Chapter 13: Securing Outlook

Overview

Technology ”like science ”is neutral all through, providing only means of control applicable to any purpose, indifferent to all.

”John von Neumann

E-mail-transmitted malware is an unfortunate fact of life. Malicious code attached to e-mail messages can contain worms or viruses; once one machine becomes infected, highly interconnected e-mail systems allow malware to spread very quickly. How d we get here? Customers asked for advanced customization features, so Microsoft delivered them as part of the Microsoft Office system. The first really bothersome e-mail viruses were created and spread using the Office macro language; more recently, the mix of malware has shifted toward attacks that exploit vulnerabilities in Microsoft Internet Explorer. The integration between Microsoft Outlook, other Office applications, and the Microsoft Windows operating system delivers a great set of benefits, but some malicious people have used those features for ill ”no different than almost any other technology. Completely disallowing all forms of scripts and executables is a cure worse than the disease; the ideal remedy would be to teach users not to open untrusted attachments. However, that assumes that users will always do what you tell them to do, and we know better. Fortunately, a combination of Outlook features and administrative savvy can be applied to minimize, if not eliminate, the vulnerability.

Of course, e-mail- borne malware gets the lion s share of press attention, but Outlook offers many useful security features, notably support for the Secure/Multipurpose Internet Mail Extensions (S/MIME) message security protocol, plus a variety of smaller security tweaks that you can apply to tighten your desktop users security.