Windows Live OneCare Can Eat Your Email

FutureDomain writes in to point us to a blog sponsored by PC Magazine, reporting about another problem with Windows Live OneCare. Apparently, it sometimes deletes the entire Outlook or Outlook Express .PST mailbox when it finds a virus in one of the messages. The only solution is to tell OneCare to exclude the entire Outlook mailbox. This is the software that came in last in antivirus tests. The trail of tears is ongoing over on the Microsoft forums.

trail of tears?

[Raab]

isnt the term 'trail of tears' a bit extreme for some lost email?

Not sure about tears...

[zappepcs]

but if it were compared to a nail, I'd ask "just how many nails does it take to seal the lid of a coffin?"

Try saying "OneCare" in a silly French accent

[Joce640k]

Try saying "OneCare" in a silly French accent.

(Think Inspector Clouseau...)

Re:

[Darundal]

Depends on whats in the emails. It could be your normal grouping of spam and chain letters, at which point I would actually send Microsoft a thank you not. Or it could be an email with some vital information in it (yes, should be backed up, but realistically, how many people do that?).

Re:trail of tears?

[OiToTheWorld]

No, because losing your mail is TOTALLY similar to the forced relocation of the Cherokee people you insensitive clod!

Re:trail of tears?

[ColaMan]

There's 119 posts on that thread. It's a trail of something, most likely pissed-off users.
I smell an opportunity..... Quick! Someone post some linux evangelism there!

Re:trail of tears?

[Kjella]

Yeah, like Linux never loses mail. One of the grave RC bugs of Debian Etch has been bug 321102/332473/350851 where KMail will nuke your disconnected IMAP folder under certain conditions. It's closed now and due for archiving today, but they're still listed here [debian.org]. I haven't been checking Thunderbird, Evolution but I doubt they're a symbol of perfection either. Wouldn't you just love to have some smug Microsoftie drop by your support thread to spread the One Microsoft Way?

I am not a linux geek

[aepervius]

But I feel it is different. The bug reported would be akin to AVG deleting my whole my folder because there is a virus in it. Or an anti virus on linux deleting your folder. Or a firewall deleting your word document (all of 'em) because one has a macro virus. In the bug list is there anyhting like that ?

Re:

[aardvarkjoe]

It sounds like bug 104956 in Kmail will cause it to lose messages -- in some cases, even entire folders full of messages -- if there are network problems or the program gets disconnected at the wrong time. Several people posted in there that they had lost mail folders that way, so it's obviously not terribly uncommon. To be honest, I would say that this sounds at least as bad as Microsoft's bug -- a network hiccup or a kicked cable could result in you losing your messages -- but insert standard comment ab

Re:

[jrockway]

> but insert standard comment about how it's OK for free software to have bugs here

It's a common comment because it's the whole point of free software. Bug 104956 is your fault because you haven't patched it yet.

Re:

[myowntrueself]

where KMail will nuke your disconnected IMAP folder under certain conditions

The severity of this bug would only match that of the microsoft bug if it deleted the imap folders on the server.

I take it that this is not the case?

Re:

[aardvarkjoe]

You are apparently wrong. Check out the link: http://bugs.kde.org/show_bug.cgi?id=104956 [kde.org] Around comments 35-36, they state that the copy on the server is deleted.

Re:

[Kjella]

The severity of this bug would only match that of the microsoft bug if it deleted the imap folders on the server.

I take it that this is not the case?

I was waiting for someone to presume that it'd be less severe than the Mircosoft bug, without actually doing a fact check. That same rhetoric that it's comparing apples to oranges shows up every time someone tries to give hard data. If the local copy is in any way corrupted, it'll think the IMAP folder should be empty and go on to delete every mail on the serve

Re:

[cheater512]

I've never lost a email due to software malfunction using open source software. Thats 4 years of email totalling around 100,000 non-spam, non-mailing list messages.

Re:

[Cheapy]

And I've never had windows crash on me. That's 10 years of thousands of hours without a single crash.

I'm not gonna go around strongly implying that windows never crashes though.

Re:

[Master of Transhuman]

Actually a recent version of Thunderbird would in fact hose your email.

