Without any fanfare, Microsoft recently released its Office 2003 SP2 patch — and hidden deep within is a very useful anti-phishing feature.
The service pack has the usual assortment of bug and security fixes. But it’s the anti-phishing feature that’s the biggest news. With it, by default, when you’re hit by a phishing attack, Outlook disables all the links in the offending email, so that you won’t be able to head to the spoofing Web site. You’ll also get a warning that the email may be a spoof. If Outlook incorrectly called it a phishing attack, you can turn the links back on.
If, for some reason, you don’t want this protection, you can turn off the feature. Choose Tools–>Options–>Junk Email, uncheck the box at the bottom of the screen that begins “Don’t turn on links in messages that might connect to unsafe or fraudulent sites,” then click OK.
Kudos should go to Microsoft on this one; it’s badly needed protection, and something that other email programs should emulate.
What do you think of the Office 2003 SP2 patch?
It's already been done
Mozilla Thunderbird 1.5 already integrates phishing detection. It's still in beta, though, but as usual, this feature in Outlook is Microsoft reacting to the market. Not that there's anything wrong with that, it's great to see some improvement in security in their products.
A link to the feature list of Thunderbird 1.5 Beta 1:
http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
It's already been done
Oh come on, let's be fair here. MS beat Firefox to an actual release implementation. I'm an ardent supporter of OSS, but one thing that annoys me is the attitude in the community that beta, or even pre-beta versions should be compared to fully released proprietary products in terms of feature availability.
Claiming that "it's in the Beta" is as good as saying "it's in the release" for commercial products offers aid and support to the perception that OSS advocates are a bunch of unreliable amateurs, and therefore OSS itself is unreliable and amateurish.
We all know that isn't the case, so let's not provide ammunition to that effect.
I hate it - I hate the fact that all my html messages are converted to plain text, I am a small business and i feel this is unacceptable as i need to be able to see the email as it was sent. I use Outlook 2003 for my emails