Email-transmitted malware is an unfortunate fact of life. Malicious code attached to email messages can contain worms or viruses; once one machine becomes infected, highly interconnected email systems allow malware to spread very quickly.
How'd we get here? Customers asked for advanced customization features, so Microsoft delivered them as part of the Microsoft Office system. The first really bothersome email viruses were created and spread using the Office macro language; more recently, the mix of malware has shifted toward attacks that exploit vulnerabilities in Microsoft Internet Explorer.
The integration between Microsoft Outlook, other Office applications, and the Microsoft Windows operating system delivers a great set of benefits, but some malicious people have used those features for ill -- no different than almost any other technology.
Completely disallowing all forms of scripts and executables is a cure worse than the disease; the ideal remedy would be to teach users not to open untrusted attachments. However, that assumes that users will always do what you tell them to do, and we know better.
Fortunately, a combination of Microsoft Outlook email security features and administrative savvy can be applied to minimize, if not eliminate, the vulnerability.
8 tips in 8 minutes: A Microsoft Outlook email security tutorial
Tip 1: An overview of Microsoft Outlook email security features
Tip 2: Customizing the Microsoft Outlook Security Update
Tip 3: Customizing Outlook email security settings for end users
Tip 4: Setting up RPC over HTTP for Microsoft Outlook
Tip 5: Using S/MIME in Microsoft Outlook
Tip 6: Using Information Rights Management in Microsoft Outlook
Tip 7: Reaching into Microsoft Outlook's email security toolbox
Tip 8: Related resources on Microsoft Outlook email security
|This chapter is an excerpt from Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.|