Worried about the major new security problem with Microsoft Office 98? Guess what – it’s neither new nor limited to Office. Geoff Duncan explores this long-standing security issue and explains how to work around it. Also this week, Jerry Kindall reports on the astonishing feats at this year’s MacHack, and we have news about new installer tools, The Tilery 4.0, ACTION Files 1.1, an important update for Norton AntiVirus 5.0, and finding TidBITS staff at Macworld Expo.
Norton AntiVirus 5.01 Update for Mac OS 8.1 — Symantec has released a free version 5.01 patch for English and International English versions of Norton AntiVirus for Macintosh 5.0. The update addresses serious disk corruption problems that result from using Norton AntiVirus 5.0 on HFS "standard format" disks under Mac OS 8.1. (See "Norton AntiVirus Damaging to Mac OS 8.1 Disks" in TidBITS-434.) According to Symantec, version 5.01 corrects problems where files created in active SafeZones and then deleted would be reported as missing by disk repair utilities. The update is a 550K download. [GD]
New Installer Versions Arrive — Aladdin Systems and MindVision Software have released new versions of their popular installer programs. New features in Aladdin’s InstallerMaker 5.0 include hierarchical packages, the capability to download and install files from the Web, and the capability to apply settings directly to items within folders in the installer archive. MindVision’s Installer VISE 5.5 adds package dependencies, onscreen archive reports, compatibility with the upcoming Mac OS 8.5, and improved automation when updating the installer archive. Although both of these products are primarily aimed at developers, they also work well for anyone needing to distribute a customized set of software within an organization. Licensing terms for commercial use vary widely, but both companies offer special licensing terms to qualifying freeware and shareware authors: Aladdin’s Just StuffIt Developers Program and MindVision’s free Installer VISE license. You can download evaluation copies of both InstallerMaker 5.0 (5.3 MB MacBinary or 6.4 MB BinHex downloads) and Installer VISE 5.5 (1.2 MB Active Installer or 8.2 MB normal installer download). [ACE]
The Tilery 4.0 Squares Off — Rick Holzgrafe of Semicolon Software last week released The Tilery 4.0, the latest version of his $15 shareware desktop launcher application. (TidBITS looked at the previous version in "Desktop Launchers, Part IV" in TidBITS-278.) The Tilery provides graphical tiles that, when clicked, open applications, documents, folders, volumes, control panels, and servers. In addition, automatic tiles appear for currently active applications. New features in version 4.0 include tile pop-up menus for access to additional features, keyboard control, hot keys for tiles, working sets of tiles, and editable tile text labels. The Tilery 4.0 is a 442K download. [ACE]
ACTION Files 1.1 Centralizes File Organization — With its release of ACTION Files 1.1, Power On Software is expanding the edges of what can be done within Open and Save dialog boxes. The well-received utility (see "Get a Piece of the ACTION Files" in TidBITS-434) allows you to access many Finder-level commands from within the traditionally limited dialog boxes. Version 1.1 adds the ability to choose default folders for applications and to assign keyboard shortcuts to commonly used items, plus offers direct support for applications that employ several variations of Save As menu commands. ACTION Files 1.1 also remembers window location settings for each application and improves the display of available free disk space and other information. ACTION Files 1.1 is available through retail outlets for $50; Now Utilities (and, by extension, Super Boomerang) customers can upgrade for $30; owners of version 1.0 can download a free upgrade. A 30-day demonstration version is also available. [JLC]
TidBITS Staff at Macworld Expo NY — As just about everyone knows by now, Macworld Expo will take place in New York City this week. Since we’re far too virtual of an operation to have a booth, the best way to see us will be to come to one of our scheduled events. Several TidBITS staff members should be at the Netter’s Dinner at 6 PM on Wednesday, 08-Jul-98. Then, at 10 AM on Thursday, 09-Jul-98, Adam will be signing copies of his Eudora Visual QuickStart Guide at the Peachpit Press booth (#1645). For those paying extra to attend the conferences, Adam will participate in the Building a Mac-centric Intranet panel at 11 AM on Wednesday, 08-Jul-98 and moderate the Innovations in Email panel at 10 AM on Friday, 10-Jul-98. See you there! [ACE]
MacHack, held in mid-June this year at the Holiday Inn Fairlane in Dearborn, Michigan, bills itself as "The Annual Conference for Leading Edge Developers." If you develop Macintosh software (or want to), you have either been to a MacHack or you aspire to attend. Unlike most programming conferences, only half of MacHack is about learning new programming techniques and operating system directions. The other half is atmosphere. In fact, given its relative chronological proximity to Apple’s own World Wide Developer’s Conference, the social climate may well be the most important part of MacHack. Even for someone who’s technically savvy but not, strictly speaking, a Macintosh programmer – such as myself – the atmosphere can be intoxicating. MacHack is plain fun in a way that an Apple-sponsored event such as WWDC finds difficult to emulate. In large part this is because MacHack is organized and run by volunteers and funded by several sponsors, effectively negating any agenda one of them might have.