Apparently a bug crept in that when Thunderbird's spam detector detected a certain kind of spam, it proceeded to mark ALL the mail in the mailbox for deletion on the next compaction.

For those people who compact on exit, that was seriously bad news.

However, the fix was also easy - since all mail is in text files rather than proprietary binary formats. You simply dumped the Thunderbird release with the bug and downgraded to the last releas

Re:

[curious.corn]

If I remember correctly the bug, irritating none the less, kills the local cache (that's what disconnected IMAP stands for) of your mailbox but your messages reside on the remote IMAP server so... what's the point again?

Re:

[smchris]

The nice thing about Evolution is that it uses Mutt data format. It's easy to periodically burn an archive of your folders and grep/mutt as needed to search and retrieve.

I still have fond memories of the Polarbar Java email program. Great filtering options. But I had it disconnect from its data more than once too.

Linux evangelism? No, hard reality

[jmorris42]

> Quick! Someone post some linux evangelism there!

Yes Linux has a better record. But then so does everyone else. Go ahead, name the operating system with a security record equal or inferior to Windows over the last decade.

*BSD? Nope, even if you exempt OpenBSD *BSD has a far better record than anything Microsoft has released in the past decade. And OpenBSD wears the crown when it comes to security. Usability, scalability and such are legitimate counter concerns though and explain why OpenBSD hasn't conquered the world.

Linux? Regardless of the distribution, if it is a large enough operation to keep up with the torrent of errata teh universe of OpenSource/Free Software generates they have all done better then Microsoft when it comes to timely updates. And with the bonus of the existence of "Enterprise" distributions for a good part of the decade that focus on errata updates that won't have unrelated breakage.

Apple? Their record with OS 8 and OS 9 beat Microsoft and OS X just upped their game.

Sun? HP? IBM? Please.

I'm not saying anyone should be proud of their security history and methodology, all software currently sucks ass. But since we have to use something NOW the question is why is the worst vendor on 90% of the world's machines?

What I'd like to see is a major concerted effort to raise software quality over adding new features. Engage the CS departments in teh universities to have all students audit some code. After all, most operating systems these days allow access to the source. And auditing real code would be a good experience for em. They would see first hand how wretched much of the code actually in use is firsthand. And if legends are writing that stuff they just might listen a bit more when when the prof is badgering about not hotdogging in the belief they are too leet to make those 'idiot' mistakes.

And for the Linux world I'd like to see the major distros come together to take every package not currently at 1.0 and finish em or dump em. Then stabilise the codebase, audit the crap out of it and then freeze them, only accepting bug fixes. And a nice side effect is they would all have the SAME version. The original project can still release new versions but it won't get integrated into a major stable distro until they announce a new feature complete and AUDITED version. Seriously, is there anything else that needs to go into glibc? So why not stabilize it, sudit it and then freeze it? We need a trusted core that we don't have to update several times per year. As computers become central to our civilization we need them to work a lot more than we need shiny new features.

Re:

[Kjella]

I'm not saying anyone should be proud of their security history and methodology, all software currently sucks ass. But since we have to use something NOW the question is why is the worst vendor on 90% of the world's machines?

Because users say they want security, but in reality want convienience. People want to be able to just click a program and run it, and expects the computer to figure out if this is safe or not, and whether this trojan was something they actually wanted to run, or if they were just trick

Re:trail of tears?

[Anonymous Coward]

Fine. It's really more of a holocaust going on over at the Microsoft forums.

Lost email

[HomelessInLaJolla]

Some people become attached to their collections--no matter what the collection is. It is psychologically difficult for some people to face the reality that some things are simply not worth saving.

I advocate a training program for those people: once each year they should practice archiving everything they might ever want to save to one CD. Just one typical data CD. Not a DVD. One single CD. Anything which doesn't make it to the CD is random number filled.

Re:

[jlarocco]

I advocate a training program for those people: once each year they should practice archiving everything they might ever want to save to one CD. Just one typical data CD. Not a DVD. One single CD. Anything which doesn't make it to the CD is random number filled.

Why? Is there a downside to having a large collection of "stuff"?

Re:

[cheater512]

Is compression allowed? I wonder if bzip2 could get my 6gig of email on to a CD. :)

Re:

[silas_moeckel]

I fail to understand the value in getting rid of these old emails, it takes time to purge things no longer useful more time and effort than archiving them. Personally my online email archive goes back 3 years and I have off line storage back to the 80's and see no reason to spend the time to sort though them for the few potentially needed ones rather than just archiving out the data. I would also have to say that keeping everything to one cd or even one DVD would require deleting all the pictures and vide

Re:trail of tears? The Unemployment line

[Fox_1]

I worked in an office where the recently hired tech guy managed to destroy the VP of marketing's Email 3 separate times. All in the first 3 months of his contract. That was the end of him. It's not such a big deal to lose personal email, but for people who have integrated the use of email into their business it's ugly. I would like to think that people are backing up their 1.2 gig PST files, but I know that there are many smart successful people out there with big PST's that have no backup. This kind o

Re:

[zappepcs]

This is exactly why I don't keep my .pst file on a work server. I use a laptop from work, and by keeping that huge .pst file on my local drive, I can choose to back it up when and where I like. No matter how good the guys in corporate IT might be, I just don't trust them. With most of my backup processes, it would take 2 disastrous events to happen at the same (or near enough) time to cause total loss of data. It would only take one careless IT person, or software update to cause complete loss if I trusted

Re:

[kripkenstein]

Extreme? Not in the least, some people live off of their inboxes. This can cause real personal and financial damage.

Speaking of tears, I had a good laugh when I read this:

After the latest update which required a restart

I really don't intend to be mean, but this just took me back a few years to when I was using Windows. I had totally forgotten about updates that require reboots (well, kernel updates do, even on Linux). Amusing, to me at least.

Anyhow, OneCare has bugs, not that surprising really, all

Re:

[kripkenstein]

But not genocide.

You do realize that the "Trail of Tears" is what the forced relocation of the Cherokee people, during which about 1/4 were killed off from disease, is called, don't you*?

*If you aren't from the US, then I back off the "you should know this" attitude.

Well, I learned something just now, I had no idea that that was a US cultural reference; I am, in fact, not from the US (lived there as a child for a few years, decades ago). Actually I didn't even think it might be a reference, so I di

Re:

[cheater512]

If its like my email then it would have been 4 years of email. (No Outlook doesnt handle that number of messages - I use IMAP)

My mum uses Outlook and she would be furious if a email got in and OneCare deleted every email.
Fortunately for her I wont allow malware like OneCare near any of our computers.

Re:

[Master of Transhuman]

Yeah, right.

You've obviously never had a client lose his PST file, right?

You have no idea how the thought of losing their last thousand emails affects some people.

Especially when those emails contain the email addies - and purchase orders - of every customer of that client.

Re:trail of tears?

[kennygraham]

Do you honestly think that losing your email is anywhere near on par with being forcably relocated from the land your ancestors had lived on for centuries to be moved to Oklahoma?

Yes. Now I'll have to pay full price for viagra. I consider the two to be on par.

Re:trail of tears?

[Anonymous Coward]

Say what you want about MS, I don't think they have started to tread near the "genocide" area yet.

I see you haven't tried to upgrade to Vista yet.

This is just another in a long series of failues

[jmorris42]

And just remember, this is the same development house that the whole world seems to have no problem with the thought of giving root acces to their machines so they can keep them 'safe.'

If those idiots don't screw the world up by their own incompetence first they are going to get Windows Update 0wn3d and allow someone malevolent to wreak even worse havok on the world.

Seriously, I can't understand how any Microsoft product is permitted to be used in any role where failure isn't an option. Finance, military, medical, etc should have imposed a ban a decade ago, forbidding the stuff from even being connected to a network port inside the secure inner firewall. Instead we are installing the stuff into the engine room on our warships, giving it sole control of the propulsion system.

This is insanity on a global scale. A lot of people even seem to understand the danger yet are too afraid to speak up loudly enough to be heard.

Re:This is just another in a long series of failue

[Black Parrot]

> Seriously, I can't understand how any Microsoft product is permitted to be used in any role where failure isn't an option.

I can't understand why software is permitted to be used in any role where failure isn't an option.

But I get your point.

