News Blog

On Monday, I described Vaita's free Outlook Duplicate Items Remover, an add-on that finds duplicate copies of Outlook messages, contacts, calendar entries, and tasks. Now, I'll continue to trim my bloated Outlook in-box by using another freebie: the Kopf Outlook Attachment Remover created by Bruno Marotta.

After you download the program and restart Outlook, you see a floating Attachment Remover toolbar that you can drag and dock at the top of the screen along with all the other toolbars to keep it from blocking your view. Click the toolbar's one-and-only button to open the program's one-and-only dialog box.

The Kopf Outlook Attachment Remover shrinks your in-box by storing attachments in a separate folder and placing links to the files in the original messages.

(Credit: Kopf/Bruno Marotta)

You can choose the folder to scan for attachments, the type of files to remove, the size limit (the default setting is to remove all file attachments more than 10KB in size), the folder to place the attachments in, and whether to replace the file with a link or text message, or to simply remove it.

The add-on will recreate the structure of the folders and subfolders you scan, but I wish it offered a way to separate attachments by file type or by sender prior to the scan. This would let me detach all the PDFs from my boss, for example.

Since Outlook Attachment Remover is donationware, be sure to drop a couple of bills in the hat if you find the program beneficial.

Wednesday: tweak the Registry to return missing icons to the system tray.

Sometimes I wish I was one of those people who manages to keep their e-mail inbox empty by assigning the messages they need to keep appropriately named folders and deleting the mail they don't need.

Most of my inboxes have thousands of entries dating back years. And since I've combined my ISP's POP mail account with my Gmail account, the inbox-overflow problem has gotten out of hand.

Rather than spending half a day manually removing the duplicates, I installed Vaita's free Outlook Duplicate Items Remover. The program places an "ODIR" entry on Outlook's standard toolbar. Click it and choose "Remove duplicate items" (or press Alt-O, R) to open the add-on's window showing your Outlook folders. Select one of the folders and click the "Remove duplicate items" button at the bottom of the window.

The free Outlook Duplicate Items Remover add-on makes finding and removing duplicate Outlook entries a breeze.

(Credit: Vaita)

In just a few minutes, I watched the number of items in my inbox shrink from 4,081 to a more reasonable 2,656 (and counting). The program places the duplicate messages in a folder named ODIR_Duplicate_Files. I looked through this folder for non-duplicates erroneously identified by the add-on but didn't spot any.

If you trust the program's ability to tell duplicates from singles, you can simply delete the contents of the ODIR_Duplicate_Files folder. I played it safe by moving the folder's files to compressed folder on a thumb drive before deleting them.

I may not save a ton of time or hard-drive storage space by ridding myself of duplicate Outlook files, but every little bit helps.

Tomorrow: pare Outlook further by removing the attachments from your messages.

Since I started using Gmail as my primary e-mail program a couple of years ago, I haven't missed much about Microsoft Outlook. However, there's one useful Outlook feature that Gmail lacks: the ability to delay sending all of your outgoing messages, or to set individual messages to be transmitted at a particular time in the future.

Have you ever wished you had reconsidered sending that e-mail to your boss, explaining in detail his shortcomings as a manager? Or perhaps you regret complaining to a client about her unprofessional behavior for canceling a meeting at the last minute--before learning that the cab she was riding in hit a bus.

We all react inappropriately on occasion, but some of us (myself included) have a chronic case of e-mail foot-in-mouth disease. I've managed to stay on the good side of my boss since I enforced a cooling-off period before any mail addressed to him actually gets sent. Outlook's rules make implementing the automatic delay simple.

Create a transmit-delay rule
To put your outgoing messages on hold in Outlook 2003 or 2007, click Tools > Rules and Alerts > New Rule. In Outlook 2003, choose "Start from a blank rule." In both versions, select "Check messages after sending," and click Next.

Choose "Check messages after sending" in Outlook's Rules Wizard to delay outgoing mail.

(Credit: Microsoft)

If you want to delay messages only to certain people, those with attachments, or mail sent from a specific account, make the appropriate choice in the top window of the Rules Wizard's next screen. To delay all outgoing messages, simply click Next, and select Yes at the warning.

Check "defer delivery by a number of minutes" in the next dialog box, click "a number of" in the lower pane, and enter the number of minutes you wish to delay your sent mail; the maximum is 120. Click OK and then Next.

