Microsoft says there are no problems with its e-mail software, even as computer experts have come out in support of an Auckland software designer who says its e-mail programs are dangerously flawed.
Phil Saleh, creative director of Arabesque Multimedia, says he has discovered a security flaw in Microsoft's OutlookExpress program that could allow hackers to create devastating new "hell viruses."
Microsoft New Zealand's technical marketing manager, Craig Dewar, said the program was not flawed and users could protect themselves by activating the "Restricted sites zone" found in the "Tools" menu of Outlook by selecting "Options" then "Security."
The setting does not stop the Java Script viruses Mr Saleh warns of, but does let the user choose whether to allow the Java Script to run.
But there are also indications that Microsoft is still analysing the problem. Mr Saleh received an e-mail yesterday from the Microsoft Security Response Unit in California requesting more details of the flaw he had discovered.
"Our technical staff here have not yet been able to reproduce the full scope of effects and problems that you described ... I would like to encourage you to forward any additional sample code that would help speed our analysis," said the e-mail.
Mr Saleh was willing to provide more details but could not understand why Microsoft still would not acknowledge the problem. Mr Dewar did acknowledge, however, that Microsoft was working on ways to improve e-mail program security.
"We are releasing a security patch that is designed to lock down 'I Love You' style viruses. It will also change the configuration to close this loophole."
Mr Dewar could not say when the security patch would be released. But computer forensics expert John Thackray did not accept Microsoft's explanation.
"Most people do not know how to use these security functions; it is a flaw in the system."
The function also disabled many of the capabilities Microsoft used in advertising to market the program.
