As someone who doesn't use
Outlook, I don't know whether there's something that allows you to turn off scripting or not, but if there is, that's really all that
Microsoft has to provide. Outlook might be crap. I don't know. I just think they're taking it on the chin because they've already got a bad rap. I don't see this as a security hole... it requires the end user to physically launch the file, no? If that's the case, it's an education issue.
What I'm really sick of people on television and newsprint saying things like, "I can't understand how it got through the firewall!" and "I thought it was safe because it was from someone I knew!"
If people were trained that, yeah, there's a chance opening a file can wipe out their systems, then maybe several thousand people wouldn't have opened a love letter a few weeks ago. This resume thing is just another example.
If you're not in charge of hiring, aren't currently hiring, or aren't expecting a resume, WHY OPEN IT? If there's any doubt, call, write, or god forbid go see the person who sent it to you.
There are several problems that patching Outlook won't fix...
- Many companies don't train employees properly on the use of e-mail, including warning them that any attachments they open (vbscript or otherwise) can have malicious effects. Opening an attachment can do some funky shit whether you're using Outlook, Lotus Notes, or PINE.
- Most companies don't have an enterprise anti-virus solution installed company-wide. (Damn, that was like 5 buzzwords in one sentence). But it's true. They're less concerned with security than with recording every one of Karen in Marketing's keystrokes to make sure she isn't shopping Amazon at work.
- People will always find a way to spread viruses. Rather than seal off the part of the submarine that was torpedoed, why not teach people how to avoid the torpedo?
That's the key thing.
Education. When someone lpr's a gif, do you disable the lpr command or unplug the printer? No. You tell them to a2ps the fucking thing. And then not only do you not have a large stack of paper with some weird characters on the back, but that person is also unlikely to do it again.