Re:This is just another in a long series of failue

[cbreaker]

I think it all stems from the same old problem of people wanting to use software that they know. And really, people generally know Windows more then anything else. It's not an excuse, and I think it's the epitome of laziness, but I believe that's the main cause.

I mean, I work for state government and the majority of the people running the systems just don't know computers very well. It sucks. So, their comfort zone is Windows, because it APPEARS easier to manage. (Of course, it's not, it's just as com

Re:

[udippel]

And really, people generally know Windows more then anything else.

So, their comfort zone is Windows, because it APPEARS easier to manage. (Of course, it's not, it's just as complicated as anything else when you look past the pretty start button.)

I need to disappoint you:

- My experience with my students shows, that they know Windows less than anything else (they only think they know it, because of the colourful start button and stuff).

- My experience as sysadmin (in both worlds) shows, that W

Re:

[cbreaker]

Wait - how would I be disappointed?

Plus, I don't see how you proved me incorrect in any way - people know Windows more then, say, UNIX. As a general rule. They use it at home, they can install software, they can add devices and device drivers. That's certainly *more* then any other operating system, right?

You actually agree with me for the most part. Like I said, it's not less complicated then other systems once you get past the start button, which insinuates "past pre-fab admin tasks" without as many

Re:

[udippel]

Wait - how would I be disappointed?

You wouldn't. Maybe a problem of language. I tried to rhetorically endorse what you said. Probably I should take an extra course in writing.

Though I need to bow before you as the slightly - if only a few hours - more senior /.-user.

Re:This is just another in a long series of failue

[Breakfast Pants]

"And just remember, this is the same development house that the whole world seems to have no problem with the thought of giving root acces to their machines so they can keep them 'safe.'"

For a single user desktop machine, there is no reason not to. If you're account ever is compromised, someone can just wrap your shell with something that uploads everything you enter, and the next time you su to root, you're toast. How many unix users do you know who switch to the login screen everytime they need to do so

And they say FOSS doesn't get professional testing

[Theovon]

You hear the complaint both ways, of course. Commercial software gets professional testing, which means that engineers are paid to test un-fun corner cases, apply heuristic analysis, and other stuff like that. FOSS software gets more intense testing, because there are more people testing, although it's somewhat less organized.

Well, here's an example of how it can go wrong, no matter who you are. Of course, we're never surprised when Microsoft has a bug. It's really funny to me, actually. Huge company--

Re:And they say FOSS doesn't get professional test

[Frosty Piss]

FOSS software gets more intense testing, because there are more people testing

Is this really true in a general sense? Obviously the "darling" FOSS projects do, but that's a very small percentage of the whole.

Re:And they say FOSS doesn't get professional test

[Cheapy]

More people use open-source software than propriety software? I'm not sure what you mean by "FOSS software gets more intense testing."

Re:And they say FOSS doesn't get professional test

[Master of Transhuman]

I understand what you're trying to say by "FOSS software gets more intense testing." You mean, basically, that FOSS software gets looked at by a lot of developers and thus errors tend to be spotted.

But that isn't "intense testing".

In fact, one of my pet peeves with most of the Linux distros these days is the pathetic quality of their testing. I mean, they are letting really STUPID bugs slip through that should have been caught with even a minimal amount of testing.

As an example, Kubuntu shipped their instal

Linux users! Let's show some solidarity

[adnonsense]

Don't just sit there feeling smug! Every now and again, when you have a free moment, delete your mbox file, or the directory where the mail client of your preference stores its data. That'll go a long way towards helping Windows users to stop seeing us as arrogant and aloof and let them know we share their pain.

(And if you're really feeling altruistic, knock up a shell script which turns your machine into a spam-spewing zombie).

Re:Linux users! Let's show some solidarity

[c]

> when you have a free moment, delete your mbox file
> ...
> knock up a shell script which turns your machine into a spam-spewing zombie

See, that's the problem with Linux. You have to do all that extra work to get functionality which just plain works under Windows.

c.

It's The Lt. Ripley Virus Scanner

[Anonymous Coward]

Nuke the mailbox from orbit, it's the only way to be sure.

