Microsoft aikoo muuttaa sähköpostiohjelmansa Outlookin toimintoja tietoturvan parantamiseksi. Outlookin versiossa 11 sisältöä kuten kuvia, ääniä, videota ja ulkoisia linkkejä ei enää näytetä. Kun käyttäjä avaa itselleen tuntemattoman liitteen, saattaa samalla lähteä viesti roskapostin lähettäjälle, että kyseessä on oikea aktiivinen osoite. Microsoft haluaa nyt eroon tällaisesta tietoturvaongelmasta. Tässä suhteessa Outlook lähestyy nykyistä FirstClassia. Uudistuksen odotetaan vähentävän roskapostia.
Outlook 11 will, by default, no longer grab data such as images from outside servers when previewing e-mail formatted like Web pages. The ability to send and receive e-mail formatted in Hypertext Markup Language (HTML) was at one time touted as a feature in Microsoft's e-mail programs.
"We've taken a step backward, so to speak, by blocking external content when you preview e-mail," Simon Marks, Office XP product manager, said this week. Marks described the new feature as an important spam-fighting tool.
Data such as image, sound and video files in HTML-formatted e-mail is usually pulled from a Web server in much the same way a Web browser grabs such data. But in the case of accessing content through a Web browser, someone typically makes the decision to go to the site. With Web-based spam mail, the content comes to the person unwanted--sometimes with strings attached.
When content is downloaded in spam e-mail it can act as what is known as a "Web beacon," telling the sender that the e-mail address is in fact valid, a technique used by spammers. Viewing the message in a preview pane without opening it is enough to trigger the Web beacon, analysts said. The beacon can lead to more unwanted mail from the original sender and, potentially, from other spammers who have access to the same mailing list.
The new Outlook feature is part of Microsoft's increased emphasis on privacy and security, something the company hasn't always had much success with. On Wednesday, for example, Microsoft issued three new security alerts. In August, the Redmond, Wash.-based company settled a Federal Trade Commission complaint regarding privacy and security problems with the Passport online authentication system.
And the new spam-blocking feature isn't Microsoft's first attack on HTML-formatted e-mail. Outlook 2002, by default, blocks cookie files used to track the messages. Spammers sometimes use HTML e-mail to place cookies on hard drives. The files can be used to track Web browsing habits or collect other information for the sender.
Although the Outlook 11 feature could lessen the hassle of unwanted e-mail, it could also filter out legitimate data, unless the default setting is changed. Microsoft is betting this inconvenience will be worth it to Outlook users who are sick of spam.
Michael Gartenberg, an analyst with Jupiter Research, believes the company is on the right track, particularly by offering customers the option of turning the feature on or off.
"Microsoft is often in the middle in security issues and needs to balance what makes sense for (people who) use their products," Gartenberg said. "By allowing IT organizations and end-users to strike a balance that's correct for them, Microsoft's approach is a good one."
Beating down beacons
But some analysts questioned whether the new feature would be all that useful in practice.
"I don't think blocking Web beacons...in e-mail messages will really help the spam problem that much," said independent security consultant Richard Smith. "It will just stop snooping."
"The legit e-mail marketing companies...are really going to hate this feature," Smith continued. "They use e-mail Web beacons...to gather statistics about e-mail advertising campaigns."
But many Outlook users may not care about that, regarding any marketing e-mail as spam and welcoming any mechanism that can give such mail the boot.
"It's often hard to distinguish between one person's spam and another person's valuable information," said Jupiter's Gartenberg.
Directions on Microsoft analyst Paul DeGroot said the new feature doesn't make Outlook foolproof and that the safest bet is simply to use common sense.
"If you can't tell that the message is about something you need to know about, and from someone or some organization you know, just delete it," DeGroot said. "The numerous scripting bugs that have been found in Outlook in the past have made this a best practice."
DeGroot noted that Web beacons are not just an e-mail problem. A recent security problem affecting Microsoft's Word 2002 allowed for a similar kind of tracking.
"If someone sends you an attachment in Outlook that contains a Word document that links to an external Web site, the same tracking is possible," DeGroot said.
When it came to adding the new feature, Microsoft apparently learned a lesson from past mistakes. With the release of Office XP in May 2001, the company rigged Outlook to block more than 30 types of file attachments, including Help files. The move drew a rapid negative response from Office users because Microsoft initially provided no mechanism for turning the feature off.
Still, consultant Smith said "automatic blocking of attached executable files in Outlook (is) one of the most important security improvements that Microsoft has made so far."
The new Outlook 11 feature can be turned off in several ways. Users can disable the mechanism completely, or turn it off for any individual message they chose. They can also choose an option that allows HTML content in e-mail from Web sites people have designated as trustworthy.
"I think Microsoft errs on the conservative side when it comes to privacy and security," said Gartner analyst Michael Silver. "That's a good feature, as long as the pieces are there to turn it off, which would appear to be the case."
Besides the content blocking, Microsoft has added other security enhancements addressing problems posed by HTML e-mail.
"You can now convert all your e-mail to plain text," Microsoft's Marks said, another way of thwarting unwanted e-mail cookies and Web beacons.
"This feature has been a popular request," Smith said. "Lots of people seem to really hate HTML e-mail. It is almost a religious issue."
The big makeover
Microsoft kicked off the first Office 11 test period last week, but the majority of testers outside Microsoft didn't receive their software until Wednesday. The new version of the e-mail program will be included in Office 11, the next incarnation of the software giant's widely used office productivity software. About 12,000 people--half within Microsoft--will be testing Office 11. Microsoft has not announced the official name or pricing of the product, which is expected to ship in mid-2003.
In this first test version, Outlook has undergone a significant makeover. Microsoft has revamped the interface, removing, for example, the left-hand Outlook Bar that has been part of the product for about seven years. In a potentially more dramatic change, Microsoft has moved the preview pane from the bottom of the page to the right-hand side, though people do have the option of returning it to the former position.
Marks described the change as "a more natural" way to view messages, which display like a normal full-length page document.
Jupiter's Gartenberg said the interface change is as much about boosting sales as making the product more usable. "Part of the effort is to give their software a new look and feel to make your current software feel obsolete," he said.
But the change is also designed to prepare Outlook 11 for use on Windows XP Tablet PC Edition, Microsoft's specialized operating system for pen-based computing, which the company and computer manufacturers will launch in New York next week. Microsoft also is integrating support for "digital ink" in all Office 11 applications. This would let people use a stylus to write text directly into the applications or to make annotations. Microsoft is expected to release next week an enhancement adding similar capabilities to Office XP.
Many other Outlook 11 changes are less obvious. The product features a new cache mode that makes connecting to Exchange servers easier. Cache mode makes e-mail and other Outlook data readily accessible, rather than requiring the e-mail program to constantly access the Exchange server. The feature also keeps a person's data file synchronized with the one on the server.
People connecting to the Internet mail server will find that "We've made the process eight times faster," Marks said.
Other tweaks in Outlook 11 include a pop-up box that appears at the bottom right-hand side of the screen with a synopsis of each incoming e-mail message. Also, single messages can now appear in multiple folders. Outlook 11 includes more sophisticated handling of digital certificates, too.