Knowing.NET
Software development industry analysis by Larry O'Brien, the former editor of Software Development and Computer Language
Monday, September 29, 2003
Philip Greenspun Had Lets Bash Microsoft Day Over The Weekend An

Philip Greenspun had Let's Bash Microsoft Day over the weekend and I couldn't resist Scoble-baiting. Sure enough, Scoble defended the Outlook / VBA security model: "...it's impossible to double-click on executables in Outlook 2003, so the chances you'd get a virus now are very small...." Oh dear, now I am worried that he's drunk the Kool Aid. Less than a month after Sobig.f and they defend the VBA model?

Office 2003 allows side-by-side execution of the VBA security model and the .NET Framework security model, which strikes me as profoundly schizophrenic (as in, simultaneously promoting two obviously contradictory premises). On the one hand, Visual Studio Tools for Office not only recognizes that maliciousness must be suspected in all received documents but that such suspicion is even more appropriate with documents, those most ubiquitous and mobile bags of bits. In VSTO, permissions are reduced even for those documents whose macros / programs originate in the Intranet zone! Yes! Good! Slightly paranoid, but you know what? They are out to get you! 

But you can still get a document that has the same-old brain-dead all-or-nothing "Do you trust the person who sent you this?" macro enabling dialogue and, sure enough, VBA macros can still open up the Outlook object model and iterate over Contacts. Contrast that with ""Microsoft just shipped OneNote. It doesn't have an API. Why? Because of security issues." Guess who said that?

Monday, September 29, 2003 5:09:40 AM (Hawaiian Standard Time, UTC-10:00) |  Disqus link  | #
Subscribe: RSS 2.0 Atom 1.0
Copyright 2008 Larry O'Brien
newtelligence dasBlog 1.9.7174.0
Search
About Larry...
Flickr photostream
Subscribe: RSS 2.0 Atom 1.0
Popular Articles
Programming Sabre with Java, C#, and XML
Genetic Programming in C#
15 Exercises To Know A Programming Language
Top 10 Things I've Learned About Computers From the Movies and Any Episode of "24"
Recently Published Articles
Extreme Program
Dynamic Might
No Silver Programmers
HI
KonaKoder
Categories
 All Categories
 
 
 
 
 
 
 
  Languages
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Archive
November, 2008 (1)
September, 2008 (2)
August, 2008 (6)
July, 2008 (12)
June, 2008 (3)
May, 2008 (1)
April, 2008 (11)
March, 2008 (11)
February, 2008 (24)
January, 2008 (20)
December, 2007 (18)
November, 2007 (25)
October, 2007 (27)
September, 2007 (16)
August, 2007 (28)
July, 2007 (46)
June, 2007 (41)
May, 2007 (23)
April, 2007 (26)
March, 2007 (23)
February, 2007 (27)
January, 2007 (36)
December, 2006 (31)
November, 2006 (24)
October, 2006 (35)
September, 2006 (52)
August, 2006 (56)
July, 2006 (34)
June, 2006 (63)
May, 2006 (45)
April, 2006 (29)
March, 2006 (30)
February, 2006 (17)
January, 2006 (11)
December, 2005 (27)
November, 2005 (8)
October, 2005 (21)
September, 2005 (48)
August, 2005 (14)
July, 2005 (17)
June, 2005 (8)
May, 2005 (10)
April, 2005 (10)
March, 2005 (43)
February, 2005 (21)
January, 2005 (22)
December, 2004 (69)
November, 2004 (46)
October, 2004 (28)
September, 2004 (8)
August, 2004 (5)
July, 2004 (1)
June, 2004 (27)
May, 2004 (12)
April, 2004 (45)
March, 2004 (89)
February, 2004 (37)
January, 2004 (10)
December, 2003 (42)
November, 2003 (52)
October, 2003 (32)
September, 2003 (16)
August, 2003 (20)
July, 2003 (20)
June, 2003 (26)
May, 2003 (20)
April, 2003 (3)
March, 2003 (1)
February, 2003 (11)
January, 2003 (16)
December, 2002 (23)
November, 2002 (26)
October, 2002 (38)
September, 2002 (55)
August, 2002 (4)
July, 2002 (3)
June, 2002 (3)
Admin Login
Sign In
Toolroll
 Altova XMLSpy
 IDEA
 Kindle
 Newsgator
 Ruby
 Sciral Consistency
 Timettracker
 Windows LiveWriter