Encyclopedia  |   World Factbook  |   World Flags  |   Reference Tables  |   List of Lists     
   Academic Disciplines  |   Historical Timeline  |   Themed Timelines  |   Biographies  |   How-Tos     
Sponsor by The Tattoo Collection
Outlook Express
Main Page | See live article | Alphabetical index

Outlook Express

Microsoft Outlook Express is a email client and NNTP news reader bundled with operating systems by Microsoft. Outlook and Outlook Express are distinct platforms which do not share common code, but do share a common arcitectural philosophy. The similar names lead many people to incorrectly conclude that Outlook Express is a "stripped" version of Outlook. Outlook Express is bundled with Internet Explorer, and may or may not be freely available if future versions are released. Microsoft state that "further enhancements to security" will require future versions of Internet Explorer (and thus Outlook) will be able to run only on a newly secured operating platform, Longhorn.

Windows 95 included Internet Mail and News, a simple precursor to Outlook Express. Internet Mail and News handled plain text email (not HTML mail), and had none of the security holes Outlook is known for. In an astonishing oversight, Microsoft failed to provide it with a way to back up the address book — something that would later create a great deal of frustration among users.

With the fully-fledged Outlook Express product, Microsoft's vision for integrated web applications resulted in a semi-merger of the browser and the mail client, with full scripting support. However, this blurred the normal distinction between trusted application, a beneign e-mail, and a remote webpage. Outlook's ability to execute Javascript and display remote images were at the root of many of its later security and privacy issues.

In the "Welcome e-mail" for both Outlook and Outlook Express, Microsoft acknowledged that with new HTML e-mail, security was a risk. And they described their plan for foiling the security risk. Outlook and Internet Explorer both featured security zones — a feature neither found in nor needed by competing products. The zones were Intranet, Internet, Trusted, and Restricted. Internet was for any site not in a zone. Trusted sites could do things without asking user's permission, and was clearly designed for administrators who wanted to allow updating without any confusion. AOL used it to add http://free.aol.com to ensure that users who wanted to download their online service client software didn't have to grant them permission via an ActiveX certificate dialog box whose well-warranted warning might scare away potential customers. That required an Internet Explorer hack that should not have been possible if Microsoft's zones had worked as intended. The security zones were supposed to be user-controlled.

But that was a relatively benign breach due to Microsoft's implemention of the plan. Another flaw was the fact that the "Restricted" security zone wasn't restrictive enough. A script could automatically open as an attachment. (Another mitigating factor was a bug in Outlook's attachment handling that allowed an executable to be appear to be a harmless attachment such as a graphics file.) This bug was later fixed so that only the last . represented the end of the filename and the beginning of the file extension--the correct behavior for the Windows filesystem. Opening or previewing an e-mail can cause code to run without the user's knowledge or consent. A host of viruses exploited this. See Outlook and Trustworthy Computing Intiative for more information on how Microsoft has responded.

Outlook Express has earned a reputation as the de facto standard email client because of its wide availability, and also as the de facto vector of wormss and viruseses.

As of late, Microsoft has talked of halting development on Outlook Express, but has not stopped support or use of the software with its Windows operating system.