New articles and more


If you’ve been watching the Outlook developer portal recently, as of last Friday you noticed some new technical articles went live.

My first MSDN article, “Code Security Changes in Outlook 2007” went live. This document discusses some of the changes around the object model guard and code security that we’ve made for Outlook 2007. It also includes a list of blocked/guarded members in the object model for 2007.

Also posted last week was the beta 2 version of our sample add-ins. These samples have all been updated to be fully compatible with Office 2007 beta 2, and are a great resource for learning about some of the new extensibility areas in Outlook 2007. Randy and I have both worked hard on getting these add-ins developed, tested, and ready for you to start taking a look at. However, there are a few known issues with some of the add-ins, but these issues will not prevent you from learning a great deal about new Outlook extensibility. These add-ins will be updated again around RTM to be compatible with the RTM version of Outlook 2007.

In other news last week, a new version of Visual Studio Tools for Office (VSTO) was announced. The Cypress release, which should be available around the same time as the Office 2007 RTM, provides support for developing managed-code add-ins for some Office 2007 applications.

Also thanks to everyone who stopped by the VSTO booth in the green technical learning center last week at TechEd in Boston. It was great getting to talk with you about VSTO and your Outlook integrations, and learning more about your solutions!

Comments (4)

  1. Christian says:

    This modell of security is ridiculous and really really dumb.

    The whole shield for the outlook object modell itself should just go away WITHOUT checking for a running antivirus.

    I don’t want to run antivirus-software and I see no point in doing security work like that: Viruses can easily just click “Yes” on that dialog or use redemption themself.

    Or they can parse the PST-file directly, there is an open source project out there to parse PST-files.

    I don’t understand why this half-security is finding supporters among Microsoft.

    There is no privilege seperation between the virus/worm and Outlook and so every measure like the object shield is pointless.

    The next thing I will do is to find the documentation about this API and try to implement my own “DUMMY virus scanner” that will tell this stupid Security center that I’m fine and have antivirus, thank you.

    The people who invent these childish security mesasures must be some of the “low hires” that Mini-msft talks about: Incompetent people with too much time on their hand.

    What would be the right emailadress or blog to contact the person in charge of the idea to show confirmations for automation of Outlook unless virus scanner is present?

  2. rgregg says:

    Christian,

    You’ve got the right person to talk to about the OM guard behavior.  While it was invented and added to Outlook long before I ever was hired on, I’m the guy to talk to about it today.

    If you feel that it doesn’t provide any benefit for you, you can turn it off completely using the Trust Center in Outlook 2007.  Just click on the Programmatic Access tab, and then select the option to never prompt you.  Presto, no more warning messages when anyone automates Outlook.  Of course, you’ll need to be an administrator on your computer to make this decision.

  3. Yakov Zhmurov says:

    Ryan,

    In MSDN article you wrote: "In Outlook 2007, all COM add-ins are trusted by default".

    But my VSTO addin does not start in Office 2007 beta with default security settings. In the COM Add-in manager I see: "Not loaded. Certificate of signed and load at startup COM Add-in is not in trusted source list".

    Do you have any idea about such outlook 2007 behavior?