Set the number of minutes you wish to delay your outgoing mail in the Outlook Rules Wizard.

(Credit: Microsoft)

To prepare for those times when you want a message dispatched immediately, check "except if it is marked as importance" in the list of exception options, click "importance" in the bottom pane, choose High in the drop-down menu that appears, click OK, and then Next. Give the rule a name, review its settings ("Turn on this rule" is selected by default), and click Finish.

Give your outgoing-delay rule a name, review its settings, and click Finish to implement it.

(Credit: Microsoft)

Set individual messages for later delivery
There may be times when you want only a certain message to be delivered sometime in the future. To set the delivery time and date for a particular e-mail in Outlook 2003, click Options > Options to open the Message Options dialog box. In Outlook 2007, click the Options tab and choose the Delay Delivery button in the More Options section of the ribbon.

In both versions, check "Do not deliver before," enter a date and time in the fields to the right, and click Close. The message will remain in your out-box until the time you specified.

Specify the date and time a message is sent in Outlook's Message Options dialog box.

(Credit: Microsoft)

Tomorrow: customize Vista's User Account Control settings.

If you like Microsoft's Outlook e-mail client software but hate the expense of licensing and running Exchange Server, Cemaphore Systems has a proposition for you: a subscription service that effectively lets people dump Exchange in favor of Google's cloud-computing infrastructure.

The product, called Mailshadow for Google Apps, or MailShadow G, is being made available in a beta test version on Wednesday, according to the company. Cemaphore says the product ultimately will be licensed via a monthly subscription fee.

Cemaphore says the service "instantaneously synchronizes e-mail, calendars, and contacts between Outlook, Exchange, and Gmail." Translation: If you want to get rid of Exchange and run your e-mail back end on Google, this is the product for you.

Much has been made of Google's challenge to Microsoft's desktop application hegemony. One of the key reasons for Microsoft's dominance is e-mail and Exchange, its e-mail and communications server. Once installed in companies, Exchange and Outlook form the backbone of a vital application that's difficult to migrate away from or replace.

In many instances, companies must license, install, and maintain multiple copies of Exchange in order to keep their e-mail infrastructure working. For smaller companies, the overhead can be substantial.

A cost-efficient way to eliminate internal management of e-mail infrastructure in favor of a cloud-based service, linked to Google's popular Gmail service, will likely appeal to many companies, large and small. Microsoft has in recent years worked with outside providers to offer hosted versions of Exchange.

Cemaphore Systems, founded in 2002, specializes in e-mail backup and caching systems that link to Exchange. The company says MailShadow will eventually work with other online e-mail services.

The battle for your in-box shows no signs of waning.

Despite the efforts of software companies large and small, spammers and phishers continue to find and exploit weaknesses in junk-mail filters at the server and client levels. After years of foil and parry between these two forces, you would think that Microsoft Outlook, the most widely used e-mail program in the world, would be a paragon of in-box defenses.

Then again, this is Microsoft we're talking about, a company not noted for being the paragon of anything more than profitability.

A few years back, Service Pack 2 for Office 2003 added phishing filters for Outlook that move suspicious messages to your Junk E-mail folder automatically and turn off links in the messages. Outlook 2007 was released about a year-and-a-half later with only a few new junk-mail defenses. In fact, the Junk E-mail Options screens of the two versions are nearly identical.

The junk e-mail options in Outlook 2003 don't offer many options.

(Credit: Microsoft)

The only difference between the Junk E-mail Options in Outlook 2007 and its predecessor are the bottom two options.

(Credit: Microsoft)

In the past, I have created a series of Outlook rules to stem the flow of junk to my in-box. The process is straightforward though somewhat time-consuming: Click Tools > Rules and Alerts > New Rule, and step through the Rules Wizard. You can also right-click a message you want to base the rule on and choose Create Rule, and then either make your selections, or click Advanced Options to open the Rules Wizard.

If you find yourself spending an inordinate amount of time dealing with junk e-mail, your best solution is a third-party spam and phishing filter. There are lots of free versions available for download, but the freebies either require too much work on your part to make them effective, or they work with only a single mail account, place text ads on your outgoing messages, or come up short in some other way.

