Huzzah! Gaping security holes that will haunt Office users for the rest of the whole "office experience". Office11 was doing fine until this came along side.

First post, word to your mothers.

Its amazing how people assume that a product will be insecure and full of holes. have you even looked at any MS products lately?
Prolly not, i'm sure you're using all that other software that has NO bugs and NO security holes... you're so lucky to be enlightened in such a way...

I use Windows 2000 Professional as my main OS and I'm well aware of the security holes it has. Linux, I'm well aware, has the same amount if not more than Windows it's just that people don't go trying to find holes in it. For the record, I'm an official beta tester for Office 11 and any time MS adds something like this what's the most common security hole? Buffer overflows. Just like everything else. No need to be such a prick.

the key question i have is why do they keep adding crap that hardly anyone will use...and boys behave...

oh, I'm sure plenty of people will use it, but 95% of them will be hackers using this "feature" to make new backdoor viruses.

Exactly my point. Glad at least someone sees the same side of the spectrum. =P

i wasn't trying to be a prick. Everytime there's an article on anything new that MS does, people are quick to either complain about it being bloated, full of holes, forcing customers to spend more money to update, etc. 99% of these people don't have a clue what they are talking about. I'm glad to see that you fall into the minority 1% that does know what you're talking about. I apologize for sounding like a prick.
I would however like to point out that something like this is a GREAT addition for people that have been developing stuff for office while at the same time using .NET to develop other solutions. So even if it is likely to have a buffer overflow problem, i'm still glad they're adding it, and i think that the virtues of it need to be expounded in addition to the potential problems. The buffer overflows can be fixed (hopefully they'll get to them before the release..........right...) but a lack of a good programming feature can't just be fixed with a patch.
Again, i apologize for sounding like a prick.

I've been at a couple of large corporations now that have used so-called "Office Applications" as ways to leverage corporate data. I'm not too crazy in general about desktop apps for corporations because of the old DLL hell scenario. But slowly but surely the .NET self-describing assembly approach will help improve that (yes it will take years to get there). A couple of examples of what I saw in Office automation that seemed pretty cool were:

They distributed an Access app to the managers that dug Access that let them push data they'd gotten from the field into the corp database. Then a nightly app pulled data from the database and built an Excel workbook out of it, workbook with its own buttons that ran macros that gen'd reports and massaged the data. Then using CDO they emailed the workbooks to B-to-B customers across the globe. These guys that received the mailed workbooks were extatic about getting the latest and greatest data local and in a form they could work with.

In another Office Automation app, a corp had a bunch of legal documents that were required with each new customer relationship, tons of docs some of which were huge. Depending on the customer, the group of docs would differ but each individual type of doc wouldn't change much, just certain customer info and certain clauses that were relevant or weren't relevant. So a Word application was created. It pulled the metadata about the customers from SQL server and then drove Word to create the correct packet of documents with the correct customer-specific data inserted into the templates.

Maybe there's a better way to do this stuff, but damn, it sure seemed like Office automation met their requirements well. So if you can buy off on the value of that sort of application for corporations, the next question is should the language that enables that stuff basically freeze at the 1999 level (VBA/VB6) or should it move forwards into full object orientation and all the other benefits provided by .NET? I think it's great that Microsoft will .NET-enable their office suite.

While I can see the value of this type of automation for large businesses, what value would it have for the average home user that uses Office for day to day tasks, or even most smaller companies that don't need this functionality? If Office 11 is going to have the ability to run these applications, then I hope that it comes turned off by default, possibly with a prompt to the user when a document need this functionality. Otherwise, I stand by my previous statement that this is going to be another great way for people to write viruses, at least as bad as VBscript, possibly even worse. This is the part that worries me; "Visual Studio Tools for Office will additionally support no-touch deployment, which permits developers to change or upgrade applications without end-user interaction.". It sounds as if once a document is on a user's computer, the author of the document can update it as they see fit, and since these documents are in essence applications, the author can change what the application does WITHOUT THE CONSENT OR KNOWLEDGE OF THE USER!! Am I the only one that sees a HUGE security issue here?

I would guess (i stress guess) that the .NET security framework stuff will be included in this stuff. Meaning that applications you get from the web won't have access to file systems, things like that. ALl the normal .NET security stuff. This would also mean that in a business environment, it could be set to allow developers/admins/etc to modify stuff automatically, because trusts and things like that would be established. But for the home user, there would be no domain trusts, etc, and only applications created on that computer would run with full permissions by default.
I remember running into this with a .NET application i wrote for class last year... i was gonna show it to the TA, so i emailed it to myself. Unfortunately i used Webmail to check my email from his computer, and when i downloaded the app to his computer, it didn't have the right security permissions because it was from the web. Pain in the butt for me, but if i were a dumb user and was downloading apps off the web, it could have saved me virus problems.
HOPEFULLY, this sort of thing is built into the Visual Stuido Tools for Office as well.