|WikiProject Computing / Software||(Rated C-class, Mid-importance)|
- 1 Removed
- 2 NPOV
- 3 Security Concerns
- 4 C
- 5 security concerns
- 6 Linkspam??
- 7 Bill Joy
- 8 Convert top-posted email to bottom-posted
- 9 HTML Rendering
- 10 Is Outlook 2007 included in Office
- 11 Outlook Express
- 12 Screenshot
- 13 No criticism section?
- 14 Outlook Express 2003
- 15 TNEF
- 16 Name History
- 17 2007 features in 2010
- 18 Maximal Innovative Intelligence
- 19 Business Contact Manager for Outlook redirects here
- 20 Macintosh
- 21 Updating 2010 icon to 2013 icon
This reads very defensively, not quite MS PR, but close.
Can somebody with enough power not to get slammed *rewrite* this article?
- Power? Nobody has any power here. :-) Seriously, as long as an article is NPOV nobody will get "slammed". Evercat 22:13 9 Jun 2003 (UTC)
Close to MS PR? Which paragraph do you have a problem with? Maybe "Microsoft took some corrective steps" should be expanded? User:Elliot100
Well, let's see- pretty much the whole thing. It's written like a Microsoft ad.
I couldn't agree more. Tim —Preceding unsigned comment added by 126.96.36.199 (talk) 05:09, 9 January 2009 (UTC)
"Although often used mainly as an e-mail application, it also provides calendar, task and contact management." Just say: "People use Outlook to read their e-mail, and keep track of a calendar, their tasks, and their contacts."
Say: "Outlook works with Microsoft Exchange Server." None of this "provide enhanced functions" nonsense. Just say: "When Outlook hooks up with an Exchange server, mailboxes, folders, and calendars can be shared. People can arrange meetings automatically."
See? Speak English, baka-boy.
NPOV means Neutral Point of View, not Microsoft Point of View. User:LionKimbro
Shouldn't this article be at Microsoft Office Outlook?
--Szajd 15:44, 2004 May 19 (UTC)
I'm going to change the 'improperly Office x' part to 'also known as office x' as it is a bit of a NPOV violation. --Spe88 19:36, 11 Jul 2004 (UTC)
"omitted to avoid inconveniencing unsophisticated users" <-- Seems a bit subjective to me.. -- mattsday
I think Outlook Express is not related aside from name. Two different teams handle the two Mail clients. Outlook Express is part of the Internet Explorer team (which was dismentled but now regrouped), Outlook is part of the Office team. AFAIK there are no common code shared between the two mail clients.
- That is not strictly true. Outlook 97 and Internet Mail and News were written by separate teams and share no common code. The first version of Outlook Express shipped with IE 5.0 and also had no shared code with Outlook, but shortly thereafter the teams merged. Outlook 98 (and subsequent versions of Outlook) have a good deal of common code with Outlook Express -- for example: HTML email, MIME attachment handling, SMTP connectivity, and email account management, to name a few. BillBl
Of an interesting note, Outlook has no build-in Newsgroup/Newsreader functionality, Outlook Express is the Newsreader application. Users on Outlook/Exchange systems can setup Exchange server to download a newsgroup, and then Outlook can view it as a public folder. - JL
- Outlook express and Outlook < 2007 both share IE as their HTML rendering engine. So even if there is little around the application in common, they are bug-for-bug compatible when it comes to IE-security issues.
- I have added a mention of IE on the security concerns, but not put in any citations. Presumably every windows security update where the issue is marked critical and the workaround "dont use HTML mail" mentioned would do, but I'd really like to see something formal like a paper analysing what percentage of outlook security fixes were down to IE. SteveLoughran 14:53, 3 October 2007 (UTC)
- network insecurity because—due to its being written in C—viruses propagate so easily with it
- Not really just a reason to criticize it. PPGMD
- Whoever wrote this is probably referring to buffer overflows, which good programmers and compilers alleviate through various techniques. Whoever wrote this is just flinging poo in Microsoft's direction; plenty of secure applications are written in C. I've removed this section from the main article. —Preceding unsigned comment added by Lordhatrus (talk • contribs) 18:59, 5 July 2008 (UTC)
Certainly compared to java the programmer has more to worry about. But, yes, well written C++ is just as safe but ok realisitically you may have fewer opportunities for things to go wrong in java. I'm not going to defend the wording, espeicially since the performance penalties can be a mess ( I'm sitting here watching firegox reepeatedly hanhm progably because I ave a pdf file open - typos are just me getting disguested to bother fixing any more...l ) , but that may be what he is getting at. Applets run in java for the safety aspect as much as platform indepedence.
The section on security concerns is inaccurate. The vulnerabilities exploited had nothing to do with "automation" features. They were almost all either of the form of a) the user running an attachment or b) some buffer overflow in code that processesed the e-mail.
- No, some of the earliest ones did simply use automation features. It was literally possible for an email to access automation features to start spreading itself as soon as the email was opened, without the user doing anything at all and without the application (Outlook) doing anything it wasn't designed for. It simply never occurred to the designers that bad people might abuse these features! Such simple exploits were corrected years ago, of course. -- Securiger
"Lack of security features compared to other software" is questionable, since other popular software allows execution of attachments too
- Not at the time, they didn't. -- Securiger
- Securiger, you are absolutely correct. I was a member of the original Outlook team. When we discussed adding the ability to access the underlying MAPI Address Book API's via OLE Automation -- the mechanism used to spread viruses -- we DID discuss the possibility that these API's could be used to spread viruses. We knew there was a risk. At the end of the day, we decided to expose it, under the assumption that "no one would ever open an attachment from someone they didn't know or that they didn't know was safe." Which, at the time (1994/1995) was absolutely true -- email was predominantly a power user application. In hindsight, you can say it's moronic, and with the benefit of hindsight, it was stupid. But the API's were tremendously useful, and locking them down would make them less useful and more intrusive: as successive security updates and later versions of Outlook proved -- that's why you get an alert when an add-in that you installed attempts to access your address book. Of course it's impossible to know, but I would bet $100 that if we had made access to those API's as intrusive as they are now, back in 1996/1997, MS would have been accused of being paranoid. -- BillBl
and "windows update" added a patch to disable that a few years back. You might argue it wasn't well written, which was what led to the buffer overflows, but that's not a "lack of security features" issue. It's also misleading to say that they exploited the "HTML capabilities" when really they exploited flaws in the implementation. THe current phrasing implies that there's some kind of intrinsic insecurity (in terms of being able to execute code locally) about viewing html in e-mail.
- There are intrinsic insecurites in HTML email. See  and  for some general discussions of the evilness of HTML email, but at a more fundamental level, the problem is that HTML is an extremely complex, evolving specification that is designed for a total different application domain. Offer something like that to any security guy and he will beat you to death with the closest available weighty tome of Schneier. Plus, it was totally unneccessary; we already had rich text email as an actual standard. HTML email was an awful, awful idea and it is just a pity that it is probably now too late to reverse it -- although I know a couple of large organisations that get by just fine with a total prohibition on HTML email, and random sampling indicates that over 90% of non-spammer HTML emails just use the Outlook's default settings (i.e. the user isn't doing it intentionally, he just doesn't know how to turn it off). -- Securiger
I'm not sure why Bill Joy's speculation was inserted into the article, that kind of speculation can be applied to any C program with vulnerabilities. That seems more like an attempt to insert some bias against C for no apparent reason. I'd also like to see the claim about "many leading IT professionals" sourced.
- I agree with that completely. -- Securiger
- Outlook vulnerabilities have absolutely nothing to do with being written in C. There are plenty of vulnerabilities, but name one Outlook virus caused by buffer overflow (a typical vulnerability of apps written in C/C++). I'm not saying there aren't any, but there are far more issues caused by attachment handling, easy access to the address book via scripting / OLE Automation, and of course HTML email (scripting and image URL's). -- Billbl, a member of the original Outlook team
Lastly, I'm not sure that default non-loading of images in HTML should be called a "security feature" rather than an anti-spam feature. THe reason you don't auto-load images is because those image urls are specially constructed "spammy urls" that are used to confirm (for the spammer) that your e-mail address is active and that you read the spam message.
