Outlook 98 E-mail Security Update
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
To help protect you against most viruses spread via attachments in e-mail, Microsoft has introduced a significant security enhancement for Outlook® 98 and 2000—the Outlook 2000 SR-1 Update: E-mail Security and the Outlook 98 E-mail Security Update. This security update provides protection from most viruses, such as the ILOVEYOU and Melissa viruses, as well as other viruses that spread themselves through e-mail, or worm viruses that can replicate through Outlook. This update limits certain functionality in Outlook to provide a higher level of security; it was not created to address a security vulnerability within Outlook. This update provides unprecedented security protection for Outlook and Microsoft encourages all users of Outlook 2000 and Outlook 98 to install the appropriate update for their version of Outlook.
On This Page
The Outlook E-mail Security Update provides the following security measures:
E-mail attachment security prevents users from accessing several file types when sent as e-mail attachments. Affected file types include executables, batch files, and other file types that contain executable code often used by malicious hackers to spread viruses.
Object Model Guard prompts users with a dialog box when an external program attempts to access their Outlook Address Book or send e-mail on their behalf, which is how insidious viruses such as ILOVEYOU spread.
Heightened Outlook default security settings increase the default Internet security zone setting within Outlook from "Internet" to "restricted sites." In addition, active scripting within restricted sites is disabled by default. These security features help protect users from many viruses that are spread by means of scripting.
Once installed, this update will affect certain functionality within Outlook, and may also have an impact on the interaction of some third-party software programs with Office. For more information before installing the update, read the Microsoft Knowledge Base article 262618:Known Issues with the Outlook E-Mail Security Update.
System administrators should read the Knowledge Base article 263296: Administrator Information About the Outlook E-mail Security Update for information about customizing the E-mail Security Update.
Certain e-mail attachments are unavailable
Once you install this update, you will not be able to access attachments with file types that could run executable code or change settings on a computer—actions that could allow a virus to spread. These file types are known as Level 1 security files.
Level 1 security files: Level 1 security files (restricted access in Outlook) are files that may contain executable code themselves, or may contain links to other files that contain executable code that could execute a virus on your computer. Level 1 file types include program files (.EXEs, .COMs), script modules and files (.BASs, .VBSs, .JSs), Internet links (URLs, .ISNs), and shortcuts to files (.LNKs, .PIFs). For a list of these file types, see the Outlook E-mail Security Update— Frequently Asked Questions (http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx ).
Level 2 security files: File types on the Level 2 security list must be saved to disk before they can be opened; the files cannot be opened directly from within Outlook. There are no files types on the Level 2 security list by default, but file types can be added to the list by system administrators. For more information, see the Knowledge Base article 263296:Administrator Information About the Outlook E-mail Security Update.
Receiving a restricted attachment
If you receive a message that contains an attachment that cannot be accessed, your Inbox will display the paperclip in the attachment column to let you know that the message has an attachment. When you open the message, the attachment will not be available and the following will be displayed at the top of the message:
On the File menu, the Save Attachments command and the View Attachments command on the shortcut menu will not be available for this message. If you receive a message with multiple attachments, any of the unsafe attachments will not be accessible, but other attachments will be retained. When you open the message, you will see the same warning as above, but any attachment not affected by the update will be available to you. Save Attachments and View Attachments can be used for the safe attachment.
Attachments that must be saved to disk If you receive a message containing a Level 2 file as an attachment, the following warning is displayed if you try to open the attachment.
When you attach a file to e-mail, the update checks the file type of file when you send the message. If the file type is on the list of restricted files, you will be warned that other Outlook users may not be able to open the attachment. If you click Yes, the message is sent with the attachment. If other users have this update installed, the attachment will be inaccessible. If you click No, the message will be returned to you for editing, which will involve removal of the attachment.
Programs are prevented from sending mail without your permission
The Outlook 98 E-mail Security Update changes the behavior of some Outlook automation functionality. Since viruses can spread by sending copies of e-mail messages to people listed in your Address Book, this update changes Outlook functionality so that programs cannot automatically access your Address Book or Contacts list, or send messages on your behalf. In either case, Outlook will prompt you, ensuring that Outlook can't be used to distribute e-mail without your permission.
For example, if code attempts to access your Address Book in Outlook, a warning appears. You can either allow the program access for this instance, or you can select the Allow access for checkbox and specify an amount of time up to 10 minutes. If you do not want the program to access your Address Book, click No.
Outlook security settings are set to Restricted Sites by default
Default security zone settings are set to Restricted Sites (rather than Internet) by default, and active scripting within restricted sites is disabled by default when this update is installed. The Restricted Sites security zone disables most automatic scripting and prevents ActiveX® controls from opening without the user's permission. These security features help protect users from many viruses that are spread by means of scripting. For more information on the difference between the Restricted Sites and Internet zones, see the Microsoft Knowledge Base article 174360:How to Use Security Zones in Internet Explorer. To change your Outlook security settings manually, on the Tools menu, click Options and then click the Security tab.
For additional information about the ILOVEYOU virus, read Information on the VBS/Loveletter Virus (http://www.microsoft.com/technet/security/guidance/virus/vbslvltr.mspx ).
For more information about the security update, read the Microsoft Knowledge Base article 262617:Information About the Outlook E-mail Security Update.
If you are a system administrator, read Knowledge Base article 263296: Administrator Information About the Outlook E-mail Security Update for information about customizing the E-mail Security Update. System administrators can download the Outlook 98 Security Update Administrative Tools from the Customizing the Outlook 98/2000 E-mail Security Update page.
The Microsoft Knowledge Base article 262700:Developer Information About the E-mail Security Patch contains additional information about Outlook automation changes.
After you have installed the update, you can learn more about e-mail security by typing virus protection, e-mail security, or unsafe attachments in the Office Assistant or on the Answer Wizard tab in the Outlook 98/2000 Help window, and then clicking Search.
Once the update is installed you can read troubleshooting information about the Outlook E-mail Security Update by typing troubleshoot e-mail security or troubleshoot virus protection in the Office Assistant or on the Answer Wizard tab in the Outlook 98/2000 Help window, and then clicking Search.
To install this download
Instructions for use:
Once you install this update, use Outlook as you normally would. Please note, however, that you will no longer be able to open many types of attachments directly in Outlook. Also, some attachments will require that you save them to your hard disk drive before you open them.
To remove this download:
There is no uninstall utility for this update.
For support of this download:
If you are experiencing problems with this download or the Office Update site, please review the Support Page (http://www.microsoft.com/downloads/details.aspx?FamilyID=8DEE9E59-23DC-46FC-8FC1-7B680B7E9D13&displaylang=EN) for assistance.