Re: XP SP3 Update, Outlook 2002

From: Pat (anonymous_at_discussions.microsoft.com)
Date: 03/14/04 

Date: Sun, 14 Mar 2004 09:47:13 -0800

I agree that would have been better, however, I believe
that MS tries too hard to protect people from
themselves. Just because a software vendor "might or
might not cause a problem" does not mean that a program
should prevent a knowledgeable user or software vendor
from adding the value they seek to add. The warning is
at execution, not installation, so that comment is
irrelevant to my point.

The goal *should* be to minimize risk while maximizing
flexibility. The only way to elminate risk altogether is
to turn the computers off. It's about managing risk
appropriately. Ample notice to vendors would have
certainly been 'appropriate' and would also have fit into
MS current business paradigm. I will give you that it
was probably the only option at this point in the
product's evolution.

My beef is really a much larger conceptual one. If these
types of issues were considered at the inception of
product design - they most certainly *could* have been
allowed for. My opinions regarding the fundamental
values of sofware design are simply contrary to MS
culture in some ways. As a software engineer for over 20
years, I'm certain of the feasibility of this concept.
No software is perfect for all situations at all times.
Outlook is a great product, as is Windows. I sympathize
with the need to respond to security threats quickly. All
software must make compromises around different competing
requirements. I'm simply expressing one customer's
opinion that MS did not choose well with it's design
philosophy surrounding this issue - or it would not have
been an issue.

Additionally... since you say this issue was not
discovered during beta testing then I would suggest
another fundamental flaw exists - in the testing
methodology. There is really no excuse for this kind of
broadly impacting surprise in an organization the size of
MS. If avoiding this type of client impact were an
appropriate cultural value in the organization... then it
would not happen.
  
 

>-----Original Message-----
>Probably not - there are just too many that might or
might not cause
>problems and not all affected programs are installed as
plugins. The warning
>also doesn't give the name of the dll or application
requesting access
>because that information isn't passed to outlook.
>
>It would have been better to have the information about
the increased
>security in release notes and links to the KB articles
on the download page
>(not released 3 days after the SP). They had a small
beta test group and
>apparently none of the testers used anti-spam software
(the most common
>software that triggers the warning) and the testers were
not told of the
>security changes, so it caught everyone, including MVPs,
by surprise.
>
>
>--
>Diane Poremsky [MVP - Outlook]
>Author, Teach Yourself Outlook 2003 in 24 Hours
>Coauthor, OneNote 2003 for Windows (Visual QuickStart
Guide)
>
>Outlook Tips: http://www.outlook-tips.net/
>Outlook & Exchange Solutions Center:
http://www.slipstick.com
>
>
>"Pat" <pkeller8@comcast.net> wrote in message
>news:cb6d01c409d7$6c25ed20$a301280a@phx.gbl...
>>I understand that identifying a calling program at
>> execution would be 'restricted' for security reasons.
As
>> it should be. Would it not have been possible during
>> *installation*, however, to inspect registered
>> plugins/dlls to at least warn the user that this
problem
>> might occur if installation continues. I would suggest
>> that if motivated to do so, well-designed software
could
>> still include a way to allow specific and known
>> exceptions without compromising security. As it
exists,
>> the warning message is worthless. How can anyone make
a
>> decision to 'Allow' or not, when there is no
information
>> on which to base that decision.
>
>
>.
>

Relevant Pages

  • Re: XP SP3 Update, Outlook 2002
    ... should prevent a knowledgeable user or software vendor ... The warning is ... with the need to respond to security threats quickly. ... >> might occur if installation continues. ...
    (microsoft.public.outlook.installation)
  • Re: Event 63 Warning
    ... far - presently have WMI Control Properties\Security Tab open, ... Security ... ... If MS wrote this "by design" why does it appear as an Event 63 Warning. ...
    (microsoft.public.windowsxp.general)
  • Asian cities react calmly to a terror warning
    ... Asian cities react calmly to a terror warning ... a senior French terrorism ... was reason to believe that Al Qaeda was preparing to attack an Asian ... In Tokyo, which has the world's biggest public transport network, security ...
    (soc.culture.malaysia)
  • Re: self-signing certificate
    ... saw that my self-signed certificate was under the ... Now warnings at all when opening with medium security set. ... And, if correct, why the warning? ...
    (microsoft.public.access.security)
  • Re: Is This Warning Legitimate?
    ... it's a warning that your PC is very unsecure. ... swept cross the Internet. ... the security gap represented by these messages is particularly ... Messenger Service of Windows ...
    (microsoft.public.windowsxp.security_admin)