Your best bet may be to bite the bullet and pay for a commercial junk-mail filter. My favorite is one that has been around for a long time: Cloudmark Desktop, which comes in versions for Outlook and Outlook Express, as well as for Mozilla Thunderbird. The program is available for a 15-day free trial. A one-year subscription for two PCs costs $40 (multiple licenses and volume discounts are available).

Cloudmark adds a toolbar to Outlook that lets you scan a folder for junk with a couple of clicks. It places spam and phishing attempts in a Spam folder and lets you block and unblock mail from specific senders. The program works quickly: It scanned a folder with more than 2,000 messages in just a couple of minutes, and I didn't notice any slowdown when I sent and received mail.

The Cloudmark Desktop junk-mail filter adds a toolbar to Outlook that lets you scan a folder for spam, and block or unblock specific senders.

(Credit: Cloudmark)

You get more control over how junk mail is treated via the program's Options menus, which let you scan for junk selectively rather than automatically, and change the location of your junk-mail folder. You can choose to delete the junk immediately, after a week, or after a month. Your Outlook contacts can be added to your trusted list with a single click, and you can see how many messages have been checked, how many were identified as spam automatically, and how many spam and phishing messages you've blocked.

Cloudmark Desktop's options let you change the folder your junk mail is stored in, and decide when to delete the junk.

(Credit: Cloudmark)

When you're ready to get serious about locking spammers and phishers out of your Outlook in-box, Cloudmark is ready to do the heavy lifting.

Monday: simple ways to speed up Windows shutdowns.

Microsoft today released its March 2008 security bulletin, which includes four bulletins, all deemed critical by Microsoft.

The most serious of these affects Microsoft Excel, which alone has six specific "Common Vulnerablities and Exposures" vulnerabilities noted, one of which has been exploited in the wild. The next most serious affects Microsoft Outlook. In that one, a vulnerability in how the software parses "mailto" URIs could lead to remote code execution. A third bulletin affects how various Microsoft Office apps open maliciously crafted files. The final bulletin concerns how Office interfaces with the Web and includes one vulnerability that has been known but unpatched since September 2006. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-014: Critical

Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)," this bulletin is critical for users of Microsoft Excel 2000 Service Pack 3, and important for users of Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2007, Microsoft Office Excel Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac. Not affected are Microsoft Works 8, 8.5, and 9, or Works suite 2005 and Works suite 2006. The update addresses vulnerabilities detailed in CVE-2008-0111, CVE-2008-0112, CVE-2008-0114, CVE-2008-0115, CVE-2008-0116, CVE-2008-0117, and CVE-2008-0081. Microsoft says, "an attacker who successfully exploited these vulnerabilities could take complete control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights."

MS08-015: Critical

Entitled "Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)," this bulletin affects users of Microsoft Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2, Outlook 2003 Service Pack 3, and Outlook 2007. Not affected are users of Outlook 2007 Service Pack 1. The update addresses the vulnerability detailed in CVE-2008-0110. Microsoft says this vulnerability "could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane."

MS08-016: Critical

Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac. Not affected are users of Microsoft Office 2003 Service Pack 3, Microsoft PowerPoint Viewer 2003, Microsoft Visio 2002 Service Pack 2, Microsoft Visio 2003 Viewer, Microsoft Word Viewer 2003, Microsoft Project 2000 Service Pack 1, Microsoft Project 2002 Service Pack 2, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, and Microsoft Office 2008 for Mac. The update addresses the vulnerability detailed in CVE-2008-0113 and CVE-2008-0118. Microsoft says, "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

MS08-017: Critical

Entitled "Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000, Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2. Not affected are users of Microsoft Works 8, Microsoft Works 9, Microsoft Works Suite 2005, Microsoft Works Suite 2006, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft BizTalk Server 2004, Microsoft BizTalk Server 2006, Microsoft Commerce Server 2000 Service Pack 1, Microsoft Commerce Server 2000 Service Pack 2, and Microsoft Commerce Server 2000 Service Pack 3, Microsoft Commerce Server 2002, Microsoft Commerce Server 2007, Internet Security and Acceleration Server 2004, and Internet Security and Acceleration Server 2006. This update addresses the vulnerability detailed in CVE-2006-4695 and CVE-2007-1201. Microsoft says, "these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Update 5:25 p.m. PT with other sync tools.

