I have to agree with Dan Skinner. Probably the worst piece of software ever written. To make it worse from a security aspect Lotus Notes 6.x requires local admin privliges on a Windows box. Ever tried to manage a network, from a security POV, where EVERYBODY has to have admin privliges in order to do daily task? *sigh*

because even the security researchers don't want to use it

1. when was the last time you used notes?

2. what you just said about admin privilages is completely bogus. one of it's selling points is that it's isolated from the OS and simply hooks in.

Lotus Notes has far less bugs than other packages (*cough* Microsoft *cough*), so yes it is a rare bug. As an avid Notes user for the past 16+ years I can attest to that. There have been about 4 such bugs which caused security breeches. But even this one has very minor effects. For one, any Domino Admin worth their Salt would have AV protection on the system. 123 files are also pretty uncommon these days with most people using the default M$ spreadsheet thing.

And to Dan who seems to think that Notes itself is a bug, I've lost count of the number of times that Notes has out performed other more common software packages. Just because you're incompetent enough to use it doesn't mean the rest of us are.

@Christo

Er nope. No it doesn't. Runs fine without them. Just dandy. Automatically provisioned updates from the Domino server require Admin privileges for some releases, but from 7.0.2 onwards, that can be provisioned without the user having elevated rights as well.

Just updated our smart upgrade kits so tomorrow morning our users will get a nice automatic upgrade (I'm at GMT + 0800). They're almost all admins anyway, since they're constantly trying out new development tools.

Christo - stand up, your voice was muffled by your chair dear lad.

I've never seen an environment where administrator privileges are required to run Notes. It'll run quite happily with user privileges, unless you've mucked about with the Windows security.

That's based on 11 years experience with the product, running on every version of Windows except ME (did anyone use that?) and Vista, by the way.

Now, with Vista, you may have a point. The large number of security changes and the fact that Vista shipped late into Notes 6.5's lifecycle mean that it's not going to be supported by IBM. So that's hardly a fair point, but a valid one I suppose.

Vista is supported by Notes 7.0.2 and higher, including the newly released 8.0.

What I suspect you've done is installed Notes in single-user mode, where it will require administrative access to the data directory you selected when you installed it. (NOT to the whole machine.)

Users tend not to have those rights, and therefore you get errors.

That's very easy to fix, and frankly not exactly hard for a networking and security wizard like yourself to have determined with some simple testing. Or a search of the IBM knowledgebase. Both of which I'm sure you were too busy for.

Personally, I'd instead look at installing Notes in multi-user mode. Then it'll put a subset of the data directory into their Windows profile, bypassing the problem entirely.

Either way, good luck fixing it.

I consider myself more than literate with computer systems and last year when I started at a new company had Notes inflicted on me,

When you state that its miles better than Notes compared with other email packages I'd have to diagree. Now I can appreciate that the groupware stuff is useful to some extent but that can be easily replaced witih other packages that have more flexibility and greater control.

Finally the main grip I have are the inconsistencies that are prevalent in the Notes system we have. E.g. what kind of useless program will allow you to press <Ctrl> <A> then not allow you to unselect every email you've just slected in your inbox except by individually either selecting or running the mouse down the side! Or if you enter a specific view, and select a different heading to search by then when you come out of that view and come back its still wrong and cant be rectified without shutting down the Inbox window and re-opening it. Or not being able to select certain graphics that are embedded in emails as attachments to save them out.....

Maybe some of these issues have been improved in newwer versions but it still remains to be seen that they should have been picked up and fixed.

I suffer ClearCase, ClearQuest, Rational Software Modeller / Architect (actually we abandoned them) and others.

One thing they all have in common is that they start with a great idea (often someone else's great idea in a company that IBM has bought), then they smother it with IBM lard and process so that the original smarts are swamped by layers of bloat and administrative incompetence.

Then because you are well and truly locked in, they sell you horrendously overpriced "maintenance" that doesn't actually do anything.

I was recently contacted by a tech support guy over a bug we filed more than 2 years ago, asking if they could take it off the database now because they weren't going to fix it.

The last decent thing they did was OS/2 and I really liked it, but that was 1993. Since then, as far as I can tell, they've survived largely on fat maintenance contracts and a stonking big patent portfolio.

Oh, there is Eclipse I suppose, but even that could do with a crash diet.

I wonder what other people think of IBM? Is it just me?

I work for the big blue and am forced to use Notes, the Rational tool suite, and that ghod forsaken CMVC system. ALL of these tools are crap! The new notes client is based in Eclipse and, while it runs faster on Linux, is still a hog. Why IBM can't figure out how to develop Notes and the Rational suite as Eclipse plugins that work together in one instance of Eclipse is beyond me. Running multiple instances of the IBM bloated Eclipse framework to handle mail and development and project tracking tasks kills my machine every time. On the other hand I do get to bill all that time to the customer.

IBM is becoming nothing more than a body shop, and lard laden project management company. If you are afraid of change hire IBM that should slow things down nicely.

I'm a 10 yr PCLP certified Notes/Domino administrator and I can tell you after seeing just about every package going, Notes outshines the lot. Nothing can compete with it. It's solid and reliable. If you have issues with it, it's because you don't know what you're doing.

I've designed and built over 100 installations and managed infrastructures with 30,000+ users on it. It's rock solid. Exchange -wishes- it could be as good.

As for the admin rights thing - v6.00, 6.01 and 6.02 (I think) did need local privileges but that was fixed and has not been an issue since early 2005. I suggest you upgrade.

I see that the admin rights caused a bit of a stir *sigh*. Yes we are using a very old version of the Notes client. (Phil wish we could upgrade but corporate policy prevents this currently). Like I said in the previous comment we are making use of 6.0x.

To be honest we did have a presentation by IBM on v8 and it really does look amazing. Will have to wait and see what the users think though.

P.S. I'm NOT a security expert by any stretch of the imaganation. However even I can say that installing an app forcing the user to be a local admin is a very bad idea. But then again maybe I should do a bit more searching on the IBM knowledge base as Phillip mentioned.

Excellent post. So true.

We were using Notes for mail only and when we migrated our servers from Windows to FreeBSD, Domino became a casualty. It doesn't run under Linux emulation.

As Notes doesn't work particularly well with imap, we went lightweight with Thunderbird. All the users want Notes back. Not because Thunderbird was bad, but because they really liked Notes. These are the same people that go home to a Dell installed Outlook.

It is too heavy for just mail. Add a few databases and it shines. If we could get Domino to run under OS X or FreeBSD we'd switch back.

Well, as a former Notes 4.2 user, I must say that I was impressed with it 9 years ago when my school started using it for the "LearningSpace" platform. Damn better than the loads of crap "web apps" that superseded them like BlackBoard or the internally-developed one after that.

One of the things I really, really liked was replication: I was able to do homework AND submit it on time *without* having to be online; something that was crucial in the dialup days of internet.

Apart from that, it had loads of stuff I didn't even know existed back then: PKI management (all logins use this), Access Levels, and loads of stuff. Oh, and we used it for everything *BUT* email. Maybe if you take out the email factor, you'll stop hating it.

Want to see ugly email? Try SAP R/3. Urk!

Lots Of Trouble Usually Serious

(actually that was invented for the cars, but it's equally applicable to the software)

yeah baby

http://lotusnotessucks.4t.com/

We were forced to switch to Notes 6.5 in my company, which has offices all over the world. We are set up so that all mail is stored on a central server. When checking for new mail, it is S.L.O.W. I don't use if for anything else. For a Calendar, I use Mozilla's Sunbird. I could not figure out how to get Notes to do what Sunbird does for me. I wish we were allowed to use Thunderbird at work. I should note that I work with a Windows 98 box with 120 meg of memory, which doesn't help.

My biggest beef with the centralized Notes, a few days ago, one of the offices opened an email that had a virus. Since then, none of us have been able to check our email at work.

Give me a stand alone Pop3 or Imap email client any day.

All the rampant Notes bashing aside... A "BO" can not in any sense be considered rare either as far as security bugs are concerned, as a sloppy programmer forgetting to do simple input validation is unfortunately all too common, so no, this is definitely not a rare bug, more like a dime-a-dozen bug found in yet another piece of software.

Certainly Notes is a unique beast, I'll give it that. But the Domino server runs on almost anything - from Windows through linux to AS/400, Solaris, etc. So it can fit into most roadmaps without too much trouble.

The client.....let's not underestimate how much of a hog Outlook can be too, especially with the cludge setting to use Word as the mail editor...!!

To the person suffering CTRL-A and having to deselect manually - Edit - Deselect All. It's an educational problem (as are many things).

To those wanting POP or IMAP, you mean you want secure POP and IMAP?! The Domino server can offer this too, of course. My Domino server sits with 1352 open to the internet and forces all sessions to encrypt network traffic (that is, once you've authenticated successfully). At the same time, I can use SSL to get to webmail to send and receive emails - all pretty much out of the box.

The Notes client is so unpopular, what with only 120 million seats out there (allegedly) that it's not targetted by the kiddies. Of course a badly-implemented installation with no antivirus, antispam and so-on (especially at the perimeter) can be a liability - but you can't blame Lotus Domino for that.

We have over 100'000 Notesmail users and our solution for this problem is simple; delete the offending DLL from the package and remove it from PCs.

Lotus Notes sucks? Yes, sometimes. But on the whole, it does many, many things very, very well....