Outlook flaws could give virus writers a field day

The latest version of Microsoft's popular Outlook software has been shown to contain serious vulnerabilities which could leave users prone to viruses and hack attacks.

Richard Smith, chief technology officer of the Denver-based security specialist Privacy Foundation, said he wanted users to be aware of the potential pitfalls of Outlook 2002.

According to Smith, one of the biggest problems is the ability for an email that includes a special HTML tag known as an IFRAME to run an attached program without the user's knowledge.

That weakness could be exploited to spread deadly viruses.

Outlook can also run JavaScript in emails and gives users the ability to read and set cookies within the program - again, potential security problems.

He also said Outlook generates unnecessary alert boxes - a "cry wolf" syndrome which leads to user complacency.

The criticisms come just two months after Microsoft launched its Trustworthy Computing Initiative, driven by Bill Gates himself.

Jan Guldentops a founding partner of open source security firm Better Access Labs, agreed with Smith but fuelled the Microsoft security debate further.

"There is better email software available, but because Microsoft has a monopoly over the market, no one gets to use the more secure products available on the market," he said.

Guldentops added that there are ways to make Outlook more secure: "There are a number of vendors who sell plug-ins for Outlook. You can build extra security on your mail server, but it does mean spending more money."

Microsoft UK was unavailable for comment.