{"id":22,"date":"2006-10-04T22:28:18","date_gmt":"2006-10-04T21:28:18","guid":{"rendered":"http:\/\/dalelane.co.uk\/blog\/?p=22"},"modified":"2006-10-05T00:39:27","modified_gmt":"2006-10-04T23:39:27","slug":"why-outlook-has-started-seeing-me-as-a-security-risk","status":"publish","type":"post","link":"https:\/\/dalelane.co.uk\/blog\/?p=22","title":{"rendered":"Why Outlook has started seeing me as a security risk"},"content":{"rendered":"<p>I wrote a bunch of <a href=\"http:\/\/dalelane.co.uk\/addtask\/\" target=\"_blank\">command-line apps<\/a> a while ago that let me control my Outlook task list. As a big <a href=\"http:\/\/www.davidco.com\/what_is_gtd.php\" title=\"Getting Things Done\" target=\"_blank\">GTD devotee<\/a>, everything that I do revolves around my task list. And as someone who spends a lot of time at the command prompt, these apps mean being able to add something to my task list when I think of it &#8211; without interrupting what I am doing. It means not needing to <a title=\"wikipedia reference: alt-tab\" href=\"http:\/\/en.wikipedia.org\/wiki\/Alt-Tab\">Alt-Tab<\/a> to Microsoft Outlook, waiting for it to wake up, opening a new Form&#8230; all of which takes me away from what I was doing when I thought of whatever task needed capturing on my list.<\/p>\n<p>But recently, Outlook started throwing up security warnings when I use them&#8230; which means I have to Alt-Tab to Outlook anyway to tick the box telling it it&#8217;s not under attack. \ud83d\ude41 <\/p>\n<p><!--more--><img decoding=\"async\" src=\"http:\/\/dalelane.co.uk\/blog\/post-images\/061004-dialog.gif\" alt=\"Screenshot of the Outlook security warning dialog\" \/> <\/p>\n<p>To give a little background, there are four main programs:<\/p>\n<ul>\n<li><strong>addtask<\/strong> (&#8220;t&#8221;) &#8211; adds a new task to my Outlook todo list<br \/>\n<code>C:\\>t \"Work out why Outlook is a pain\" @Computer<\/code>\n <\/li>\n<li><strong>listtasks<\/strong> (&#8220;l&#8221;) &#8211; shows a filtered, sorted list of my Outlook todo list<br \/>\n<code>C:\\>l @Computer today<br \/>\n   1 h &nbsp; Do this<br \/>\n   2 h o Do that<br \/>\n   3 &nbsp; &nbsp; Do the other<br \/>\n   4 &nbsp; &nbsp; Work out why Outlook is a pain<br \/>\n   5 l &nbsp; Do something unimportant<br \/>\n<\/code>\n<\/li>\n<li><strong>opentask<\/strong> (&#8220;o&#8221;) &#8211; shows detailed information about a single task<br \/>\n<code>C:\\>o 4<br \/>\n===================================<br \/>\nSubject:  Work out why Outlook is a pain<br \/>\n---------------------------------------------<br \/>\nCategory: @Computer<br \/>\n---------------------------------------------<br \/>\nStart:    none<br \/>\nDue:      none<br \/>\n---------------------------------------------<br \/>\nNotes:<\/p>\n<p> ===================================<\/code>\n<\/li>\n<li><strong>completetask<\/strong> (&#8220;c&#8221;) &#8211; marks a task as complete<br \/>\n<code><\/code><code>C:\\>c 4<br \/>\nMarked complete: Work out why Outlook is a pain<br \/>\n &nbsp; This task was 0 days old<br \/>\n<\/code>\n<\/li>\n<\/ul>\n<p>They all take a ton of different arguments &#8211; to play with start dates, due dates, categories and so on &#8211; but you get the basic idea. <\/p>\n<p>It was surprising &#8211; I haven&#8217;t made any recent changes to the programs, they&#8217;d not caused this before, and regardless of what the error message was claiming, I wasn&#8217;t going anywhere near email addresses! <\/p>\n<p>I found articles like this <a href=\"http:\/\/support.microsoft.com\/?kbid=262701\" target=\"_blank\">Microsoft KB<\/a> which talked about the error dialog I was seeing, saying that:<\/p>\n<blockquote><p>You receive the confirmation dialog box when a&#8230; program tries to &#8230; access the following features of the Outlook object model:<\/p>\n<ul>\n<li>The following properties of a TaskItem object:\n<ul>\n<li>ContactNames<\/li>\n<li>Contacts<\/li>\n<li>Delegator<\/li>\n<li>Owner<\/li>\n<li>StatusUpdateRecipients<\/li>\n<li>StatusOnCompletionRecipients <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/blockquote>\n<p>So, essentially anything that could have an email address (which makes sense, given the message in the dialog box). But I wasn&#8217;t going near any of those fields. <\/p>\n<p>The answer showed up in an <a title=\"What's New in Microsoft Office Outlook 2003 for Developers?\" target=\"_blank\"  href=\"http:\/\/msdn.microsoft.com\/library\/en-us\/odc_ol2003_ta\/html\/odc_OLWhatsNew2k3.asp?frame=true#odc_olwhatsnew2k3_revisedandimprovedsecuritymodel\">msdn developers article<\/a>. In Outlook 2003, Microsoft updated the security model to &#8220;&#8230;add protection to the body properties of all items.&#8221; <\/p>\n<p>My OpenTask program displays the notes for the task item that it opens &#8211; stored in the Outlook model as TaskItem.Body. As an impoverished geek, I&#8217;m still actually using Outlook 2002. But a few posts I found in newsgroups confirmed that this updated security model was included in Service Pack 3 (SP3) of Outlook 2002. That was the answer &#8211; Windows Update history shows that SP3 was installed a few days ago, which must&#8217;ve been when these dialogs started popping up. <\/p>\n<p>So, what&#8217;s the answer? Well, first thing I did was to add a bit of error-handling to the programs to stop them dying if someone clicks the &#8216;No&#8217; button to deny access to Outlook! That doesn&#8217;t solve the problem that the dialogs are popping up anyway. From what I&#8217;ve found so far, it looks like the best answer might be to rewrite the app using &#8216;Extended MAPI&#8217;<\/p>\n<blockquote><p>&#8230;external programs &#8230; can fully utilize Extended MAPI to avoid security warnings generated by the Outlook object model guard&#8230;<\/p><\/blockquote>\n<p>That&#8217;s something for another night, I think &#8211; should probably get on with some actual work now! <\/p>\n<p>Damn security &#8211; might be easier to just remove SP3 \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wrote a bunch of command-line apps a while ago that let me control my Outlook task list. As a big GTD devotee, everything that I do revolves around my task list. And as someone who spends a lot of time at the command prompt, these apps mean being able to add something to my [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-22","post","type-post","status-publish","format-standard","hentry","category-code"],"_links":{"self":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/22","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=22"}],"version-history":[{"count":0,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/22\/revisions"}],"wp:attachment":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=22"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=22"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=22"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}