No coverage of MacHack would be complete without a mention of the defining event of the conference: the Best Hack Contest, produced by the MacHax Group. The goal of the hack contest, if you’re a developer, is to devise and program a demonstration of how clever a programmer you are. Anything goes, even programming techniques that don’t play well with other applications. The wilder and more silly the concept, the better. You garner extra prestige if you develop the hack during the conference itself. However, if your program actually does something useful, you will likely be greeted with derisive shouts of "Useful!" when you present it – although, for comic effect, audience members seem to call it out just as often for completely useless hacks. Trying to plug your other products will result in equally derisive shouts of "Marketing!" The occasional technical difficulty is often met with cries of "Ship it!"
It’s difficult to attend MacHack without being swept up in the excitement of new ideas being generated and realized as code, especially if you’re in the machine room just before the actual contest begins at midnight. I’m not much of a developer myself, but last year, I was sucked into helping programmers from Corel with graphics and sound for their project, and this year I found myself helping Andy Bachorski and Nat McCully name their hack and create a splash screen for it. It was a Breakout game that runs within the MacsBug debugger – MacsBug hacks are always popular – which was dubbed, depending on who you believe, either BrickPoint or BreakPoint.
Some of the hacks took a few moments for their creators to set up in the conference room, so the contest staff kept the audience entertained with QuickTime clips from Babylon 5, a Star Wars-meets-Cops parody called Troops, the ubiquitous clip of Bill Gates getting a pie in the face, and old Apple marketing videos. Some of the latter had been doctored – "We’ve got a family of two-bit products," said Steve Jobs in one (the original clip said "thirty-two bit"). Attendees’ laser pointers played Pong on the large video screen.
The ingenuity and creativity displayed by the Macintosh developer community is astonishing enough in ordinary circumstances, but here, in a handful of caffeine-drenched hours, it reaches a crescendo. Marcus Jager and Quinn "The Eskimo!" went BrickPoint one better by creating OFPong, a version of Pong which runs on newer Macs’ Open Firmware FORTH interpreter. (The code for the game, which runs before the Mac even starts up, must be loaded through the serial port.) Eric Long’s "Spell It Don’t Yell It" rearranges desktop icons to spell out words. Allon Stern, Dave Kamholz, and Jon Gotow presented a hack called Gestalt & Battery which enabled Power Manager features for desktop computers with a serial-interfaced uninterruptible power supply (that is, you could see your UPS’s battery status as if your desktop computer were a PowerBook battery). Kamholz on his own presented a hack called Spotlight, which produced a transparent circular area around the cursor which allows you to see (and manipulate) desktop icons behind open Finder windows. Eric Slosser figured out how to boost the speed and range of the IR port on a Power Macintosh G3 by tightening the beam and boosting the power; the resulting laser-like beam was visible in a smoke cloud and set fire to a piece of newspaper at one point.
