Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Apr 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    The HFD is a great idea, as far as it goes, but it does require a certain ... commitment to using it. I'd just like to make the point that while it's great Woody's touting it, it seems far from a complete and effective solution for all circumstances.

    We're confronted with addressing the hidden files vulnerability in a large law firm environment with 1000+ users, almost none of whom understand the need for the protective measures. A large % of same will be resistant to any and all training efforts on the subject, including many of the partners, who can't be coerced. For these purposes, hidden file protection needs to be (1) automatic, (2) self-explanatory, and (3) fairly non-intrusive, minimizing the number of false positives. Otherwise, it will be ignored.

    The advice in WOW #7.46 on how to trigger the HFD from the document_open event was useful for (1), but doesn't address improvements needed on the other two issues. Are there plans to make further improvements in these areas? I'm willing to do the needed programming myself (particularly since our document_open is already a workhorse and the new code needs to be integrated well) but as yet I'm not privy to the complete list of fields (and which particular configurations of those fields) will cause the problem, don't have time to figure it all out myself, and understand the reluctance to make this information public.

  2. #2
    Gold Lounger
    Join Date
    Dec 2000
    Location
    Hollywood (sorta), California, USA
    Posts
    2,759
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    I tell you what. Woody is right on with this emphatic point: Microsoft needs to fix this for all versions of Word -- 97 thru 2002. Period.
    The HFD is nice but it's too much bulk. I'm not sure if it slows execution on the open event or if it's slow when invoked at will, but
    it's a drag if we have to use it (no offense Bill).

    I know the reality is this: if it's up to MS to fix, don't hold your breath. But maybe they'll surprise us and post a fix
    Kevin <IMG SRC=http://www.wopr.com/w3tuserpics/Kevin_sig.gif alt="Keep the change, ya filthy animal...">
    <img src=/w3timages/blackline.gif width=33% height=2><img src=/w3timages/redline.gif width=33% height=2><img src=/w3timages/blackline.gif width=33% height=2>

  3. #3
    New Lounger
    Join Date
    Apr 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    One question that I haven't seen addressed is this: We all want Microsoft to provide a fix, but what would that fix look like?

    Would they simply remove the {INCLUDETEXT} capability (and that of other problematic fields) entirely from Word? If not, how would they be able to tell a legitimate use from an illegitimate one?

    Would they implement a warning strategy similar to HFD's (only better integrated and tuned to avoid false positives)?

    Would we end up with some sort of High / Medium / Low + Trust approach like the current Macro Security setting?

    Seems like we ought to offer some input on this or we'll end up with a travesty like the Outlook Security Patch that many of us don't want to use.

  4. #4
    Gold Lounger
    Join Date
    Dec 2000
    Location
    Hollywood (sorta), California, USA
    Posts
    2,759
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    Good question. How's this for starters:

    {includetext} and {includepicture} were not meant to "hide" the included element. MS could force any text or picture inserted to show up in the document. That would solve the whole issue and would be so easy to fix a simple patch would do the trick.

    No idiot would risk this:

    Whoa! why is my confidential password list showing up in this letter from Alice?!!!

    ring, ring. Hello, Alice. What's going on here?
    Kevin <IMG SRC=http://www.wopr.com/w3tuserpics/Kevin_sig.gif alt="Keep the change, ya filthy animal...">
    <img src=/w3timages/blackline.gif width=33% height=2><img src=/w3timages/redline.gif width=33% height=2><img src=/w3timages/blackline.gif width=33% height=2>

  5. #5
    New Lounger
    Join Date
    Apr 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    The main value of that method, as you say, would be that people would be afraid they would be caught.

    A somewhat lesser value is that people actually would be caught. Lesser because it's quite common, when you're trading 2nd or 3rd drafts of a 80-page document, to pop in and make the changes you want to make on page 18 and then send it right back without examining the rest of the document.

    Some sort of alert when the document is opened would still be useful. For end-users, it ought to talk in terms of the files being captured instead of the fields used to capture them (although an advanced interface or "More Info" button could be made available). It ought to be complete yet be well tuned to minimize false positives, and ought to highlight fields that look like someone's trying to hide them (font color or size, hidden attribute, nested inside another field, etc.). If it's possible to turn this mechanism off (or set it to "low") at all, an administrator should be able to set a policy to prevent that. At the same time, it ought to be possible for the user to certify a particular file once and for all for a given document and not be warned about it again. (That's a per-document, per-file, per-user certification, so that even if you say c:xyz.txt is OK to include in this document, when I open it, I'll still be warned about it until I say it's OK too.)

  6. #6
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues with 'Hidden File Detector' (Word 97 / 2000 / 2002)

    That's a very interesting point that you bring up and I completely agree...left to it's own devices, Microsoft might come up with a draconian solution (e.g. eliminate all IncludeText fields). I can think of two ideas (in addition to Kevin's), but haven't thought them through:
    1. A list of files included in all IncludeText fields would show up when you saved or closed or electronically sent the document. Of course, this could be a hassle.
    2. Although there was resistance to this idea when Microsoft implemented it (or something similar), a digital signature that identified the computer that created the document & would not allow Includetext fields to act on files that weren't on the original computer. As I say, I haven't thought this through. I'm not sure this would work in a corporate environment when someone not at the original workstation might want to add Includetext fields. Also, could the receiver get a document & add spy fields when sent back to the originator.

    As I wrote this, it ocurred to me that there might be a problem with a warning system similar to the macros security system. While one danger is a firm stealing ideas/files from another (hence a warning system), there could also be a problem with an unethical co-worker stealing from others within the firm. And a warning system that didn't "trust" people within the same firm would create problems, too.

    Perhaps there should be folders in which the Includetext fields could not link to? Of course, I know a lot of people who have no idea how to use folders & save every single file to their "Personal" folder.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •