New Zealand Internet Society director Sue Leader has recommended ISOCNZ members avoid Microsoft internet applications, and if possible steer clear of Windows, as part of their security measures against viruses and worms.
Leader has attempted to give the same message to the general public, but says the mainstream media seem reluctant to comment negatively about Microsoft.
She says she regularly gets asked to comment about viruses and worms and gives much the same advice she does on the ISOCNZ members' mailing list:
· Have an anti-virus programme and update it weekly.
· Never open an attachment - always save and then scan for viruses.
· Use Netscape instead of Microsoft Internet Explorer.
· Use Pegasus or Eudora instead of Outlook or Outlook Express.
· Set your security settings to the highest (or get your sysadmin to).
· Use another operating system.
She says apart from one newspaper in the South Island, mainstream media never quote anything other than the first two points. "I sometimes think that there is a fear of offending Microsoft out there."
In the past year a number of security vulnerabilities have been discovered in Outlook and other Microsoft internet software. Microsoft being the best-selling brand, its internet users naturally present a bigger target for virus and worm authors.
Microsoft had its defenders on the members' list, several saying it was impractical to avoid Windows, as so many applications were built for the platform.
Microsoft technical marketing group manager Terry Allen says Leader's comments reflect an "extremely poor" understanding of the nature of security on the internet.
"Security is a matter of process and discipline as much as it is about technology, and there are good practices that can help consumers enjoy the advantages of the internet without reducing the value of their online experience."
A year ago, Allen says, Microsoft released the Outlook email security update, which limits the type of attachments that can be received by having security settings locked to the high level by default. With this high setting, users can't receive any attachments that could distribute executable code.
Allen refers users to Microsoft's 10 security "laws" at www.microsoft.com.