The controversy surrounding the Outlook E-mail Security Update continues. Administrators seem to be shunning it -- at least we haven't seen much discussion on the Swynk.com list for Exchange Server administrators about implementing the security overrides available in the final version. Based on what we've seen in the newsgroups, the biggest problem for standalone users is that some people didn't read the details of what the patch does, installed it and were shocked to find out that it removes access to certain files in incoming messages. (See http://www.slipstick.com/outlook/esecup/getexe.htm for several ways to get to those blocked files if you find yourself in that situation.)

The next biggest problem is removing the patch. For Outlook 98, it's a simple matter of removing it through Control Panel, Add/Remove Programs. For Outlook 2000, the conventional wisdom from Microsoft (and our own original testing) is that you need to remove Office 2000, then reinstall it. Interestingly, though, several people on the newsgroups have reported good results from just replacing two Outlook application files with the corresponding files from the original Office CD. The two files are Outllib.dll from the Office folder and Outllibr.dll from the Office\1033 folder. This is an unsupported method and probably does not fix all the aspects of the patch, however. Implement at your own risk.

What about future service releases for Outlook 2000? I think you'll see this security patch incorporated directly into SR-2, assuming there is another service release. I'd like to be wrong about this, but I don't think Microsoft will be devoting resources to creating a more flexible version of the Outlook 98 and Outlook 2000 patch that gives standalone and non-Exchange Server users more choices in what features to enable.

Where I hope they're putting the effort is in the next version of Outlook. The current patch was a quick job, put together in an extremely short period of time, considering its complexity. In the long run, a more sophisticated approach is needed. At the very least, there must be some way to allow "trusted" Outlook add-ins to use the object model without displaying prompts to the user. If Microsoft can't deliver this, developers may abandon Outlook as a platform. Ideally, the next version of Outlook would ship with strict security as the default, but allow some mechanism for changing the settings in such a way that writers of malicious code could not also get to them and make changes. Stay tuned.

One positive note: In the last issue of EMO, we complained that Microsoft had left Outlook 98 users potentially less protected than before by withdrawing the original Attachment Security Update from summer 1999, which was a good alternative for people who found the more recent update too restrictive. We're happy to report that Microsoft has made the earlier update available once more. You'll find the download link on our page at http://www.slipstick.com/addins/utilities/attsecup.htm.

A new generation of Pocket PC handhelds is coming from Compaq, HP and Casio -- maybe others -- with Outlook 2000 in the box so people can use the same data on the handheld devices as on their desktop systems. We've had a page on sync utilities at http://www.slipstick.com/addins/olpda.htm for some time, but I fear it may be woefully out of date. True confession: I don't use a handheld myself, because I just haven't had any compelling need for one. (I'm usually a step behind the times on gadgets, though I did pick up an MP3 player recently.) So, we haven't done much exploring of these utilities.

What we do know is this -- there are two key questions you may want to ask when you choose a sync utility:

Can it handle items that use custom forms and custom fields?

Can it synchronize Exchange Server public folders and other users' mailbox folders?

Are there other issues you're concerned about? What about the existing crop of sync utilities -- which really measure up? Drop us a line at mailto:emo@slipstick.com?subject=sync if you have an opinion.

If you visit the Office Update web site at http://officeupdate.microsoft.com as often as I do, you may have noticed that among the eServices is a link to something called "Professional Staffing." Exploring that link eventually takes you to the eWork Exchange site at http://www.ework.com. The idea behind eWork is to provide an affordable, secure meeting place for potential buyers and sellers of various services. To date, eWork lists more than $1 billion in projects and $2 billion in services offered. Software development is the service most traded on this work exchange.

The reason this interests us is that we get several messages a week from companies and individuals looking for help with Outlook and Exchange issues. Up until now, we have not had a good way to help link up with those projects with qualified developers or support experts. We've even toyed with providing our own listing of developers and a related project exchange, but haven't had time to work through all the technical and legal issues involved. Maybe eWork is the answer. There are a few other exchanges on the Web that focus on programming projects, but my guess is that the Office Update tie-in may make eWork the preferred forum for people and companies looking for projects or help with projects involving Outlook.