Bernhard's Homepage

OLexport for Windows

Outlook Security

Protection against Malware

Microsoft Outlook generates a security warning, if external programs try to access certain information, e.g. e-mail addresses. This was first implemented in the Outlook 2000 SR-1 Security Update as a reaction of the ILOVEYOU virus. It prevents unintended access to sensitive information.

Outlook Warning

Unfortunately Microsoft hasn't implemented an easy way to suppress this warning for desired programs. Especially for often used scripts, this can be really annoying.

Free Tools to disable the Popup

Let's begin with a warning:
Disabling the Outlook security dialog might decrease your security against viruses and other malware.

On the internet I found two free tools, that deal with the Outlook warning popup:

I haven't tried them, as I don't have the neccessary rights to install software on my company's computer.

Dirty Trick

In Reinforcing Dialog-Based Security Martin C. Carlisle and Scott D. Studer demonstrate how to get around the security dialog using VBScript code and the SendKeys method to click the buttons on the prompt.

Amazingly this 5 year old trick still works.

Of course this was meant as a warning to Microsoft to enhance their security and not as a way to improve an application. Nevertheless I was curious enough to give it a try.

I implemented a slightly modified approach. The calling program (OLexport in my case) and the module, that answers the Outlook warning dialog, are combined as seperate modules in one windows script file (.wsf). The key sequence for closing the warning popup has been modified to work with Outlook 2002 in the english and german language versions. Maybe they also work Outlook 2003 and other languages.

The warning suppressing module waits for the security popup, sends the keystrokes to grant access and puts the OLexport progress bar in the front again. All that with some few lines of code.

Set wshell = CreateObject("WScript.Shell")

' Wait for outlook warning popup
i = 1000
While i > 0 And wshell.AppActivate("Microsoft Outlook") = FALSE
    WScript.Sleep 100
    i = i - 1
Wend

If i > 0 Then
    ' magic: needed to activate outlook popup
    wshell.SendKeys "", True
    ' grant access for 1 minute
    If wshell.AppActivate("Microsoft Outlook") Then _
        wshell.SendKeys "{TAB}{TAB} {TAB}{TAB} ", True
    ' show OLexport progress bar
    WScript.Sleep 600
    If wshell.AppActivate("http:// - Progress Bar") = FALSE Then _
       wshell.AppActivate("Progress Bar")
End If

I've successfully tested this code on Windows 2000 and XP with Outlook 2002.

I don't want this hack as a part of the „official“ OLexport distribution. But all interesting parties may study it by downloading OLexport_unsupported.zip. The file name says it all. This is totally unsupported, you are on your own.

References

For a detailed discussion about Outlook security see http://www.slipstick.com/outlook/esecup.htm.