A set of three applications dubbed PhaseShift (by Ed Wynne and Matt Slot) adds screen-saver-style visual effects behind your desktop icons; this hack received much applause when all three effects were launched simultaneously. Mike Neil and Leonard Rosenthol contributed the nostalgic Switcher 98, which provides the sliding visual effect of Andy Hertzfeld’s original Switcher when switching applications. Rob Churchill, Mike Pinkerton, and Eric Shapiro from Netscape contributed Mozetta, a re-working of the Netscape browser which adds a pop-up menu that allows Web pages to be passed through Digital’s Babelfish translator (or a Pig Latin translator!) automatically – the name derived from Rosetta Stone and "Mozilla," Netscape’s mascot. (This idea was raised by Apple’s Maynard Handley during the previous day’s Thank Apple session – Handley suggested something similar be built into the OS.) Even keynote speaker Chris Espinosa participated in a hack or two, producing a usable voice dictation system that allows you to speak letters to your computer – as long as you do it in hexadecimal ASCII codes. Hilarity ensued as he tried to demonstrate it working through a string telephone.
There were a number of "youth hacks," a term which encompassed all student contributions, even those of college students. One team contributed an updated rendition of the classic NetBunny hack featuring a character called Mr. BagelButt. ("You were five when NetBunny was written!" objected one attendee.) Not all the hacks involved actual programming, either: a couple were QuickTime movies; one involved a couple of songs. There were Rhapsody hacks, a Newton hack, and a PalmPilot hack – even a hack for Hewlett-Packard calculators, presented in absentia. Many hacks took potshots at Microsoft or Apple; one hack, a MacsBug command called "jobs", kills all running programs but the Finder while displaying a message saying that it is necessary to focus priorities to succeed. Another hack allows users to turn OS features on and off to match Apple’s changing OS strategy. Another, called the Crash Manager, allowed users to select Microsoft-style crash messages (including a Blue Screen of Death) or the "Classic Apple" bomb dialog and to determine how frequently the OS goes down, ranging from "Never" to "All the Time."
The ASCIIs to Successful Hacking — The most awe-inspiring, jaw-dropping hack, though – one that had "winner" written all over it at first sight – played off the resemblance of the iMac to an old DEC VT terminal. Dubbed asciiMac, this hack from Alexandra Ellwood and Miro Jurisic converts the entire Mac screen to color ASCII art – in real time. The programmers demonstrated the hack converting QuickTime movies and CloseView-magnified screens to a thunderous ovation. It was a shoo-in during later balloting and received the coveted A-Trap award (a Victor rat trap). OFPong, "180 Years of Hack" (which didn’t involve programming at all), PhaseShift, Spotlight, and Switcher 98 took the honors as the first five runners-up. Most hacks received a token award of some kind, usually related in some humorous way to the hack itself – for example, a youth hack that played a video clip from South Park whenever you quit an application was awarded earplugs.
Last year, conference attendees had to wait months to get a CD-ROM containing the year’s hacks. This year, the CDs were burned on-site and were available the day after the hack contest. If you didn’t attend, the hacks will appear on the MacHack Web site soon.
(Special thanks to Lynda Botez for her assistance with this article.)
[This article is excerpted from a longer report with permission from MWJ, the Weekly Journal for Serious Macintosh Users. If you can’t get enough insightful Macintosh news, sign up for a free, no-obligation, two-issue trial subscription to MWJ, or download some of the free sample articles. For more information, see the MWJ Web site.]
During the last two weeks, reports of a security problem with Microsoft Office 98 for the Macintosh have been published from Macintosh news venues such as MacAddict, MacFixIt, and MacWEEK. According to these stories, Microsoft Office 98 applications – particularly Microsoft Word – may acquire random data elsewhere on your computer and incorporate it invisibly into your Office data files.
Here’s the bad news: the problem is real and long-standing. Further, the problem applies to all applications using Microsoft’s OLE technology on the Mac, not just Office 98, and there’s no guaranteed way to work around the problem right now.
Here’s the good news: though serious, this problem isn’t a tremendous concern to many Mac users, and a fix should be available from Microsoft shortly. Furthermore, you can do simple things right now to reduce your exposure to this problem significantly.
