Missing Functionality Exasperates Hotmail Users
Hotmail, the popular webmail application owned by Microsoft Corporation has been receiving a lot of complaints lately. Users griped on an unannounced removal of an often used feature of webmail, the “Attach Photo” plugin. This surprise move left many Hotmail users puzzled, some wasting hours trying to trace their steps backwards hoping to debug the issue on their own. The “Attach Photo” feature is a plugin that allows users to edit and create captions for pictures for inclusion into the email body. This nifty feature compresses the files after they are edited, allowing users to add more pictures. This function was used often by Hotmail account holders and they were exasperated when they found out that function that gave them a very easy way to customize their photo uploads was removed.
The decision to disable the feature stems from a well known Microsoft Internet Explorer vulnerability, particularly how the browser uses a type of software called ActiveX plugins. Internet Explorer utilizes ActiveX plugins to extend the functionality of the browser. Without such plugins, Internet Explorer would have no way of playing music or displaying videos. ActiveX is a type of component software that makes programming in the Windows environment very easy but is heavily criticized by security experts such as the Government’s Computer Emergency Readiness Team for making the host computer open to many threats.
Microsoft has always taken matters involving software security very seriously. After a thorough review showed that the ActiveX plugin maybe vulnerable to hacking, the software company proactively decided to disable the feature to prevent further attacks. This move was seen to be unusual because Microsoft has a well known schedule for releasing updates to software.
Recent events may explain the sudden behavior of Microsoft. In the past, Microsoft’s reaction to problems with ActiveX security has been to issue patches called “kill-bits”. Kill bits work by deleting the ActiveX from a long list of software that are allowed to execute in the Windows environment. On July 28 2009, two researchers from IBM demonstrated a way of circumventing “kill-bits” thus allowing previously disabled vulnerable software to run in Windows. When this happens, attackers could exploit once-disabled software and gain complete access to the computer and user’s data.
Security experts lauded Microsoft’s decision saying that until a proper solution is found, it is only right to disable vulnerable software that is open to hackers thus preventing thousands of computers from getting compromised.
Microsoft announced that the “Attach photos” plugin will be enabled by the end of September.