- No, it's much broader than that. While that is the most common abuse of loading foreign images, there are plenty of others. Other examples include any creepy person (not just a spammer) using such a web-bug to track where, when and how often you read an email, and to whom you forward it; a denial-of-service attack where the image link actually points to a script which just spews out random packets until your email client crashes (and if the victim has message previewing turned on, just watch him try to recover...); and forms of fraud where the email is made to have totally different meanings to different viewers, by the webserver serving up a different image according to the requester's IP. There are many others, those are just a couple that I have heard of. Essentially, foreign images in email create security issues by violating the semantics of email; it ceases to be a document, and becomes an application under the sender's control. Since, in email, the sender can be anyone who hasn't been actively blacklisted, this is very bad. -- Securiger 02:13, 31 May 2006 (UTC)
- Using an image to validate an email address or use is called a Web_beacon and is certainly a security and privacy issue. DaveGray 22:00, 4 February 2007 (UTC)
- Exploits of image files have occurred in the past and you can expect them to occur in the future. An image is essentially a binary format document, and as such is vulnerable to file fuzzing, buffer overflows, etc. In 2004 Microsoft released a security alert titled 'Microsoft Windows JPEG component buffer overflow', see  and. This exploit demonstrates the ability of viewing an image to take complete control of the affected system. From the article - "Microsoft's Graphic Device Interface Plus (GDI+) contains a vulnerability in the processing of JPEG images. This vulnerability may allow attackers to remotely execute arbitrary code on the affected system. Exploitation may occur as the result of viewing a malicious web site, reading an HTML-rendered email message, or opening a crafted JPEG image in any vulnerable application. The privileges gained by a remote attacker depend on the software component being attacked." This security issue was fixed and updates released to address the issue.DaveGray 22:00, 4 February 2007 (UTC)
- In Outlook 2003 (SP3) I'm able to view the HTML source by right clicking in the preview pane and e-mail. - Sheep —Preceding unsigned comment added by 188.8.131.52 (talk) 14:25, 15 July 2008 (UTC)
Nathan J. Yoder 11:36, 8 October 2005 (UTC)
In the last few days there's a link that was added, deleted as linkspam, and re-added. Question: What about most of the external links? Don't 3/4 of them qualify, as ads for add-on products?
looks like spam, it has two links under "Outlook Mobile Service"
h t t p : / / w w w . t x t i m p a c t . c o m / o u t l o o k s m s . a s p — Preceding unsigned comment added by 184.108.40.206 (talk) 23:14, 4 September 2012 (UTC)
Who is that guy and why is his opinion on Outlook so important it deserves to be mentionned here?
- Bill Joy is an important figure, but not remotely neutral on this issue; he's a major evangelist for the Java programming language. We could certainly quote him, but his possible bias should be indicated. And I would definitely like to see a citation for the claim that "His views are shared by many leading IT professionals." I have heard a lot of IT professionals discuss the endless security failures in Outlook and I haven't heard anyone else blame the implementation language; most folks I talk to agree that the software architecture is fundamentally insecure, in that Outlook uses the MSHTML engine to render HTML email, thereby tightly coupling it to Windows. (Of course, a lot of the early problems were caused by sheer bloody carelessness.) -- Securiger 08:24, 23 May 2006 (UTC)
Are there any tools out there to convert top-posted email chains to bottom-posted style? I'm thinking it shouldn't be too hard to write a new program from scratch to do that, but I also didn't want to reinvent the wheel if it had already been done. If there are such tools, their existence should probably be briefly mentioned in the article. 220.127.116.11 20:01, 28 October 2007 (UTC)
The previous edition of HTML Rendering went on and on and seemed VERY anti-MS to me. Code samples and long lists of elements seem unnecessary, especially when this small issue occupies more than half the original page.
I have trimmed it down and attempted to give it a less scathing tone (previously, it said thigns like: "Outlook 2007 is EVEN less standards compliant than before" etc), and instead focussed more on the fact that HTML rendering was intentionally crippled.
Is Outlook 2007 included in Office
The article says: "Office Outlook 2007 (version 12) included in Office 2007, except Office Home and Student edition"
However, the Microsoft article at http://office.microsoft.com/en-us/products/FX101635841033.aspx says that it's included with Basic, Standard, Professional Plus, and Enterprise, but not with Home & Student, Small Business, Professional, or Ultimate.
It is included in Ultimate. http://office.microsoft.com/en-ca/suites/FX101674121033.aspx 18.104.22.168 (talk) 01:57, 24 April 2008 (UTC)
- What's included with Business, Professional, and Ultimate versions is Outlook with Business Contact Manager. I guess Microsoft considers that a separate product? — User:ACupOfCoffee@
Someone wrote that Outlook 98 "freely distributed with books and magazines for coping with newest Internet standard such as HTML mail", it's even marked with an . Wasn't it the free Outlook Express that was freely distributed with books and magazines ?. Regards, Necessary Evil (talk) 16:16, 4 June 2008 (UTC)
- No, it was the full version of Outlook 98. See here. :-) - xpclient Talk 18:50, 4 June 2008 (UTC)
In the screenshot at the top of the article, Outlook has the black theme applied instead of the default(?) blue theme that the articles about the other parts of office are using, as well as in the article on Microsoft Office. Should they not be consistent in the color theme? —Preceding unsigned comment added by 22.214.171.124 (talk) 14:08, 11 August 2008 (UTC)
No criticism section?
- added a new section noting the rendering and compatibility issues. Oehr (talk) 22:04, 10 November 2012 (UTC)
Outlook Express 2003
Outlook Express 2003 in an efficient and rapid service of postal messages, that regards the European transport and informatic Protocol. The big Companies, so the societies, are very glad to send messages with virtual and economic mind.Substantially, the virtual implementation , is the social and economic Internet -way. All the messages, have got the transmission protocol and are very hospiced in their sites.the partners of this service sre two : the maker of message, and the man that receive-it. Both they have their adresses: For this reason the noble thing is the correct function of the mail addresses. If they are not hosting, they are nasty for the right implementation and destination. The correct annoucement of the right thing, is not bad. The correct parents - behaviour aids only question. The Statuitions of Strasburgo's rights remember that the personal dates are conserved objectively by the vandalism attacks and fraudolence. The worm trojan is "the great illusion " of questioning holders, because the human behaviour is object-oriented around the World Wide Web Consortium. This "great machine" gives us the chance of changement in the logic spam, through the necessary web slice, feed and accelerator. They certainly provide the right daily function and precision date-day. —Preceding unsigned comment added by 126.96.36.199 (talk) 17:45, 15 November 2009 (UTC)
- Apparently people might get confused because you called Outlook, Outlook Express, but Outlook Express is just the striped down version of Outlook 2003 from the Microsoft Office 2003 suite. [From WiiRocks566 (2.0)] [Lets talk] 18:51, 18 September 2011 (UTC)
I spent many years (many years ago) working on an SMTP/X.400 gateway and am no fan of TNEF, but I think it is a little strong to say it is not RFC complaint. The relevant RFCs allow any vendor to define their own "application/x-" bodyparts and IMHO it is merely bizarre and irritating that Microsoft chose one of those to represent "everything we send". So while it is unhelpful that multipart mails are not represented by the "message/multipart" type (maybe with each part represented by "application/x-tnef" or something) but instead *everything* is encapsualted in a blob of x-tnef and left to the client to disassemble (ruining, for example, IMAP servers that would otherwise be able to seve up individual bodyparts), it is not *illegal*. —Preceding unsigned comment added by 188.8.131.52 (talk) 13:57, 24 February 2010 (UTC)
I came accroos this tidbit on the net when searching for "This day in history" for June 10th.
1902 - The "outlook" or "see-through" envelope was patented by Americus F. Callahan.
Maybe that is how Microsoft named the application in the first place...
2007 features in 2010
The article states that 2010 has all the features of 2007. Almost, but not quite... http://social.technet.microsoft.com/Forums/en/outlook/thread/b4e02dc1-8f84-4173-9a9f-20c552effc08 Klopek007 (talk) 09:59, 1 July 2011 (UTC)
- You mean the SHIFT+Draging? But a Microsoft person said that it works on his computer. So, ... Fleet Command (talk) 11:31, 19 September 2011 (UTC)
Maximal Innovative Intelligence
Is there a special reason why Maximal Innovative Intelligence redirects here? The term is not mentioned in the text at all. — Preceding unsigned comment added by 184.108.40.206 (talk) 23:39, 23 October 2011 (UTC)
Business Contact Manager for Outlook redirects here
Outlook for Mac 2011 can't connect to Exchange 2000/2003 like Windows Outlook 2010 can, or like Entourage could. Came as a shock to some users I know when they found they couldn't use the shared calender. — Preceding unsigned comment added by 220.127.116.11 (talk) 11:38, 20 April 2012 (UTC)
Updating 2010 icon to 2013 icon
I hope someone can update the 2010 icon with the new 2013 version when the time is right.
The new icon is at: File:Microsoft-Outlook-2013-Icon.svg
Zywxn | 09:10, 11 August 2012 (UTC)