Thanks for the Memory — The problem seems to stem from applications writing uninitialized OLE data structures to disk, which allows information previously in RAM or on disk to be incorporated into a document’s data. Though the OLE applications don’t display or use this data, it does become part of the file and can be viewed in that file using other programs, such as BBEdit or a disk editor.
OLE (pronounced "oh-lay") stands for Object Linking and Embedding, a technology created by Microsoft that, in essence, lets applications share code and data. Although it’s more established under Windows, OLE has been available on the Mac since at least 1992 and has been incorporated into a variety of mainstream Macintosh applications, including Microsoft Office and Adobe PageMaker. OLE is also the basis of Microsoft’s COM (Common Object Model) and ActiveX technologies, and has outlived competing Apple technologies such as Publish & Subscribe and OpenDoc.
So, what’s an uninitialized data structure, and why is writing it to disk a problem?
When an application needs to deal with some data, it asks the operating system for a block of RAM to store the information. In general terms, the operating system either responds with an error (if the memory isn’t available) or an address pointing to the start of a memory block.
However, when an operating system gives an application a block of memory, that doesn’t mean the memory is empty, just available. In fact, the memory probably contains remnants of previously stored data – possibly even if it was put there before the computer was last restarted (although shutting down your Mac will clear out your RAM). This memory is usually described as "uninitialized," because its initial contents can’t be easily predicted. Usually, the contents of uninitialized memory don’t matter: the application’s next action is often to initialize the memory (filling it all with zeros, for example) or fill it with actual data – sometimes, applications do both. But if the application doesn’t initialize or overwrite the memory, any pre-existing data remains intact.
Something similar happens with disk space. When an application writes information to disk, the operating system locates some disk space, then writes the data to it. But, like RAM, the disk space may not be empty, and can contain information previously stored there. (When you delete a file, the areas where that file was stored aren’t erased, just marked as available for re-use. That’s how data-recovery programs such as Norton Utilities are often able to "unerase" files you’ve deleted recently.) Once again, an application will usually overwrite any pre-existing data in disk space it plans to use. But if the application doesn’t overwrite the entire disk space – and most applications don’t aways do so completely – then the original data (or a portion of it) will remain.
Oy vey OLE — Applications that use OLE seem to display two behaviors that constitute a possible security problem. First, information previously stored in disk sectors to which OLE data is written may "show through" unused areas of OLE structured storage, effectively incorporating that pre-existing information into the data of the new file. Second, OLE applications may fail to initialize RAM they’ve requested from the operating system, then proceed to write that uninitialized memory to disk when they create or save a file.
The net result is that fragments of information that previously existed on your hard disk or in RAM memory may be stored as part of the data file of an OLE application. There’s no realistic way to predict what the information might be: it could be part of an email message, confidential financial information, or a part of an unwanted binhexed email attachment you deleted months ago. Further, although OLE applications ignore the extraneous data when working with the file, the information "sticks with" the file when you copy it to another disk, or send it to someone via email.
Testing the Waters — To test these behaviors, I wrote two small applications in C. The first writes a four-byte signature to all free space on a disk, effectively tagging those areas (I used a ShrinkWrap volume as my test disk). The second program fills all available RAM with a different four-byte signature. I used OLE applications I had on hand to create both small (single-character) and large (100K) test files on the tagged ShrinkWrap volume, then examined the contents of those files with tools such as BBEdit and Norton Disk Editor. Between each test, I re-initialized and re-tagged the ShrinkWrap volume and re-tagged available memory. The OLE applications I tested were Microsoft Word 5.0a, 5.1a, 6.0.1, and Word 98; Microsoft Excel 4.0, 5.0, and Excel 98; and PageMaker 5.0, 6.0, and 6.5.2. The non-OLE applications I tested were Nisus Writer 5.1 and FileMaker Pro 4.0.
The results? Every large test file created by OLE applications contained the test disk signature as part of the file’s data, in continuous stretches approaching 4K in size. Additionally, most of the OLE applications also wrote the RAM signature to disk (often using byte ordering common to Intel processors), although in considerably smaller chunks than the those containing the disk signature.