Online calendars are great but the problem is you tend to have one at work and a separate personal one. Now you can see events in both calendars at once, at least if you are using Google Calendar and Microsoft Outlook.

Google released Google Calendar Sync on Wednesday, which allows you to sync up those two calendars.

The tool gives you control over which direction you want the synchronization to go as well as how often you want it to happen.

The software was easy to install, and I was able to see the Outlook items in my Google Calendar but not the other way around for some reason. Oh well. Once I get this figured out it sure will be useful.

There are other Outlook calendar sync tools, but most aren't free. Jotlet announced two-synchronization with Outlook and its calendar last year. Another interesting one is Calgoo, a Java-based app that syncs online and offline calendars, including Google and Microsoft.

Google Calendar Sync lets you sync your Google Calendar with your Microsoft Outlook calendar.

(Credit: Google)

One of the most notable additions to Microsoft's 2007 Office System was the Trust Center, which centralizes the security options in Word, Excel, Outlook, PowerPoint, and the other applications in the suite. Of course, this being Office, it figures that many of the most important security features--including the new Document Inspector--also reside elsewhere.

To open the Trust Center in the 2007 versions of Word, Excel, PowerPoint, and Access, click the Office button, select the Options button at the bottom-right of the window, choose Trust Center in the left pane, and click the Trust Center Settings button in the right pane. In Outlook 2007 and Publisher 2007, click Tools > Trust Center.

The Trust Center in Microsoft Office 2007 apps centralizes most of security options in the programs.

The security options presented in the Trust Center vary from program to program, but you'll likely want to start by clicking the Privacy Options button. The third and fifth options under Privacy Settings in the right window are checked by default: Download a file periodically that helps determine system problems; and Check Microsoft Office documents that are from or link to suspicious Web sites (this last option is missing in Outlook 2007).

The 2007 versions of Word, Excel, PowerPoint, and Publisher list an option to remove personal information from file properties on save (this may be grayed out), as well as a Document Inspector button, which searches the file for comments, revisions, and hidden metadata. You can also access the Document Inspector in Word 2007, Excel 2007, and PowerPoint 2007 by clicking the Office button and choosing Prepare > Inspect Document.

Listed under the Trusted Publishers tab are the companies and organizations whose macros and add-ins have an approved digital signature. With Office 2007's default security settings selected, you see a warning in the Message Bar at the top of the file window whenever a macro or add-in from an entity not on this list tries to run. Click the Options button on the bar to open the Security Options dialog box, which provides information on the blocked content. Here you can choose to let the add-in run, trust all files from the publisher, or block it (the default setting). You can also click Show Signature Details to view more information.

You can also choose to allow all files from specific folders or other locations to open with no security warnings. Just click the Add new location button in the Trusted Locations window and enter the folder or network path, if you check "Allow Trusted Locations on my network (not recommended)" at the bottom of the window. Microsoft warns against enabling this option for a reason: It provides malicious VBA scripts entering via this location unfettered access to your applications, where they can wreak all sorts of havoc.

Add folder or network paths to your Trusted Locations list in Office 2007 to avoid the security warning when files they contain open.

The other Trust Center Settings tabs let you disable all add-ins, or adjust your macro and ActiveX settings. The default settings meet the needs of most users: "Prompt me before enabling all controls with minimal restrictions" for ActiveX, and "Disable all macros with notification" ("Warnings for signed macros; all unsigned macros are disabled" in Outlook 2007).

Outlook 2007 adds the E-mail Security dialog box, where you can choose to encrypt outgoing messages and attachments, and to read your incoming mail as plain text rather than as HTML. This option helps prevent malicious content in a message from running automatically (see yesterday's post), and you can view the HTML version of messages from people you trust by clicking the warning at the top of the of the window and choosing Display as HTML.

Many of the permission-restricting options in Office 2007 apps require Microsoft's Information Rights Management/Windows Rights Management Services, but you can limit who can read and work on your files without these services in Word 2007 by clicking Review > Protect Document > Restrict Formatting and Editing. In Excel 2007, click Review and choose one of the "Protect" options in the Changes area of the ribbon. You can restrict the Word styles that can be used, or password-protect the file, though the user-authentication options once again require IRM/WRMS. You can also assign a password to a file in Word, Excel, and PowerPoint by clicking the Office button, choosing Save As, clicking Tools at the bottom of the Save As dialog box, choosing General Options in the drop-down menu, entering the password, and clicking OK.

