• STOCKTALK
• POLITICS
• PASTIMES

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Smart Cards -- Ignore unavailable to you. Want to Upgrade?

---

To: caly who wrote (243) 5/20/2000 1:15:00 PM From: Eric L   Respond to of 343   calypso, Re: Off Topic on Microsoft Service Releases and patches << Gee, Bill must have been reading this thread. ; ) >> I am an unabashed Microsoft fan, highly dependent on many of their products, a propeller head (so my wife and daughters say), and have frequently beta tested many of their products. Despite this, their success with initial versions of (and distribution mechanisms for) Service Releases (particularly for the Office Suite) has been something less than stellar. For this reason I am a subscriber to to several of of Woody Leonhards free newsletters including "WOODY's OFFICE WATCH". I have had my bacon saved many times by following his advice on upgrading to various "Office" updates. In the latest issue (17 May 2000) he notes this: >> The Office 2000 update is back from the repair shop with Service Release 1a now available and Microsoft is belatedly working on an email security fix due out next week. Barry Simon takes a close look at the pros and cons of this upcoming Outlook fix. << and: << 1. OFFICE 2000 UPDATE - SECOND ATTEMPT After the almost traditional false start there's now a revised version of the Office 2000 bug fix pack - now called Service Release 1a. There's no variation in the changes made to Office 2000 from the original SR-1 and the new SR-1a . The only difference is the updating system that didn't work properly in SR-1 has been fixed. If you already have SR-1 installed then you need not get SR-1a. But I know that most WOW readers have been waiting for Service Release 1 to prove itself in public before committing themselves - and events have proved that caution was justified. The long awaited WOW special issue on Office 2000 Service Release 1 will be sent to all WOW readers later this week. After months in the making you'll find it very worthwhile. As usual, the full story of the Office update is NOT to be found on the Microsoft web site. AUTO UPDATE CAUTION: One part of the WOW special issue will be a close look at the Office Auto Update system. With the release of SR-1a Microsoft is pushing people to use this method of updating their copy of Office. Given Microsoft's very poor track record with Office updates we suggest extreme caution using this new approach. << Then: 4. FINALLY - SOME HELP FROM MICROSOFT IS NIGH After spending considerable time blaming everyone else for the virus infections of their operating system and email client, Microsoft has belatedly announced the release of a patch for Outlook 2000 and Outlook 98 users. Called the 'Outlook Email Security Update', this update will have some new features that go some way to preventing recurrence of virus attacks similar to Melissa and I Love You. One of the changes was suggested in WOW only last week. Our Outlook Original columnist, Barry Simon was delighted to see that his concern about the default Internet security zone setting within Outlook has been acted upon. The change from "trusted" to "restricted" means that most automatic scripting and ActiveX Controls can't open without the user's permission. Since this is just a registry setting change you can change the setting back again if you wish. See Barry's column in last weeks WOW for details woodyswatch.com Most interesting is the 'Object Model Guard' that prompts you if an external program attempts to access you Outlook address book or send e-mail on your behalf. How effective this guard is remains to be seen. The third part of the patch is to prevent users from accessing several file types when sent as e-mail attachments. This is nothing new, because Microsoft released an update that had just this component last year. This update is an very late reaction to the virus problems that have plagued Microsoft Office for the last year or more. Office customers would be entitled to wonder why it has taken this long for Microsoft to act. All of these measures should have been taken after the Melissa outbreak, if not before. Despite Microsoft's statements to the contrary there's nothing in this update that specifically targets the 'I Love You' strain of viruses. The protections are more general and, if implemented earlier, would have prevented the damage caused in the last two weeks. This isn't a case of 20/20 hindsight, for the methods used by both Melissa, I Love You and their ilk have been well known for some time - the only thing lacking was the corporate will to remove the potential threat. Despite it's late arrival, some protection is better than the little Outlook users have now. However there's a 'gotcha' - Microsoft have designed the update so that Office 2000 users must have Service Release 1 in place first. Since SR-1 has only just returned from repairs a few days ago this is an unreasonable imposition. The changes made by the patch are not major and we wonder why the company decided to restrict the patch. We'll have a close look when the updates are released next week and report to WOW readers. Barry says: >>6. THE OUTLOOK ORIGINAL: BULLY FOR MICROSOFT <snip> I was planning to follow up on a number of issues that were raised in connection with my discussion of malevolent scripting in the last WOW and even started such a write-up when the startling press release microsoft.com came from Microsoft announcing the Outlook Email Security Update which addresses three aspects of Outlook's security holes: it will prevent the running of executable files from within email, it will warn the user before the address book is accessed by an external program and it will put in place security settings for HTML mail identical to those This is precisely what I recommended in the last WOW (oh, gee, what a coincidence). This is a remarkable development. Microsoft actually does listen when there is uproar. They are to be complimented. The press, on the other hand, hasn't done so well. I'm writing this Tuesday morning, the day after the release and neither ZDnet nor cNet have a "front page" story on this solution although each had an earlier major story on the problems that this solution addresses. That may change - it is possible that the issue here is that Microsoft itself is being low key (the release is not even listed as a top story on Microsoft's press pass page!) and the news organizations haven't noticed this yet. While I've mainly have praise for Microsoft on this one, I do have three concerns. Firstly, this is a solution put out by the Office division. I'd be more comfortable if there were some indication that it was being actively supported by the IE division because otherwise, it is possible that installing an update to IE could undo that part of the patch that changes the default IE security settings. Related to this is my second and stronger concern that this fixes Outlook only and not Outlook Express. One can't fault the Office team for that, but you'd think Microsoft would want to illustrate the advantages of having Office and Windows under a single corporate umbrella. My third and by far strongest concern is that the release says that the Office 2000 SR-1 upgrade has to be installed before applying this patch. It can't be that there is anything in the SR-1 upgrade that is used significantly since this Outlook patch works with Outlook 98 also. I presume that the motivation for this requirement is to minimize the testing that Microsoft has to do, to push people towards the upgrade (and its use of the Registration Wizard) and, perhaps, to avoid having to change the SR-1 upgrade which as currently written might undo part of what the security patch puts in place. The issue here is the SR-1a is so new and so large. Given past history, there are those who wait at least 4-6 weeks after a service release before installing it. But the Outlook Security Patch will be released the week of May 22, less than two weeks after the formal release of SR-1a. There is also the issue of prudent system management. The resources necessary for an IT department to roll out the SR-1 upgrade are substantial and may result in delays. But the Outlook patch will be simpler and could be done more quickly than an organization can get out SR-1. So, kudos to Microsoft in general and the Office team in particular. But please, guys, reconsider the requirement that SR-1 has to be installed and make sure the patch works with and can be installed on a system that has plain ole Office 2000 on it. << To subscribe WOW: >> ADMINISTRIVIA, subscribing, unsubscribing etc ~~~~~~~~~~ Join, Leave or change address from our Web site woodyswatch.com Email: Subscribe: wow@wopr.com Unsubscribe: LeaveWOW@woodyswatch.com << - Eric -

Home

Mail

Hot

SubjectMarks

PeopleMarks

Keepers

Settings

Terms Of Use

Contact Us

Copyright/IP Policy

Privacy Policy

About Us

FAQ

Advertise on SI

Change Ad ConsentDo not sell my data

© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News