Microsoft’s latest software vulnerabilities sparked a lengthy discussion on the eSchool News Safety and Security Technology Forum recently. The topic: whether or not schools using Microsoft’s browser and eMail programs should switch to Netscape’s.
Microsoft announced in July that two independent researchers had discovered a new way to include malicious code inside Microsoft Outlook eMail, making it much easier for a hacker to control another person’s computer.
Unlike other viruses, or “worms,” which require an eMail user to open an attachment or read, preview, or forward the message before activating, the newly discovered flaw enables a virus to be triggered simply by downloading the infected message. Computing practices once considered safesuch as immediately deleting a suspicious messagemight be ineffective in dealing with the new threat.
Microsoft said the problem is in its Internet Explorer web browser, and it suggests that users upgrade to Internet Explorer version 5.01 Service Pack 1, which can be downloaded at no cost from Microsoft’s web site. That version is not vulnerable to the problem. Internet Explorer 5.5 also is safe for all users except those running Windows 2000. Win2000 users of IE 5.5 should switch to IE 5.01 SP1 as well, Microsoft said.
But when educators participating in the eSchool News Technology Forums for School Professionals were asked if they were going to upgrade their software, several suggested switching brands entirely.
“The most proactive approach you can take is not to use Outlook or Outlook Express. Netscape Mail does the job for us and it is free,” wrote Paul E. Blair, director of instructional technology and information systems at Skaneateles Central School District in New York.
“I absolutely concur with Dr. Blair,” wrote Steve Cameron, educational technology director at St. Louis Public Schools in Michigan. “Netscape Mail has been wonderful for all of our staffwithout the routine headaches that my peers, who have to support Microsoft’s more vulnerable eMail clients, have to endure.”
Others questioned whether Netscape Mail is any more secure than Microsoft Outlook.
“I’m not doubting anyone, but I have heard too many people slam Microsoft for things that are just as broken on other platforms,” said James E. Ross, technology coordinator at St. Elmo Community Unit School District in Illinois.
Ronnie Lawson, another contributor to the discussion, said, “If something is written to cause problems, it doesn’t matter what eMail or browser you use.”
To this, Cameron replied, “That’s like saying all cars perform the same in crash tests.”
Some suggested Microsoft’s program has more security problems than Netscape’s because it’s the most widely used software.
“Melissa and LoveBug made the assumption that you’re using Outlook, since the vast majority of eMail users arealthough I don’t recall any statistics,” said Kyle Hutson, director of technology at Rock Creek School District in Kansas. “If Netscape had similar market dominance, the virus writers would merely change their assumptions to forward to your Netscape address book.”
Mike Norton of Pines Academy expressed a similar opinion: “Yes, Outlook Express has some holes. So does Netscape; they just have not been exploited yet.”
He recommended that schools keep using Microsoft’s browser since it is more mainstream than Netscape’s, which he described as “slow and very non-standard,” and he suggested that schools look at other eMail programs on the market.
“There are several eMail clients out there. You don’t have to stay with a bundled package,” Norton wrote. “Check out Eudora or Pegasus Mail. Eudora is now free for the full versionand last time I checked, Pegasus was free also.”
Hutson said, “The problem with Outlookor, as many before me have suggested, it [should] be renamed LookOutis that it ‘helpfully’ opens your attachments for you, so you can get that cute little preview window.”
If you download the latest patches from Microsoft and configure Outlook not to open attachments automatically, you can bring Outlook’s security concerns down to the same level as Netscape’s, he said.
Membership in the Safety and Security Technology Forum is free and includes school superintendents, technology coordinators, teachers, and other school professionals.
eSchool News also hosts two other discussion groups, Curriculum Integration and Technology and Technology Funding. All three forums are available free on the eSchool News web site.
Technology Forums for School Professionals
Skaneateles Central School District
St. Louis Public Schools
St. Elmo Community Unit School District
Rock Creek School District