
	Home > Microsoft Exchange News > Address Book and object model security

Microsoft Exchange News:

EMAIL THIS

Address Book and object model security

By Paul Robichaux
17 May 2004 | SearchExchange.com

Digg This!

StumbleUpon

Del.icio.us

The following is tip #2 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return to the main page for more tips on this topic.

Outlook supports the Office object model, so you can write scripts and programs that automate repetitive actions. This is a double-edged sword: it's very useful to allow some programs (like synchroniza-tion tools for personal digital assistants [PDAs] or customer relationship management programs) to access contact information, but the same interfaces can be used by viruses or other malicious executables to propagate.

In fact, many macro viruses invade the victim's address book to get addresses to which they can mail themselves; because the security update makes this harder, some virus creators have now switched to scanning local files and harvesting e-mail addresses from them.

To help counter this behavior, Outlook versions that include the Outlook Security Update 2003 turn on object model guards that restrict what outside applications can tell Outlook to do. There are three categories of object model guard: one category restricts calls made with the Simple Messaging Application Programming Interface (Simple MAPI; don't confuse Simple MAPI with Extended MAPI, which is not subject to the object model guard mechanism), one restricts calls made with the Outlook object model, and the third covers calls made using the Collaboration Data Objects (CDO) method. I describe the specific types of access you can guard against later in the chapter.

Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.

About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert and spent way too much time playing video games.

Digg This! StumbleUpon Del.icio.us

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

E-mail Security - Spam Filtering, Anti Virus, Password Management, Exchange Server Permissions

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy