"Redemption Helper Outlook Extension" - What is it?

[Vanguard]

I noticed a new COM add-in listed in Outlook called:

Redemption Helper Outlook Extension

I don't know how new it is because it has been awhile since I took a look at
what COM add-ins and plug-ins were installed and listed in Outlook (in
OL2002, Tools -> Options -> Other -> Advanced -> plug-ins and add-ins). I
was having a problem with a "could not complete the operation" dialog
appearing when exiting Outlook but only if I had opened a note (not viewed
it in the preview pane but opened it is its own window). Eventually it
looked like the problem was caused by the Attachment Options add-in (there's
a link to it at http://www.slipstick.com) that lets me decide which
filetypes to exclude from security in Outlook so I can get those filetypes
as attachments in e-mails, plus it provides a checkbox to set Outlook to
read in plain-text mode only rather than me having to remember where in the
registry to make the change. Once Attachment Options was disabled, the
"could not complete the operation" error went away.

Okay, but when looking at my add-ins, I saw this Redemption one listed. I
cannot find any information about it at Microsoft. I found some info on it
at http://www.dimastr.com/redemption/ so it looks to be some 3rd party's
add-in to provide a library to get around the security update for Outlook.
Somehow this add-in snuck into my machine. It doesn't look like malicious
code. Could be be quite beneficial to some software provided its purpose
isn't to circumvent the security that got added to Outlook. I don't see
that I got an extra configurable option that lets me decide whether any
software can use Redemption to circumvent security in Outlook.

For now, I've disabled the Redemption Helper add-in and will remove it in a
week, or so, after checking that Outlook still works okay. I didn't find
the redemption.dll that is supposed to provide that actual support of the
security-bypassing functionality. I'd like to know who is bundling
Redemption with their stuff.

 

[Vanguard]

I noticed a new COM add-in listed in Outlook called:

Redemption Helper Outlook Extension
...
I'd like to know who is bundling Redemption with their stuff.

I might've found it. I started going through the other add-ins (3rd party
ones, not those from Microsoft), and found that Outlook SpamCop (OLSpamCop)
installs and uses the Redemption add-in. See
http://www.olspamcop.org/download.shtml.

I used to use SpamSource to help reporting spams from Outlook to SpamCop.
It had problems (no toolbar button, no tab panel in options) so I switch to
OLSpamCop.

I'll have to rethink if I want OLSpamCop installed. The Redemption.dll
plug-in seems to open up Outlook and bypass its filetype security for any
application that might install (i.e., more than just OLSpamCop can now
bypass Outlook's security and send messages without notifying the user).

 

[Milly Staples [MVP - Outlook]]

You would be surprised how many developers are using this. Read up on the
application and its uses at Dmitry's site dimastr.com.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, Vanguard asked:

| || I noticed a new COM add-in listed in Outlook called:
||
|| Redemption Helper Outlook Extension
|| ...
|| I'd like to know who is bundling Redemption with their stuff.
|
| I might've found it. I started going through the other add-ins (3rd
| party ones, not those from Microsoft), and found that Outlook SpamCop
| (OLSpamCop) installs and uses the Redemption add-in. See
| http://www.olspamcop.org/download.shtml.
|
| I used to use SpamSource to help reporting spams from Outlook to
| SpamCop. It had problems (no toolbar button, no tab panel in options)
| so I switch to OLSpamCop.
|
| I'll have to rethink if I want OLSpamCop installed. The
| Redemption.dll plug-in seems to open up Outlook and bypass its
| filetype security for any application that might install (i.e., more
| than just OLSpamCop can now bypass Outlook's security and send
| messages without notifying the user).

 

[Pat Willener]

I might've found it. I started going through the other add-ins (3rd party
ones, not those from Microsoft), and found that Outlook SpamCop (OLSpamCop)
installs and uses the Redemption add-in. See
http://www.olspamcop.org/download.shtml.

I used to use SpamSource to help reporting spams from Outlook to SpamCop.
It had problems (no toolbar button, no tab panel in options) so I switch to
OLSpamCop.

I'll have to rethink if I want OLSpamCop installed. The Redemption.dll
plug-in seems to open up Outlook and bypass its filetype security for any
application that might install (i.e., more than just OLSpamCop can now
bypass Outlook's security and send messages without notifying the user).

You are right: OLSpamCop installs redemption. I never had any problem
with it.

 

[Vanguard]

"Milly Staples [MVP - Outlook]"

You would be surprised how many developers are using this. Read up on the
application and its uses at Dmitry's site dimastr.com.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, Vanguard asked:

| || I noticed a new COM add-in listed in Outlook called:
||
|| Redemption Helper Outlook Extension
|| ...
|| I'd like to know who is bundling Redemption with their stuff.
|
| I might've found it. I started going through the other add-ins (3rd
| party ones, not those from Microsoft), and found that Outlook SpamCop
| (OLSpamCop) installs and uses the Redemption add-in. See
| http://www.olspamcop.org/download.shtml.
|
| I used to use SpamSource to help reporting spams from Outlook to
| SpamCop. It had problems (no toolbar button, no tab panel in options)
| so I switch to OLSpamCop.
|
| I'll have to rethink if I want OLSpamCop installed. The
| Redemption.dll plug-in seems to open up Outlook and bypass its
| filetype security for any application that might install (i.e., more
| than just OLSpamCop can now bypass Outlook's security and send
| messages without notifying the user).

The reason why I choose to remove and uninstall this product was due to its
description. It provides a common interface for software to bypass the
security in Outlook, and that means once installed that any software could
use that method. It opens the door for one product that wants it, and it
opens the door for all the others, too. I'm sure it pretty much disguises
what products are using it, so Outlook only sees Redemption (i.e., one
interface used to funnel in many apps). I haven't delved into Redemption
much, but I suspect it is the only plug-in registered and known by Outlook
and does not require registration or setup within Outlook by the
applications that use Redemption. I wouldn't mind Redemption being there as
long as anything that used it was also notified and authenticated through
Outlook. Instead of knowing which horses you let through the gate, you
fling it open and let any and all of them out.

 

[Ken Slovak - [MVP - Outlook]]

Hi,

Redemption is not going to be a problem. There's a security key in
Redemption that's used so only the software that installs Redemption can
unlock it and use the Redemption objects that could be dangerous.

What we do when we use Redemption (and all reputable developers who use it
should be doing this) is to set up this AuthKey and use a customized version
of Redemption. When we customize Redemption we change all the CLSID's for it
to new ones so only our own software can register and use that version. Then
the AuthKey locks down that version so only password protected access is
allowed.

In the 4 or so years I've been using Redemption and that it's been out on
the market I've never yet heard of any problems that can be traced back to
use of Redemption.

BTW, Redemption is an Outlook Exchange extension, not a COM addin.

Redemption is used by COM addins and any errors or whatever are the
responsibility of the Redemption caller and not of Redemption. So there's no
disguising of anything. In addition, many addins use Redemption and if you
have a lot of them installed you might see multiple instances of that
Redemption Outlook Helper Exchange extension. At any one time I might have
at least 5 showing up in Outlook here.

 

[Ken Slovak - [MVP - Outlook]]

Hi,

The Notes problem you describe is due to a replacement of a utility called
AddInMon with an inline replacement. AddInMon was designed to work around
some bugs in Outlook's COM addin model, where the On_Disconnection event
only fires after all your Outlook objects have been released. The problem is
that without On_Disconnection you don't know when to release your Outlook
objects when Outlook is closing.

AddInMon fixed that problem, in conjunction with some workaround code in the
addin itself. However, the latest versions of Outlook when used with the
latest versions of software such as ActiveSynch broke AddInMon. So we had to
find a replacement for it.

The inline replacement works fine except when you've opened a NoteItem as
the last item you item before you exit Outlook. A quick change to the inline
replacement gets rid of that error you mention.

A revised version of Attachment Options with the revised inline shutdown
code will be posted later today on our Web site.

 

[Ken Slovak - [MVP - Outlook]]

A new version of Attachment Options (1.8.18) has been posted to the
Slovaktech Web site. It can be downloaded from there or directly from
http://www.slovaktech.com/files/AOsetup.exe. It fixes the problem of the
error message when a Note item is the last item opened before Outlook is
closed.

 

[Vanguard]

Redemption is used by COM addins and any errors or whatever are the
responsibility of the Redemption caller and not of Redemption. So there's
no disguising of anything. In addition, many addins use Redemption and if
you have a lot of them installed you might see multiple instances of that
Redemption Outlook Helper Exchange extension. At any one time I might have
at least 5 showing up in Outlook here.

When hunting around for info on Redemption, I saw various applications using
it, like help center programs. I take it that only one redemption.dll gets
installed but multiple registry class IDs are used against it where each is
unique to whatever software wants to use it?

I had your Attachment Options (latest version) installed and was getting an
error when I closed Outlook but only if I had previously opened a note. If
I view the note in the preview pane or open it but close Outlook with it
still open, no problem. But if I open a note (double-click to show in its
own window so I can edit it although editing is not required to generate the
error) in Outlook 2002, close it, and they exit Outlook, a popup dialog
appears telling the operation could not complete. I close that and a window
says that my changes will not be saved to the note (even if I made no
changes, but if I made changes they do get saved despite the message). I
narrowed the problem down to Attachment Options. If enabled, I got the
popup. If disabled (or uninstalled), no popup to interfere with exiting
Outlook.

It was while trying to figure out the above problem that I noticed the
Redemption extension that I had not seen before. Disabling it (with
Attachment Options still installed and enabled) did not help with the above
problem. The last updates that I remember installing recently were for .Net
Framework 2.0, an update for WDRM-enabled media players, and a security
patch (KB896424).

Thanks for the info on how Redemption works.

 

[Vanguard]

A new version of Attachment Options (1.8.18) has been posted to the
Slovaktech Web site. It can be downloaded from there or directly from
http://www.slovaktech.com/files/AOsetup.exe. It fixes the problem of the
error message when a Note item is the last item opened before Outlook is
closed.

Well, version 1.8.18 fixed the Note problem in Outlook. Thanks.

By the way, do you know what would've pushed the update to AddInMon? Would
that have been an Office update or a Windows update? Both are together now
at the Windows Update site. The following were listed as recent (after Nov
12) because I would've noticed since the earlier updates installed way back
before October 17:

Microsoft .NET Framework 2.0: x86 (KB829019)
Windows XPUpdate for WMDRM-enabled Media Players (KB902344)
Windows XPSecurity Update for Windows XP (KB896424)

The security patch doesn't seem like it has anything to do with Office or
Outlook. My understanding of .Net is that the various versions can reside
side by side so the app uses whatever version with which it is compatible.

 

[Ken Slovak - [MVP - Outlook]]

Actually, if Redemption is customized as it should be by the developer each
customized instance gets installed separately. It really becomes a
completely different DLL for each installation. I customize Redemption for
my own uses and I customize it with other names and CLSID's for various
clients. I must have about 15 instances of Redemption installed here between
my own uses and addins I use from other people, no conflict or any other
interaction except when developing, where all instances share the same
object model.

See my other posts about the note problem when closing Outlook, a fixed
version of Attachment Options is already posted to my Web site.

Attachment Options doesn't use Redemption at all. Not needed, it doesn't do
anything restricted by the Outlook object model guard.

 

[Ken Slovak - [MVP - Outlook]]

AddInMon isn't an MS utility. It was developed by David Kane and Randy Byrne
of MicroEye with a little bit of help from me. It had to be developed to
work around a serious Catch-22 bug in the Outlook COM object model
(On_Disconnection not firing unless all objects are released, but when to
know when to release and how to instantiate the addin if something like
ActiveSynch started Outlook first with no UI? The only workaround for the
On_Disconnection bug is to trap closing of visual elements).

AddInMon hasn't been updated for a couple of years now, I think we last
updated it in 2003 if I recall.

Changes in how Outlook works and how things like ActiveSynch works forced us
to discard AddInMon for an inline code replacement.