Love, Microsoft

articles
May 9 2000 9:00 PM

Love, Microsoft

Who's to blame for the "ILOVEYOU" virus? Who else??

See below for Microsoft's response.

(Continued from Page 1)

It's important to note that the virus payload cannot run by itself. In order for it to run, the recipient must open the mail, launch the payload by double-clicking on it, and answer "yes" to a dialogue that warns of the dangers of running untrusted programs.

Advertisement

Sure enough, the warning is explicit and prophetic. To activate the virus, at least some people had to ignore it. And sure enough, people ignored it all over the world. They ignored it inside Microsoft headquarters—we know this because the company mail servers were shut down intermittently over a two-day period and because some copies of the virus were inadvertently dispatched onward to the outside world.

How could people be so stupid? Simple. We've seen these fine-print warnings thousands of times. We've had to learn to click on past them. We've seen them whenever we display e-mailed pictures from our friends. The warning says to "be certain that this file is from a trustworthy source"—none too helpful when our trustworthy sources are being tricked into mailing us the virus. But the wording hardly matters; we no more read these warnings than we read the click-through agreements crafted by company legal departments.

The trouble is, Microsoft applies the same warning to the passive display of content and to active scripts allowed to delete files, alter the Windows registry, and send mass e-mail.

The ILOVEYOU vandal showed a sophisticated understanding of vertical integration, a fact of life in the Microsoft universe that the Department of Justice, too, has been zeroing in on. Many different pieces of the Microsoft jigsaw puzzle are now platforms for executing programs: the browser, the word processor, the spreadsheet, the e-mail client. They all work together, and they each perform the functions of an operating system. That can be really useful. It's also dangerous. So it's time for Microsoft to make some crucial distinctions. It's one thing to display data passively: present text, play music, show pictures. It's another to grant active access to the file system: delete data, alter program settings. A good, modern e-mail program needs to be able to display all kinds of stuff. But there must be limits.

As a matter of cultural style, it's odd that Microsoft has earned notoriety for laxness about computer security. The company is such a control freak, after all, in other domains. It may be in part because Microsoft itself likes to be able to do things to our computers from a distance. If you spend any time at MSN or Microsoft.com—even at Slate—you've noticed that you are often given a chance to "install and run" some ActiveX control or other, and you are invited to check a box that says, "Always trust content from Microsoft Corporation." These ActiveX controls can do anything, where Java, by contrast, was designed not to have unbridled access to the file system. Last year Microsoft got caught placing secret unique identifiers in Office documents and collecting associated hardware indentifiers from across the Internet. Soon all Office users will be required to register their software, in the name of copy protection, and allow Microsoft to check remotely on where the software has been installed. The company has just patented a technique for installing software upgrades over the Internet, after consulting settings in the registry. All this middleware, all this powerful scripting, helps Microsoft check up on its users. Maybe that's why the company doesn't feel any great urgency about having us batten down the hatches.

I got my own copy of ILOVEYOU from a trusted friend, an Episcopal priest who often e-mails me pictures of his kids. By then I'd heard the news, so I carefully opened it for viewing. I'd like to say I was smart enough not to run the thing first, but the truth is just that I was lucky enough. 

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Hasbro Is Cracking Down on Scrabble Players Who Turn Its Official Word List Into Popular Apps

Florida State’s New President Is Underqualified and Mistrusted. He Just Might Save the University.

  News & Politics
Politics
Sept. 30 2014 9:33 PM Political Theater With a Purpose Darrell Issa’s public shaming of the head of the Secret Service was congressional grandstanding at its best.
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 8:54 PM Bette Davis Talks Gender Roles in a Delightful, Animated Interview From 1963
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 11:51 PM Should You Freeze Your Eggs? An egg freezing party is not a great place to find answers to this or other questions.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.