| HOME |

Netscape, Microsoft working to shore-up
e-mail security


Researchers sent software engineers scrambling this week when they announced that the e-mail programs from both Microsoft Corporation and Netscape Communications contain major security flaws.

The companies' Web browsers -- Internet Explorer and Communicator, respectively -- are coupled with e-mail programs that may allow an e-mail file attachment to damage a user's hard drive.

E-mail is one of the most popular uses of the Internet, and one widely used feature associated with e-mail is the ability to "attach" and send other files or documents along with an e-mail message.

The security breech involves how each program handles file attachments with extremely long names.

Under certain circumstances, malicious executable code could be attached to an e-mail, and then activated after it was retrieved -- even if the recipient didn't mean to open or activate the file attachment.

The programs susceptible are Microsoft's Outlook 98 and Outlook Express 4.x and Netscape Communicator 4.x. Earlier versions of Netscape Navigator are immune to the threat.

Microsoft posted a software "patch" on July 27 to repair the security hole in its Outlook 98 and Outlook Express 4.x programs. But be aware that Microsoft reports that it uncovered an additional security hole in the process of creating the July 27th "patch" -- a security hole that will require yet another "patch." This fix will be forthcoming, according to a message posted on the company's Web site.

Netscape is working on a patch for its products and plan to release it in "the next couple of weeks" according to the company's Web site.

The security bug only affects Communicator 4.0 and higher, according to Netscape's Web site. If you are using any version of Navigator 2.x or 3.x, you're safe.

Neither Netscape nor Microsoft say they have received reports of anyone using this flaw in their programs.

Is a security hole a problem if no one takes advantage of it? Apparently, as both Microsoft and Netscape believe the threat is serious enough to warrant immediate action.

WHAT TO DO NOW. For users who are waiting to download a software "patch," both companies say you can minimize any security risk from malicious e-mail.

Both companies recommend that you configure their e-mail clients to view file attachments as links, rather than in-line files.

For how-to information, visit their respective Web sites.

For information on Netscape's upcoming "patch", point your Web browser to http://home.netscape.com and click on the "Netscape Responds to Email Vulnerability" link.

For Microsoft information, visit www.microsoft.com/ie/security/ on the Web.

AOL UPDATE. The world's largest online service has officially released its latest version of its software.

On Thursday, America Online officially released AOL 4.0.

The software has been under development for two years, with the last seven months being devoted to "preview" testing.

Current AOL users will be able to click a button on the service's opening welcome page to download the new software. Web users will be able to download it soon from the AOL Web site, www.aol.com.

AOL has revamped its interface, using more graphics-oriented icons in a configurable top-of-screen toolbar. Overall, it makes AOL look more like viewing Web pages than the old AOL-style access software.

AOL 4.0 offers some improvements, including spelling and grammar checks for e-mail, and the ability to change screen names without disconnecting from the service.

I had discontinued my AOL membership some time back, but was pleased to find the service's interface is much improved since my last visit.

Elizabethtown and Hardin County computer users will be happy to find that there's now a local dial-up access number.

If you already have an Internet account, you can set up your AOL software to connect to AOL via the Internet -- and save yourself some cash in the process.

AOL calls this the "Bring Your Own Access" service, and for $9.95 per month, you can get unlimited access to all of AOL's content. With AOL's monthly dial-up fee now at $21.95, you won't go wrong by saving that $12 each month.

Unfortunately, Apple Macintosh users will have to wait. The final version of AOL 4.0 for the Mac isn't out yet, though a "preview" version is currently available.

Look for a new marketing blitz from AOL this fall, with a mass distribution of AOL 4.0 via CD-ROM.

VIRUS NEWS. The latest virus to hit the news recently, Win95.CIH, was all the talk among many computer users a couple of weeks ago.

The virus allegedly strikes on the 26th day of the month, and can spread rapidly to infect every executable program on your computer's hard drive.

On the 26th of the month the Win95.CIH virus allegedly reformats any connected hard drive, and on some computers, erases the system's BIOS chip, making it virtually impossible to quickly restore the computer.

But was all the concern and publicity about Win95.CIH warranted? Some experts say the virus was no more threatening than any other computer virus.

The virus attaches itself to executable program files, and most folks don't download files unless its from a reputable company, so the chances for widespread distribution are small.

But the Win95.CIH virus did make its way into a recently released computer game demonstration from Activision called "SiN."

A downloadable demo of the game distributed around the Internet was inadvertently infected with the virus.

Activision officials and gaming Web sites received dozens of reports and inquiries about the virus, according to a C|Net Central story. Their investigation is continuing into how their file was infected with the virus.

Viruses are serious business; you can buy some peace of mind by buying a reputable anti-virus program and running it often.

New viruses show up on a daily basis -- to best protect your computer, update your anti-virus program on a regular basis.

Comments and questions about this column may be sent to jbrooks@myoldkentuckyhome.com, or visit www.myoldkentuckyhome.com on the World Wide Web.

| HOME |