Although Microsoft has made great strides in making Outlook more secure over the years, Outlook is still one of the most vulnerable applications your users are likely to use.
Not a day goes by when Outlook isn't bombarded by a steady stream of e-mail viruses; it is an application that is heavily targeted by hack attempts. At the end of the day, the only way to keep Outlook secure is to keep it and the underlying Windows operating system up to date. The good news is that Microsoft provides numerous resources for doing so. Here are a few of the resources that are available.
Microsoft Baseline Security Advisor
One tool that no one should be without is the Microsoft Baseline Security Advisor (MBSA). This tool, which is free from Microsoft, compares your system against an online database maintained by Microsoft to make sure that your system is up to date. If a service pack or hot fix is available for Outlook, Microsoft Office, Microsoft Windows or any other Microsoft product that you have installed, this utility will tell you which patch or patches you need and where to get them.
By scanning your system with MBSA on a regular basis and following MBSA's recommendations, you are guaranteed to keep Outlook and the rest of your system up to date. You can get the MBSA from http://www.microsoft.com/technet/security/tools/mbsahome.mspx.
If you have been a network administrator for very long, you are probably familiar with the resource kit for the various versions of Windows. What you might not have known, however, is that Microsoft creates resource kits for most of their other products as well, including Microsoft Office.
The Microsoft Office 2003 Editions Resource Kit contains numerous different tools that you can use to enhance Microsoft Office. From a security prospective, some of the more interesting tools include the Customizable Alerts, Office Profile Wizard, Policy Definition Files, the Policy Template Files and the Outlook Administrator's pack. You can download the Office 003 Editions Resource Kit from http://www.microsoft.com/office/ork/2003/tools/ddl/default.htm.
Hardening Outlook against viruses
There is a lot that you can do to prevent viruses from damaging your system besides spending a fortune on anti-virus software. Don't get me wrong--I believe that having good quality anti-virus software in place is essential to protecting your organization from viruses. However, there are a lot of things that you can do at the Outlook level to prevent viruses as well. For example, you can control which file types Outlook restricts within inbound messages. You can also help to control the spread of viruses by using an Outlook Security Template to configure Outlook's security settings. When deploying customized Outlook security settings to client computers, you can even make the security settings that you assign override anything that a user might try to assign. All of these topics and more are addressed on Microsoft's Web page on customizing Outlook 2003 to Help Prevent Viruses. You can access this page at http://www.microsoft.com/office/ork/2003/three/ch12/default.htm.
Security Resources for Outlook
Most of the concepts that I have talked about thus far involve keeping Outlook up to date and protected from viruses. However, Microsoft provides a Web site that is dedicated specifically to providing you with all levels of security resources for Outlook. These resources include simple updates like what I have already discussed, but also includes things like white papers on how to implement a front end / back end configuration for attaching Outlook to an Exchange Server. You can find this Web site at http://www.microsoft.com/exchange/techinfo/security/outlook.asp.
Although the MBSA will advise you on which updates you need to apply to keep your system secure, it does not necessarily inform you of all of the updates that are available for Outlook or for Microsoft Office in general.
Microsoft sometimes releases updates that don't effect security, but rather help Outlook's stability or performance. Microsoft also routinely provides add-ins that integrate additional capabilities into Outlook and the rest of the Microsoft Office suite. For example, since releasing Microsoft Office 2003, Microsoft has released a video e-mail add-in and a PST backup utility for Outlook 2003. None of these types of updates are likely to be included within the MBSA's reports.
If you are interested in performance, stability or capability updates, then I recommend checking out the Microsoft Office Downloads page at http://office.microsoft.com/officeupdate/default.aspx.
Brien M. Posey, MCSE, has been designated as a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, Tech Target, MSD2D, Relevant Technologies, and numerous other technology companies. You can visit Brien's personal Web sites at www.brienposey.com and www.relevanttechnologies.com.