OneCare Deletes Users' Outlook Files
A rash of users of Microsoft's new Windows Live OneCare service, launched last January 30, have been reporting on Microsoft's support forums that virus scans performed by the service have resulted in the deletion of their OUTLOOK.PST files - the local, centralized repositories of e-mail, scheduling, and collaboration data used by Outlook.
"This new version of OneCare did the damage to my computer no virus had ever done before," wrote one user last January 25. Since that time, a volunteer Microsoft MVP was struggling to help users cope with not only their deletions, but suggestions and advice from phone-based Microsoft support personnel managed to exacerbate many users' problems, in some instances rendering their Outlook files non-recoverable.
Only yesterday did a Microsoft official make a certified response, saying, "This issue will be fixed in the next engine update, scheduled for Tuesday, March 13." In the meantime, he advises users to manually enter an exemption into their OneCare settings for the personal files folder where the .PST file is kept.
Based on a read of excerpts from log files submitted by impacted users, OneCare chooses not to be explicit about how it chooses to mitigate or alleviate the threats it encounters. Users' logs include notices that begin, "Windows Live OneCare found potentially harmful or unwanted software on your computer." From there, they identify the file names of the .PST files in question, and identify specifically the classification and type of threat discovered. That much is certain, until the log entry concludes with, "Threat Status: Removed."
An Outlook .PST file includes the images of all e-mails a user receives through her local or personal accounts, such as from Internet ISPs or Web-based e-mail services. Attachments to e-mails, even if they appear to be documents, are also encapsulated in this single file. By contrast, Exchange accounts enable these components to be stored and maintained on the server, though the localized portion of account files is still stored within an .OST file on the client.
So if a user at some point in time received a file in her e-mail that contains even a latent virus package, that virus is considered part of the .PST file by OneCare. While it doesn't have the capability to weed through and extract parts from the .PST file like a database - or like Outlook itself - it can detect a virus' signature through a binary scan of the entire .PST file.
What OneCare then apparently tries to do is quarantine the .PST file as a whole, which would render Outlook useless, but only temporarily. Typically, this means the file is transferred into a safe system folder which cannot be accessed by normal means. But it's here where OneCare has apparently been dropping .PST files from the system, and in such a way that third-party recovery tools can't seem to grab them back.
Smart OneCare users had gone so far as to back up their .PST files to separate locations, in the event that a virus -- or a virus scanner - should inadvertently impact their active .PST file. But if the backup file also contained a virus, then users discovered OneCare would attempt to quarantine it as well, with just as disastrous results as with the active file.
With Microsoft's dramatically increased focus on security over the past three years, some OneCare users have been left wondering why it's even possible for the critical .PST file to be deleted by anyone or anything, without raising a red flag somewhere? "Why in the world would they even think of deleting or erasing a .PST file without asking permission first?" one user writes.
Another user cited a portion of an e-mail apparently from technical support personnel, which tried to explain why the .PST file wasn't really deleted - it just looked that way because it wasn't listed anywhere in the computer. "It is not a problem with Live OneCare," the e-mail stated, without explaining what it is a problem with. It then went on to suggest that if the user actually did find the .PST file anywhere, however, he should delete it himself lest he risk damage to his computer from a virus.
Showing a bit of sympathy for the volunteer MVP on the OneCare forum who was left without a solution for over a month, another user wrote, "Leaving you, the MVP, twisting in the wind...is no way to run a railroad. Staggering incompetence on the product group's part."
Then last Wednesday came this post from a certified public accountant, which showed some patience for the fact that bugs happen, but a degree of intolerance for how he feels Microsoft managed the problem: "Software problems occur. Nothing is perfect. But companies I deal with normally are all over software updates to correct a problem. And we are talking about Outlook, a highly used software that holds critical data for most of us, especially business users...I almost get the feeling Microsoft does not really care about this product, that they came up with it just so they could enter this software market."