Add a password to a file in Word, Excel, or PowerPoint via the Tools button in the Save As dialog box.

Tomorrow: keep your passwords in order, with or without a password manager.

You trust Microsoft Office with your most important documents, spreadsheets, e-mail, and presentations. Unfortunately, many of the default security settings in Office applications may not provide a sufficient level of protection for your data, your system, and your reputation. Follow these steps to fine-tune the security settings in Office 2003; tomorrow I'll cover the new security options in Office 2007's Trust Center and elsewhere.

Office 2003 lets you encrypt files so that you need a password to read or edit them. In Word 2003, open the document and click Tools > Protect Document. To restrict the styles that can be applied to the file, check Limit formatting to a selection of styles, and click Settings. Uncheck the styles you don't want to allow, or choose one of the other style-restriction options, and click OK. To make the document read-only, check Allow only this type of editing in the document, and select one of the options in the drop-down menu: Tracked changes, Comments, Filling in forms, or No changes (Read only).

Choose an option in Word 2003's Protect Document dialog box to restrict access to the document.

You can also designate the people who can access the file by clicking More users, entering their user names or e-mail addresses, and clicking OK. When you're done, click Yes, Start Enforcing Protection. In the resulting dialog box, choose either Password and enter the password twice that will decrypt the file, or select User authentication, which allows the people you designate to remove the file's protection.

The User authentication option requires Microsoft's Information Rights management, which requires the Windows Rights Management client. This in turn requires a .NET Passport account, and your agreement to the "free trial," though there's no indication if or when the trial will end. Microsoft promises to maintain the privacy of your files, and to make them available for three months after the trial ends, if you maintain the .NET Passport account. There may be a good reason to go this route, but to keep things simple, I stick with the password option. To remove these settings, click Tools > Unprotect document, and enter the password (if you chose this method of protection).

Choose Password and enter the password that will open the file, or select User authentication to allow the people you designate to read, edit, and/or comment on the document.

To protect a worksheet or file in Excel 2003, click Tools > Protection, and choose your preferred protection method: Protect Sheet, Allow Users to Edit Ranges, Protect Workbook, or Protect and Share Workbook. If you choose the first option, you're prompted to enter a password to unlock the sheet, and you can limit the actions people can take when working on the sheet. The second selection opens a dialog box in which you can specify the ranges that will be unlocked by a password by clicking New and entering the ranges. You can allow specific people to edit, or list the users who can't edit the range without a password by clicking Permissions and entering their user or group names. The third and fourth options are similar to the first, but apply to the entire workbook rather than a specific worksheet.

In PowerPoint 2003, click Tools > Options > Security, enter a password that will let the presentation be opened or modified, and click the Advanced button to select an encryption type. This dialog box also lets you remove hidden data from the file, and adjust your macro security settings (the default allows only signed macros from trusted sources, though this is of questionable value since "trusted sources" is pretty meaningless).

Outlook 2003's security options let you encrypt outgoing attachments, restrict the sites that can send you scripts and active content (the same list that's in your Internet Options), and limit the receipt of images and file downloads. But two of the most important things you can do to protect yourself from malware in Outlook are to turn off the Reading Pane (aka Preview Pane), and to view your mail as plain text. To deactivate the Reading Pane, click View > Reading Pane > Off. And to switch from HTML mail to the safer plain text, click Tools > Options > E-mail Options, check Read all standard mail in plain text, and click OK. When you want to view a message in its original HTML format, click the beige message bar across the top of the message window and select Display as HTML.

Protect yourself from malicious messages in Outlook 2003 by selecting "Read all standard mail in plain text" in the program's E-mail Options.

Protect your reputation with the Remove Hidden Data tool: Maybe you're one of the many Office users who have suffered the embarrassment of sending someone (or a lot of someones) a file that hadn't had its revisions and comments deleted. To minimize the chances of the public seeing more of your files than you intend, download Microsoft's free Remove Hidden Data tool. (I described this program and four other great Office freebies in an earlier post.)

Tomorrow: get more out of the new security options in Office 2007.