Self defeating security

Earlier this week, I was trying to sort out problems with a plugin for Microsoft Outlook 2007. While editing the registry to remove the key for the offending item, I noticed another key: Redemption · ·. This looked a little odd and, fearing that I had an infection, I did a little investigation.

It turns out that Redemption is a tool for developers of Outlook plugins, that “works around limitations imposed by the Outlook Security Patch and Service Pack 2 of MS Office 98/2000 and Office 2002/2003/2007/2010 (which include Security Patch).” The developers of Redemption do advise a number of precautions to take, in order to mitigate the risk arising from their tool. As an end-user of Outlook, though, you are largely at the mercy of the developer of the plugin that installed it, and have to sincerely hope that they have enabled these features. If not, the one who gets redeemed with be the malware writer.

I have no experience of developing Outlook plugins, so cannot comment on how onerous the limitations imposed by the security patch are. I do feel, though, that there must be something seriously wrong with your security model, if it leads developers to actively seek ways to get around it.



Speak to me...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: