding William Kennedy's article on Microsoft Outlook
blocking attachments without user control:
http://office.microsoft.com/en-us/as...894211033.aspx
I work for a Value Added Reseller and much of our business is Microsoft.
What concerns me about the article is the following:
Mr. Kennedy states that Outlook is the main target of virus attacks and that
is why MS removed the ability to accept certain attachments. I have no doubt
that removing user ability to accept these file types has reduced attacks on
Outlook. It has also reduced the effectiveness of Outlook. The comment
suggests that MS made this change to affect a market perception and not to
improve the product. Outlook is the subject of attacks partly because some
in the technical community (less scrupulous ones) find Microsoft's corporate
policies suited to corporate benefit and often not user benefit. The article
is a case in point. I suggest that a comprehensive security solution is the
way to deal with this problem, rather then controlling user behaviour to
compensive for a lack of comprehensive security being built into the product.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/comm...installat ion