by Steven J. Owens (unless otherwise attributed)
There is no such thing as an email virus, only an Outlook virus. Why is that?
Microsoft was completely absent from the email world for most of the history of email, and these security problems were ENTIRELY ABSENT. Why is that?
None of the various massively-widespread dominant email clients before Microsoft Outlook had these problems. Why is that?
It's because the email world was designed by programmers, who realized how incredibly STUPID it would be to let somebody you don't know run a program on your computer, as you.
It's not like we didn't notice the possibility. It's not like we didn't think how cool it would be to email programs around, or to run remote code. We're geeks, for dog's sake, we GET OFF on thinking up this sort of shit.
For example, that was part of java's original mission, and that project started in 1990, well before Microsoft even knew the Internet existed. I know the java folks weren't the first to think of it, either. We just recognized how STUPID and DANGEROUS it would be, and how DIFFICULT and TRICKY it would be to engineer a solution that wasn't STUPID and DANGEROUS.
Microsoft comes along and decides not only that this is a great idea, but to implement it in an incredibly slipshod fashion. One thing Microsoft does NOT have a monopoly on is stupidity and marketing, and you can find numerous accounts (check comp.risks) of large corporations engaging in such (the classic example is a corporation trying to suppress news of a security vulnerability, instead of fixing it). Microsoft just has an astounding track record of it.
Somebody once likened using Outlook to eating Oreos; hidden, long-term risks, but they're not obvious, you may never run into problems and you may not realize what caused the problems.
The problem is, using Outlook is not like eating Oreos. It's like shitting in your backyard.
Sure, it's convenient for the average user, and there generally aren't any obvious and immediate risks associated with it, but sooner or later dysentery is going to break out, and your "convenient" behavior is going to cause grief for all of your neighbors as well as for yourself.
I wouldn't really care if people used Outlook, if:
a) they didn't fill up my mailbox and clutter my network access with stupid, no-reason-for-existing Outlook viruses
(we really need to stop calling these things Email viruses, they're not email viruses, they're Outlook viruses; they wouldn't exist if Outlook didn't exist).
b) they didn't keep trying to subvert Internet standards and sucker people into using things like HTML email
(Which can actually be a quite handy technique for building distributed workflow applications, but sadly is too sloppily implemented to be feasible without entirely too much risk, let alone the issues of supporting and encouraging the use of such an irresponsible software package.)
c) they didn't keep trying to force ME to use it (1)
Note: 1 By various methods. Some nefarious, like typical MS subversion of standards. Some by vendor lock-in, like the associated appointment utiltities that somebody at a former employer tried to use as a club to beat me into using Outlook (2). Some by just general pressure towards a defacto Microsoft "standard".
Note: 2 Never mind that you could use IMAP just perfectly fine to read your mail from Exchange if they would just enable IMAP. Because of course, even though IMAP is a (real) standard, and Exchange supposedly supports IMAP fully... it's disabled by default. And of course, the Exchange admin is scared shitless of anything outside of his little Microsoft world of experience and refuses to enable it.
As it is, Outlook is not only aesthetically annoying (i.e. it's so ugly that it's obnoxious to see it or even know it exists, much like seeing my neighbor shitting in his backyard would be - but if that's all there was to it, well, that's my problem to deal with), it's a downright hazard and source of continuing problems and network health risks (even if I don't run Outlook, I still have to deal with the false traffic and bandwidth consumption generated by Outlook).