i completely agree. The Beta testing for this release was severely flawed. In addition to the anti-spam software issue, the release also resurrects the Palm HotSync address book access issue. Given that Microsoft and Palm are competitors, it is reckless for them to have made this change without providing adequate notice to developers and users. Has this company learned nothing?
----- Pat wrote: -----
I agree that would have been better, however, I believe
that MS tries too hard to protect people from
themselves. Just because a software vendor "might or
might not cause a problem" does not mean that a program
should prevent a knowledgeable user or software vendor
from adding the value they seek to add. The warning is
at execution, not installation, so that comment is
irrelevant to my point.
The goal *should* be to minimize risk while maximizing
flexibility. The only way to elminate risk altogether is
to turn the computers off. It's about managing risk
appropriately. Ample notice to vendors would have
certainly been 'appropriate' and would also have fit into
MS current business paradigm. I will give you that it
was probably the only option at this point in the
product's evolution.
My beef is really a much larger conceptual one. If these
types of issues were considered at the inception of
product design - they most certainly *could* have been
allowed for. My opinions regarding the fundamental
values of sofware design are simply contrary to MS
culture in some ways. As a software engineer for over 20
years, I'm certain of the feasibility of this concept.
No software is perfect for all situations at all times.
Outlook is a great product, as is Windows. I sympathize
with the need to respond to security threats quickly. All
software must make compromises around different competing
requirements. I'm simply expressing one customer's
opinion that MS did not choose well with it's design
philosophy surrounding this issue - or it would not have
been an issue.
Additionally... since you say this issue was not
discovered during beta testing then I would suggest
another fundamental flaw exists - in the testing
methodology. There is really no excuse for this kind of
broadly impacting surprise in an organization the size of
MS. If avoiding this type of client impact were an
appropriate cultural value in the organization... then it
would not happen.
-----Original Message-----
Probably not - there are just too many that might or might not cause
problems and not all affected programs are installed as plugins. The warning
also doesn't give the name of the dll or application requesting access
because that information isn't passed to outlook.
It would have been better to have the information about
the increased
security in release notes and links to the KB articles on the download page
(not released 3 days after the SP). They had a small beta test group and
apparently none of the testers used anti-spam software (the most common
software that triggers the warning) and the testers were not told of the
security changes, so it caught everyone, including MVPs, by surprise.Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)Outlook & Exchange Solutions Center:
http://www.slipstick.com
I understand that identifying a calling program at
execution would be 'restricted' for security reasons. As
it should be. Would it not have been possible during
*installation*, however, to inspect registered
plugins/dlls to at least warn the user that this problem
might occur if installation continues. I would suggest
that if motivated to do so, well-designed software could
still include a way to allow specific and known
exceptions without compromising security. As it exists,
the warning message is worthless. How can anyone make a
decision to 'Allow' or not, when there is no information
on which to base that decision.
