Redirected from Microsoft Outlook Express
Microsoft claims possible end to a freely downloadable browser is due to the fact that "further enhancements to security" will require Internet Explorer to be run only on a newly secured platform, Longhorn.
An installer icon for Internet Explorer 3.0 eventually made its way through Windows history to the Windows 95 desktop. It included Internet Explorer Mail and News, a precursor to Outlook Express. Internet Mail and News was just plain text, and had none of the security holes Outlook is known for. (It did support HTML as an attachment, but would not display it in-line.)
When Microsoft announced Outlook Express, they announced that they had created a mail client better than Eudora. It supported HTML composition, something only Eudora Pro[?] supported. However, Eudora also supported (in both pro and light versions) limited HTML support (it definitely supported hyperlinking-- it is debatable whether it supported W3C standards for rich text, but it did support it. It did not support the displaying of remote images, nor tables, nor javascript. Javascript and remote images were the cause of many of its security and privacy issues. But to single its incorrigible ability to be exploited to two elements is to not admonish sufficiently. Outlook Express is as insecure as Internet Explorer, because they allowed the distinction to blur between a trusted application, a beneign e-mail, and a remote webpage. Their vision for web applications caused them to integrate the browser into the mail client, with full scripting support.
In the "Welcome e-mail" for both Outlook and Outlook Express, Microsoft acknowledged that with new HTML e-mail, security was a risk. And they described their plan for foiling the security risk. Outlook and Internet Explorer both featured security zones-- a feature still not found in any of the competition. The zones were Intranet, Internet, Trusted, and Restricted. Internet was for any site not in a zone. Trusted sites could do things without asking user's permission, and was clearly designed for administrators who wanted to allow updating without any confusion. AOL used it to add http://free.aol.com to ensure that users who wanted to download their online service client software didn't have to grant them permission via an ActiveX certificate box whose well-warranted warning might scare away potential customers. (That required an Internet Explorer modification. The problem: the security zones were supposed to be user controlled.)
But that was a relatively beneign breach due to Microsoft's implemention of the plan. Another flaw was the fact that the "Restricted" security zone wasn't restrictive enough. A script could automatically open an attachment. And all of the sudden opening an e-mail (or previewing an e-mail, the preview pane was copied from Eudora Pro, but it was a relatively recent phonomenon in mail clients), could cause code to run without your express knowledge or consent. Viruses exploited this. See Outlook and Trustworthy Computing[?] for more information on how Microsoft has responded.
When something becomes the de-facto standard, it gains respect. And I think we can say that Outlook Express has the respect of many, because of its "just-right" combination of filtering (more powerful than Eudora Light's was at the time), HTML composition, and excellent graphical user interface, some optional pieces, like the folder list, were copied from the previously released Outlook. Others, like the Draft folder, were Microsoft's own invention. The draft folder has been copied by numerous mail clients, except interestingly Eudora (which has maintained its legacy.. its popular In and Out metaphor, its Out box handling queued and sent messages.)
wikipedia.org dumped 2003-03-17 with terodump