PST file

[pe1chl]

Maybe it wasn't such a good idea to put all mail, including not only INBOX but also all extra folders, in a single file?
At least other MUAs usually have a separate file for each folder.

Re:

[moranar]

It doesn't depend so much on the MUA (although if that's the only option on the software you're certainly shit outta luck): mbox is a common format for mail. It does get unwieldy if there's a lot of mail in the file, of course, but it's easier to search by hand than a plethora of directories. I think.

Re:

[pe1chl]

mbox is a file format for a single folder. when you have an inbox, sent-mail, trash and some saved-mail folders you will have several mbox files.
when you receive a mail and your inbox is deleted, you "only" lose the recently received mails and not all those valuable mails you saved in the past.

Re:

[DavidD_CA]

No thank you. Keeping everything in one file, albiet sometimes a very large one, has made it VERY easy for me to support Outlook for my clients, even over the phone, and yes this sentence is running on, way too much.

Users tend to create a lot of sub-folders, and folders in sub-folders. While moving things around is usually as simple as drag-and-drop, having all of them stored in one file is great.

Re:PST file

[gilroy]

I'd wager your experience is close enough to being unique as to make no difference. Generally, stuffing everything into a monolithic file makes the data less accessible, less stable, and even less searchable. It does help Microsoft hide features and implementation details from competitors and it does make the mail program more mysterious (driving more users to paid solutions for problems). But in terms of convenience for the user, it gives bupkas.

Re:

[DavidD_CA]

Everyone's entitled to an opinion. What you may not understand is that the PST file is a massive database, and all of the emails, contacts, appointments, inside it are records. Exchange is the same way.

I think the PST database file is a fantastic concept. I've used Outlook and the PST file for slightly more than a decade now, through five versions of Outlook. I've moved it around through multiple workstations, sometimes bringing it onto my laptop for just a week, sometimes sharing it between two compute

Re:

[udippel]

I've used Outlook and the PST file for slightly more than a decade now, through five versions of Outlook. [...] Despite the occasional computer crash, the PST has always been rock-solid for me and never became corrupted.

And I can also say the same for everyone I've ever seen using Outlook in a personal and business environment. At word, Outlook 2000 needed to run the Inbox Cleanup Tool every now and then if there was a bad write, but it always recovered perfectly.

Good for you.
I have been using various POP3

Re:

[cbiltcliffe]

Your complaint seems to be more about the filetype being proprietary than anything else. If you do a little bit of homework, you'll find that the data inside the database is actually quite accessible to developers. Just look at the slew of Outlook plug-ins that exist.

And if you look at the details of any program which directly manipulates Outlook data, you'll find one of the system requirements is to have Outlook installed on the machine. You don't have to use Outlook to view the data, but some library or

Re:

[DavidD_CA]

Please educate me by sharing a time when an application would need to modify a PST file, when the user doesn't already have Outlook on the machine.

In other words, why *wouldn't* the user have Outlook installed if he is running some kind of PST-modifying program?

And don't say "because he's migrating away from Outlook" because there are utilities that will migrate emails and other objects from a PST file without having Outlook installed.

On the contrary, having Outlook accessible via VBA allows programmers to

Re:

[mikelieman]

Is there a Perl module to access these .pst files?

Re:

[DavidD_CA]

I don't know. But here's an email app on SourceForge written in Java that claims it can import from PST files.

    http://sourceforge.net/projects/dmailer [sourceforge.net]

I'm sure code can be swiped somehow.

Re:

[Mr. Hankey]

Agreed, it's never a good idea to put all of your eggs in one basket. The biggest problems I've seen while supporting Outlook clients have been corrupt PST files, either due to Outlook crashes or exceeding the PST file size limit. Not too long ago that limit was 2GB. Even if you upgraded to the newest Office release though, you still needed to create a new PST file and move all your mail into it before you can raise the limit. Then you get to tell Outlook which PST to use for mail, primary address book and

Re:

[Antique Geekmeister]

Well, yes. But Microsoft is really attached to that monolithic, proprietary database approach to files. It's of course destabilizing and vulnerable to corruption that's extremely difficult to track down, but it does make the software stuffed with "features" that no one else can or is even allowed ot duplicate, if Microsoft can exert its sway with trade secrets, violating their own published API's, and patent protection.

Re:

[myxiplx]

huh?? wth not? Haven't you heard of databases? Using a single database for storage makes so much more sense than thousands of individual files cluttering up and fragmenting the filesystem. If you're using a database you can optimise for searches, reduce wastage, etc.

Ok, PST is a horrible implementation of a database, but don't knock the concept for one bad example.

Re:

[pe1chl]

With that reasoning, you could argue that there should not be a filesystem and everything on a computer should be in a database.

Lots of people, including Microsoft, have claimed that in the past. Few have been successful in actually implementing it (IBM S/38?).

Of course, a database implemented as a big file with internal structure will have internal fragmentation just like data stored in a number of smaller files can lead to fragmentation of the filesystem. Here you are just comparing the quality of the f

OneCare deletes nothing

[The Bungi]

Obviously they screwed up on the 1.5 RTM where now apparently they'll quarantine the whole PST file (don't get me started on the "one huge fucking file for everything" mentality...), but AFAICT OneCare does not delete the file. The problem is that it essentially hides it under [C:\Documents and Settings\All Users]\Application Data\Microsoft\OneCare Protection\Quarantine, compressed in a .CAB file and not accessible from a non-admin account. But if you can log into the machine with an admin account, you can recover the file, and turn off OneCare scanning of your mail file for good measure.

Then, get a good AV package - or better yet, just exercise some fucking common sense and don't open that "Re: Malaca Superfund Stranded" email from "Roberta Plantagenet~=%" that has a "postcard.exe" attachment.

so effectively

[AlgorithMan]

so effectively this means, that one care is everything but enterprise ready...
or can you imagine a serious company (serious companies don't give admin access to their workers) to send a technician to EVERY WORKER who just RECEIVES an email with a virus infected file to recover his inbox from quaranaine?

hey, why not piss off vista using companies by sending emails with attatched virusses (or was the plural virii?) to all their workers? man, if every worker loses all his emails multiple times or technicia

Re:

[Bender0x7D1]

If you read through some of the posts on Microsoft's forum, you would find there are users who have had their file deleted one time and quarantined another. Since they were able to find it when it was quarantined, I would assume that they know what they are talking about when they say it was deleted.

Re:

[The Bungi]

1... It uses shadow copy so that's not a problem. 2... Thus my recommendation of doing without OneCare.

MS's software is broken anyway

You are so leet.

Boda Bing...

[coastin]

Ahh, nice a inbox ya got dere, it'd be a shame if somethin was to happen to it!

Running theme with Microsoft's "security"?

[Anonymous Coward]

That theme seems to be "The cure is worse than the disease"

Example 1:
Problem- Malware has carte blanche in XP to do damn near anything if it's run from an account with admin privileges.
Solution- UAC in Vista. ("You are moving your mouse cursor. Cancel or allow?")
Solution Sucks Because- UAC is so friggin' annoying with the popups that people will either shut it off or get in the habit of blindly clicking "OK," which means they are likely to give malware carte blanche to do damn near anything.

Example 2:
Problem- Viruses.
Solution- Windows OneCare Antivirus.
Solution Sucks Because- One infected email can cause your whole inbox to go bye-bye.

Great job, guys! The five years it took you to get this stuff perfect was really worth it!

Re:Running theme with Microsoft's "security"?

[FSWKU]

"You are moving your mouse cursor. Cancel or allow?"

While still incredibly annoying, at least it's a SLIGHT step up from what we used to have. "Your mouse cursor has moved. Windows must be restarted for the change to take effect."

You have to wonder...

[Colin Smith]

Are they really this dumb or is it deliberate? I honestly can't decide any more, either they are incompetent or malicious. The question is, how incompetent can a 40 billion a year company be?

 

On a side note - Backup your files

[rhyno46]

Yes, this is off-topic. Yes, OneCare sucks if it deleted someones email.

If you don't backup your data you will lose it someday. It's not a question of "if" it is "when". Your hard drive will eventually crash!

I feel so sorry for people that encounter this. My business provides remote backup via the web & we try to help people prevent events like this, but it doesn't matter. I think all of our remote backup customers have previously experienced data loss.

