Reliable Software Technologies of Dulles, Virginia, has developed a free program that stops viruses from automatically propagating by exploiting Outlook. The JustBeFriends.dll installs on desktops and blocks calls to Outlook by monitoring the Visual Basic Scripting Engine. The patch, however, will not prevent a virus from damaging files on a user's hard drive.
But it will help contain viruses and stop them from spreading. The insidious "ILoveYou" virus was a Visual Basic script that used the Outlook address book to quickly distribute itself throughout email systems.
"Our patch works outside of Outlook and monitors applications calling Outlook," says Gary McGraw, vice president of corporate technology for Reliable. "We prevent the scripting engine from invoking Outlook and sending out email on the user's behalf."
If a request for access to Outlook comes from a script being run from the desktop or from an attachment, access is denied. Otherwise, the user is asked to confirm that the application should be allowed access to Outlook.
The patch is a Dynamic Link Library (.dll) that lives inside the "appinit" Registry Key and is installed using a standard InstallShield setup.
The patch can be used in conjunction with the just released Outlook E-mail Security Update from Microsoft, or it can be run on its own. The Microsoft patch prevents Outlook from accepting a number of attachments, including .VBS, and adjusts security zone settings to prevent scripts from running by default. The patch also prevents applications from using the address book to send email.
"Together we think the two patches provide the best security," McGraw says. But Reliable also said it thinks the Microsoft patch is too big and complex to be a trustworthy security measure.
The difference between the patches is that JustBeFriends works outside of Outlook by monitoring the VB Scripting Engine that is part of the operating system. The Microsoft patch actually works inside of Outlook, adding functionality and providing additional security settings.
"When you're working from inside Outlook, the question is are you covering every possibility" for a security breach, McGraw says. "Also, if there is a bug in the software it could make the patch fail or become obsolete."
For example, the Microsoft patch blocks a variety of email attachments, but zip file attachments aren't blocked. That means if a virus is contained in a zip file, it could circumvent the block - much like what was done with the Melissa virus.
There are other differences as well. The JustBeFriends patch is much smaller at 300K bytes, compared with 8M bytes for the Microsoft patch. Also, the Microsoft patch cannot be uninstalled without reinstalling all of Microsoft Office, while the JustBeFriends patch has an uninstall feature.
The Microsoft patch works with Outlook 98 and 2000, while the JustBeFriends patch works on all versions of Outlook, including Outlook Express. However, JustBeFriends only works on desktops running Windows NT or 2000.