Necessary information
Advanced Security does not belong to the software that can be used without reading the documentation. Even if your PC skills are quite moderate, read this section to the end. It is better to do it once then constantly click Yes or become a victim of a virus.
Microsoft Outlook 2000 is the last version that has no built-in security system. Some time after its release, Outlook 2000 and Outlook 98 got E-mail Security Update that was also included in all Service Packs and later program versions. Moreover, the list of protected programming interfaces gets modified and enlarged in each new update or new version. Thus, in one of the versions the access to message incoming date was even forbidden (it remains unknown whether it was the developers' mistake, but later on this restriction was dropped).
There are two main programming libraries used for working with Outlook that fall under the activity of the security system: the Outlook object model (known as Outlook API and implemented in the module OUTLLIB.DLL, and since Outlook 2007 in OUTLOOK.EXE module) and the CDO library (Collaboration Data Objects, implemented in the module CDO.DLL). The CDO library is installed optionally during the installation of Outlook and is not present on all computers. Since Outlook 2003 version, you should download CDO library from Microsoft web site and the latest versions has no security system.
There are two more Outlook programming interfaces similar in their names, but having nothing more in common. Simple MAPI (implemented in the libraries MAPI32.DLL and MSMAPI32.DLL, or OLMAPI32.DLL since Outlook 2007) and Extended MAPI. Simple MAPI is a very simple interface consisting of 12 functions used, for instance, in Internet Explorer when sending web pages via e-mail. Simple MAPI falls under the activity of the security system. Extended MAPI is a complex low-level programming interface that is not affected by the security system. That is why we will not talk about it further on.
All the described programming interfaces can be used not only in Outlook add-ins, but also in standalone applications (started separately). If Outlook API is used in such a way, Microsoft Outlook will be started in all cases (though its window may remain invisible), but if CDO and Simple MAPI are used, Microsoft Outlook is not started. In other words, Outlook API is always used in the context of Microsoft Outlook, while CDO and Simple MAPI are used in the context of the application calling them (if this application is an Microsoft Outlook add-in, it will naturally be the Microsoft Outlook context).
All the information you should learn from this section is presented in the table (the last two lines will be explained later). Outlook API CDO Simple MAPI
Module OUTLLIB.DLL
OUTLOOK.EXE CDO.DLL MAPI32.DLL
MSMAPI32.DLL
OLMAPI32.DLL
Context Microsoft Outlook Application Application
Assigning an action in ASO Always Only in the Microsoft Outlook context Only in the Microsoft Outlook context
Quantity of incidents 80% 15% 5%
As you can see from the table, Advanced Security does not allow you to specify an action for security alerts in all cases (to do that, it would be necessary to implement it in all applications working on the computer). Advanced Security will not process security alerts in programs that use CDO and Simple MAPI, unless these programs are Outlook add-ins.
The quantity of incidents given in the table is a fairly relative indicator. For example, Simple MAPI is used in virtually all programs that send some data via e-mail. A typical example is sending a web page in Microsoft Internet Explorer. Simple MAPI is supported in all mail clients, but no mail client uses Simple MAPI to send mail invisibly to the user, and that is why sending anything from a program via Simple MAPI is initiated by the user and that is why this interface is barely used in malicious software.
Though it is stated above that Advanced Security does not allow you to specify an action in all cases, you can always use Advanced Security to determine the violator. If Advanced Security fails to intercept the security system alert, you can view the list of running programs in a special window where critical libraries used by these programs are indicated and identify the "violator" in such a way.
Now you know enough to start using the program. And now if you have any doubts whatsoever concerning the interpretation of data the program provides you with when the security system is triggered for the first time, welcome to the "Alert investigation" section.
Sign up with Google
