If you have installed all of your Windows updates and you use Outlook or Outlook Express as your e-mail client, you will not be able to open most attachments. Outlook will give you a message that it has blocked access to a potentially harmful attachment. Outlook Express will simply have the attachment grayed out by default so that you cannot click on it. You can choose to receive the attachment in Outlook Express by changing the option on the security tab. I would suggest that you leave the option checked and uncheck it only when you need to receive a file from someone. This would be especially true if you have computer users in the house that might accidentally believe the e-mail warnings that we sometimes get.

Microsoft Outlook requires a change to the registry to allow the receipt of unsafe attachments. If you want to add this registry change to your system you will need to do the legwork on your own because I will not give out that information. Suffice to say that Outlook is a little safer than Outlook Express because it is harder to allow the attachments to come in.

Now let’s talk about the specific issue that prompted this tirade. I am sure that most of you have seen the cheesy text-only e-mail that talks about the attached file being the latest fix from Microsoft. Now there is an e-mail circulating with subjects like Last Internet Update, Last Microsoft Update, Last Network Critical Pack or just simple critical update. The body of the e-mail has the look of the Microsoft Web site with the blue bar and the black menu as well as some very official looking links to Microsoft and its legal links along the bottom. All of the links point to actual Microsoft sites when clicked on so it would seem that this is an official e-mail from the man.

The problem with this e-mail is that it does not actually come from Microsoft and the attachment that it contains is a worm called W32.Swen.A@mm. You can read all about it on the Symantec Website. This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you click on the attachment. Microsoft has had the fix for this problem available since March 29, 2001. It was recently updated but I think 2½ years is long enough to wait to get the update.

Even if you are smart enough not to click on the attachment, some of the e-mails also have the worm included in the body of the e-mail. Your unpatched system will be infected by opening the e-mail or just previewing it in the preview pane. And then there are the Kazaa files that are infected, the IRC chat programs and network file sharing that can allow you to be infected.

There are many ways to become infected with this worm and an even easier way to not be infected. Wouldn’t you rather take the time, even on the dialup connection, to take care of the updates and save us all a lot of grief? Take a minute every evening for a week before you go to bed. Connect to the Microsoft Windows update site, get the downloads started and go to bed. You will need to accept the license agreement before the download will start but most of the update are done without any user intervention. You will get up in the morning and have to reboot the system and then be on your way.

If everyone made a point to have all their critical updates taken care of we could put an end to this mess. Until that time comes the virus writers will continue to have their fun with us and laugh amongst themselves at all the dimwitted Microsoft people that allow themselves to be fooled by the same old tricks over and over again.