Various applications demonstrated different exposures to these issues, probably due to differences in my test documents and the ways the programs use OLE. Microsoft Word 5.x, for instance, doesn’t seem to create OLE objects as part of its file structure by default, thus limiting its exposure to any "see-through" effect. However, Word 5.x documents using OLE objects readily display the problems. Similarly, Word 98 seems to have the greatest exposure, incorporating as much as 10K of "see-through" data in a single-character Word document, presumably because it makes much more extensive use of OLE.
None of the non-OLE applications I tested created files with the disk signature as part of their file data, although one wrote the RAM signature to disk as part of its file data (it created four 16-byte chunks).
I must emphasize I only tested files created from scratch and written to disk once: I did not edit or re-save these files, or conduct tests with pre-existing files. (Many applications have similar – though unrelated – behaviors where deleted material is retained in modified files. Email and database applications – plus programs with "fast save" features – are typical examples.) Also, since I don’t have access to the internals of OLE or the applications, these results indicate a correlation between OLE applications and the reported security issues. Although the findings may be persuasive, they do not constitute absolute proof.
Age Before Beauty — Armed with my test data, I investigated reports of similar problems with OLE. To the best of my knowledge these issues were not reported on the Macintosh before the middle of June, although they’ve almost certainly existed since the introduction of Word 5.0.
However, on the Windows platform, OLE apparently has a long history of incorporating pre-existing information on disk into new files. Although the articles don’t appear to be available online, Steve Manes of the New York Times reported the problem in October of 1995 when it re-appeared in the version of OLE that shipped with Windows 95 (Microsoft had quietly repaired the problem once before with a revision "c" of its Office applications for Windows in the summer of 1994). Although Microsoft released a fixed version of OLE for Windows via the Internet, the fix never appeared in retail versions of Windows 95, which were available until two weeks ago. I didn’t find any reports of Windows versions of OLE writing extraneous information from RAM to disk as part of new files.
Saving Your As — Microsoft plans to have a fix for these problems available shortly, and should make an announcement at this week’s Macworld Expo in New York. Fortunately, the fix should correct these problems in all OLE applications, not just Microsoft Office programs.
In the meantime, concerned users who share or transmit files created by OLE applications can avoid the worst of these problems by using Save As to rewrite a file to a newly initialized disk (like a floppy, RAM disk, or disk image). This will ensure that most "see-through" data in the file is merely blank space from the newly initialized disk. Note that merely copying the file to an initialized disk is not enough: you must use the Save As command. Also, you must initialize any disk you use for this purpose; simply deleting the files it contains is not sufficient. Use a disk utility or the Erase Disk command on the Finder’s Special menu to initialize a disk. If you modify or delete a file from your disk, you should initialize it again for the highest degree of safety.
These precautions do not prevent data in RAM from being written to disk; however, in my tests, little data was written from RAM to disk: usually less than 1K total, and always in small chunks. Furthermore, because the data often used Intel byte-ordering (think of it as "backwards" for the Mac), it’s less intelligible to Mac users than "see through" data from a disk.
I don’t know where to find a complete list of OLE applications on the Mac. If you’re concerned about a particular program, you can use the technique outlined above until a patch is available, or contact the application vendor.
You’re on Report — The issues outlined here have been widely reported by Macintosh news outlets as a new security problem with Office 98 or Word 98, often in alarmist language. Frankly, the Macintosh media’s response to this issue has disturbed me. Although I wouldn’t characterize the coverage as irresponsible, I would certainly call most of it incomplete and misleading.
It would seem many Macintosh news outlets are primarily concerned with spreading stories rather than investigating or confirming them. Sure, this isn’t a simple case: I spent over thirty hours during the Fourth of July weekend tracking these issues and conducting tests. Sometimes that amount of work is necessary to avoid passing off unwarranted speculation under color of authority.
So, in short: this is not an Office 98 problem, it’s an OLE problem that’s been present since at least 1992. If you use OLE applications, have potentially sensitive information on your computer, and frequently share documents with others, consider saving those documents to a newly initialized disk before sending them off until a fixed version of OLE is available.