The software is designed to protect users against the threat of malicious executable code hidden in emails.
To protect against hidden code in e-mail written in HTML or other cross-scripting techniques, Yahoo has admitted to using a security filter that automatically deletes potentially harmful Web code and replace that text with strange words.
According to published reports, Yahoo was replacing the word "eval" with "review." By blacklisting "eval," Yahoo's filter made words like "evaluate" appear as "ereviewuate." The site said "mocha" was being changed to "espresso" and "expression" was replaced with "statement" even if the phrase appears within a word, all aimed at blocking words that can be used to launch malicious JavaScript codes.
Paris Trudeau, of UK-based e-mail security firm SurfControl, said the protection offered by text-filtering software was "absolutely necessary."
"In the past 12 months, we've seen a huge increase in the release of viruses. This is a huge issue for organizations because there is a period of time between when the virus is detected and when a fix is issued. In between, the down time is costing companies millions of dollars," Trudeau said, arguing that any extra security should be applauded.
"In the past, ISPs and e-mail providers have centered their e-mail filtering around the spam problem but I think that virus protection is so important these days that any attempt to add another layer of protection is critical," she added.
www.surfcontrol.com
www.yahoo.com
