Comments on: Why I’ll Never Use Outlook

By: spivey

spivey — Wed, 31 Dec 1969 19:00:00 +0000

um… that’s not so good.

By: Andy

Andy — Wed, 31 Dec 1969 19:00:00 +0000

Brilliant and EVIL!

By: leonard

leonard — Wed, 31 Dec 1969 19:00:00 +0000

watch out andre! >;)

By: Greg Reinacker

Greg Reinacker — Wed, 31 Dec 1969 19:00:00 +0000

I have posted comments related to NewsGator and this issue at http://www.newsgator.com/news/archive.aspx?post=3.

By: Bill Kearney

Bill Kearney — Wed, 31 Dec 1969 19:00:00 +0000

This is not a new issue. It’s been raised many times in the past. Putting scripting inside RSS items it evil. Anything that handles RSS should attempt to neuter said scripts if it finds it. This is an extra, and possibly tedious, step but one that cannot be reasonably argued against. The one argument being a customized channel that has legitimate intentions. This isn’t an unreasonable idea. But it seems like it’d be something that required a per-feed preference setting of some kind that allowed that channel to get away with that sort of stuff.

This opens the can of worms about digitally signed scripts and embedded code. If a feed intended to have such wonderful things done that it required scripting then it aught then take the bigger step up to using PKI. An ugly analogy, perhaps, is if you want promiscuity then bring protection.

By: andy

andy — Wed, 31 Dec 1969 19:00:00 +0000

Still, the problem seems to me to rest solely with outlook. Why should any ‘foreign’ script be allowed to perform operations like reading the address book or sending email without the user’s permission.

Seems to me that applying some logical security ideas in the development of Outlook would save everyone a lot of time and effort. I understand MS wants there to be the possibility of ‘active content’, but that is an issue web browsers have been dealing with for years. Why not use some of the same frameworks in Outlook?