Hardly an unheard of problem

[khendron]

I've had Norton Anti-Virus delete my Thunderbird Inbox when it detected an incoming virus. This was the main thing that made me get rid of Norton on all my computers.

Stop tagging all MS-related articles defective...

[Dachannien]

The term "Defective by Design" was specifically invented to describe products containing DRM, where the usability of the product is intentionally compromised in order to protect the profits of a third party.

Yes, Microsoft has a lot of DRMed software, with Vista being the granddaddy of them all, but not everything Microsoft makes is defective by design. And in this particular case, the defect appears to be a bug rather than intentional anyway. So, please, save the "defectivebydesign" tag for situations where it's really warranted. Sure, it may be an amusing term, but when you use it where it doesn't apply, it waters down its meaning for the situation it was intended to be applied to: DRM.

Re:Stop tagging all MS-related articles defective.

[fireboy1919]

The term "Defective by Design" was specifically invented to describe products containing DRM, where the usability of the product is intentionally compromised in order to protect the profits of a third party. ...and to apply to the security policy that's intentionally insecure to accomodate user issues and program writers.

Most of the things that we see this appear in are because we see an exploit. Such exploits in a better written file system wouldn't be an issue at all. So the defect is the design more th

Re:

[Dachannien]

"Defective by Design" doesn't mean that something has a design that happens to be defective. It refers to products that are, from the ground up, designed to be defective, intentionally and specifically. Sucking at software design is completely different from writing your software correctly and putting in DRM to make it less functional.

Re:

[fireboy1919]

you do realize that most all mail clients use...

Yes, all of the mail clients you listed give you the option of using the mbox format to store the mail. This is, however, not the only option for any of the ones you listed and hasn't been for more than half a decade.

this defect has NOTHING to do with how the filesystem works

I misspoke. I was talking about the mail filesystem - i.e. the internal mechanism whereby it stores its folders. The fact that NTFS has to be defragmented shows its low quality, but tha

Re:

[game kid]

I'm just slightly shock no one's tagged it "onecarewilleatyoursoul" yet.

Come on, the guys at Microsoft are obviously Aphex Twin [google.com] fans. :D

Re:Stop tagging all MS-related articles defective.

[aardvarkjoe]

The tags system is nothing but an extra way to add snarky comments mirroring the slashdot groupthink to the front page. If anything, it's the one that's defectivebydesign.

baby, water

[Black Parrot]

Bah, let God sort them out.

Ah! Ah!

[Chutulu]

use Thunderbird instead....

Re:

[civilizedINTENSITY]

Why wouldn't OneCare nuke Thunderbird just as easily as it did Outlook?

OneCare?

[ozbird]

OneCare - from the same onomatopoeic geniuses that thought up the "Wang Cares" campaign?

MS 'Once Cared' Email scanning

[grolschie]

From the forum posts, it seems that MS don't want to scan incoming or outgoing emails and they also now don't want to scan the .pst file. They are happy for dormant viruses to exist on your machine because these are supposedly detected when being executed. Going by their current track record, I wouldn't be confident of any kind of protection from Microsoft 'Once Cared'.

Rename the product

[unoengborg]

Perahaps Microsoft should consider renaming their OneCare product to Microsoft WhoCares, I'm sure many of the affected users would find that a more appropriate name.

Depends on your AV scanner

[A_Non_Moose]

Someone already pointed out that Norton quarentines the whole inbox, and older CAVs do too.

The behaviour is "essentially" correct, because pst and mbx's are single files, but the
bigger problem is pst's are binary format, whereas mbx's are text/UUE and text editor
"recovery" is possible.

Newer AV scanners can "snip" out the infected UUE portion, but you have to set the behaviour
yourself as is the case with CAV, and even then it works on IMAP folders, but blasts local ones
on occasion.

(snort)

Thankfully, in my ca

Re:

[jonwil]

The better solution is to do what software like AVG does and scan incoming email (and remove any viruses) when it comes in before the mail client even gets to SEE it, much less write it to the mailbox file.

