The Melissa virus was just the latest of a string of attacks on Microsoft software that have raised questions among security experts about Microsoft's ability to protect its software customers.
Any security holes in Microsoft's Windows NT, Office and email software are especially troublesome given these programs' rapid spread throughout the corporate world as a computing standard, in may cases pushing aside more mature and secure systems based on Unix.
Microsoft is a popular target for such attacks because the company is disliked by many crackers and because its software is widely used. Commentators also say that the company also has made its software vulnerable by introducing new functions before they are properly debugged, by not educating consumers about the potential hazards and by not building enough security into its desktop operating system.
Melissa is particularly worrying for network administrators because it represents a new trend toward penetrating corporate systems. It attacks the more vulnerable individual user's desktop computer rather than taking the more traditional approach of breaking into central servers. "People are getting at a corporation's information through the client," said a cracker who identified himself as "Weld Pond". "Windows 95 doesn't even have a security model."
Pond, a member of L0pht, a group that has frequently cracked items of Microsoft software, said that the company's macro language is an example of the kind of code that has not been well thought out.
Pond says that the problem is that users who receive an email containing a macro are only given the choice of activating the macro or not activating it. "You can't tell the system to open the program but don't give it access to my system," he says. By contrast, he points out that in designing Java Sun used a "sandbox" approach that largely prevents a Java program downloaded from the Net from interfering with the rest of the computer. That has all but prevented crackers from using Java to infect computers.
Joe Wells, who maintains the Wild List, a list of active viruses, said that close to 50 per cent of all new viruses are hidden inside macros. "It is by far the fastest growing group," he said.
Microsoft has said that it will continue to use macros because they are popular among corporate users. "Our customers have told us that the macro language is important to them," said George Meng, group product manager for Microsoft Office.
Meng said consumers could avoid problems by clicking "disable" when presented with an unfamiliar macro. He added that future versions of Office would allow network administrators to screen out macros that don't come from specified sources.
In its effort to promote the use of macros, experts say Microsoft hasn't done a good enough job of warning consumers of the security dangers. Since most consumers never use macros, for example, Microsoft could easily ship Office with macro execution set off by default but it doesn't.
"If Microsoft shipped its products with the macros off, we'd probably all be fine," said Alan Paller, director of research at SANS Institute, a non-profit group based in Maryland that provides training in security issues.
"(Microsoft) wants the product to be as powerful as possible," says Paller. "But sometimes fixing it (for security reasons) hobbles it a little bit. It's the ultimate conflict."
"Traditional" file viruses can still be dangerous. The CIH virus, which is designed to spread widely before triggering, is due to be tripped off on the 26th next Monday). Predictions of damage from time-triggered viruses have often been exaggerated in the past, but now is a good time to ensure that your anti- virus software is up to date and protects against CIH.