RAV

[Andrei D]

Does anyone remember Rav antivirus?
It was a very good antivirus program developed by Gecad, a romanian company. It had support for Linux, BSDs, Solaris and it was highly appreciated in its days. It's so sad that Microsoft killed [infoworld.com] this fine product, removing support for rival platforms and turning it into this lame thing called Onecare.

Bwahahahahahaha!!!

[Master of Transhuman]

'Nuff said!

Oh, hell, I'll say some more just to piss off the Windows shills!

Microsoft crapware comes through again!

Just when you thought Bill's crew couldn't get ANY dumber than they are, they manage to "shock and awe" again!

Just so the OSS people don't feel left out, this is not QUITE on a par with a recent Thunderbird's ability to delete ALL email by incorrectly marking it as spam to deleted on the next compaction.

That was fixed easily in a few days and the workaround was trivial: do a search and replace

not a problem

[AlgorithMan]

not a problem
OneCare doesn't ever find virusses anyways - so this is just a theoretical danger ;-)
http://www.pcworld.com/article/id,129521-c,antivir us/article.html [pcworld.com]

Quarantine not Delete

[SoopahMan]

The email is Quarantined - meaning you can get it back unharmed - not Deleted.

This is being misreported all across the Web even though the linked article in every case makes it clear.

It's a serious flaw certainly and still more bad press for Vista, but this one is not nearly as severe as issues like DRM and Certificate-only drivers in Vista - it doesn't deserve the same level of press.

Interesting conundrum

[IchBinEinPenguin]

I have a very low threshold of tolerance for malware. My usual reaction to an infestation is "nuke form orbit and re-install from scratch".
(yes, that's my reaction to having other people's infected PCs. My PCs have been clean (to the best of my knowledge :-) and, given the pain of a reinstall, I might change my mind if it got infected regularly).

It's hard enough getting benign software to cleanly un-install. Malware does not come with uninstallers, and it's designed to be as difficult as possible to ge

OneCare has detected malware!

[BadEvilYoda]

Delete entire inbox, Cancel or Allow?

~Cancel~

Delete entire inbox, Cancel or Allow?

~Cancel!~

Delete entire inbox, Cancel or Allow?

~Cancel!~

~Cancel Failed, deleting inbox~

Re: Then the computer said...

[Black Parrot]

> "FEED ME"

Imagine my embarassment when I found out it was merely a bug, and my insurance won't pay for the exorcist or the damage done by the SWAT team.

Re:

[x_MeRLiN_x]

Depending on how high Microsoft rates a malware threat, affected files sometimes bypass quarantine and are seemingly permanently (save recovery tools) deleted.

Re:So what exactly is the problem?

[TerminaMorte]

The problem is not that a single email was moved, but that the entire mailbox was quarantined and that the user was not told about it. RTFA.

Re:So what exactly is the problem?

[earnest murderer]

Precisely. For that matter, considering the target audence the concept of a Log file as notification is not only ineffective but probably offensive to most. Of the people I know who might use this product, every single one of them would have ended up in a shop and paying a lot of money to have a tech figure it out. Or more than likely paying them to re-install Windows and hope it didn't happen again.

Re:

[civilizedINTENSITY]

Apparently (according to postings in the article) sometimes it quarantines and sometimes it irrecoverably deletes (beyond what recovery tools can recover.) In these cases, if they actually occurred as described, it is more like you have a fire in the tool shed in your back yard and the fireman level your house and garage as well as the tool shed.

So I totally agree with what you said, but that doesn't matter since the real problem is worse than what you described.

Counter example : AVG free

[aepervius]

AVG free move the concerned attchment to a quarantine directory and leave me a note telling me why in the email. My whole mailbox is file left untouched. So why is microsoft unable to do that ?

Re:

[Antique Geekmeister]

Of course, many modern viruses send the mail from an infected machine, from someone you know, sending viruses to the accounts of addresses on that machine. The approach has certainly been around for decades and remains in wide use.

And Microsoft taught people, for years, to click on random URL's in emails and random attachments to get all those "features". So your advice to "modern users" is in fact in diametric opposition to Microsoft's historical policies, and is in fact impossible to meaningfully. It's fr

Re:

[Squozen]

Maybe you'll start backing up your important data too?

Christ, what a bunch of idiots, especially the 'business' folk without a backup regime.