| Mission | Technology |
| Computer's & Government   |
| Privacy & Security  |
| Bo's Microsoft Bug of the Month |

 

| Computer Security Alerts |
| Help & How To's |
Bo's Internet |
| Bo's News & Reviews |

 
Home Browsers MsOffice 97 & 2000

Site Search

Windows

MsOffice Index 1 | MsOffice Index 1I | Microsoft Mac Office 8.0 | Microsoft PowerPoint 97 | Microsoft Office XP | Microsoft Bug of the Month | Microsoft Macro Virus from MacOffice | Updated 02/27/06

Bo's General Office Tips, Tricks, & Tweaks
See Special Note from Bo on the demise of Office 97 Support from Microsoft More...

 


Before updating your version of Office, make sure the Windows Installer is up to date:

Make sure you have the latest version of the Windows Installer. This is the overall install and patching technology that Microsoft now relies upon.

Finding the version of Windows Installer isn't obvious. To find it go to Start | Run, type msiexec.exe, and hit OK. A dialog will appear and on the top line is the version number. You're hoping to see "V 3.01 " as of October 4, 2005 - any digits after the first two decimal places are not relevant to the current difficulties.

For some unexplained reason what appears in the dialog as version '3.01' is called version '3.1' everywhere else. You're forgiven being confused when Microsoft can't even get their own version numbers straight.

You can get Windows Installer 3.1 (v2) or v 3.1.4000.2435 or V 3.01.4000.2435 (Microsoft uses all three of these labels for the same thing).from http://www.microsoft.com/downloads/details.aspx?familyid=
889482FC-5F56-4A38-B838-DE776FD4138C&displaylang=en

If you receive the error, "Error 80070643"
903772 You receive an "Error 80070643" error message when you try to update
http://support.microsoft.com/?id=903772


Fix constant installer problems when using OWA on machines with Office 2000

With Office 2000 installed on some computers, your users may experience a constant error message indicating that they need to install Office components in order to send or reply to a message. Here are two ways to correct this error.

Once your users start using OWA under Exchange 2000 or Exchange 2003, they'll quickly get hooked on its impressive feature set, especially under Exchange 2003. However, as your users roam to various computers, such as those in their home, they may run into a problem. With Office 2000 installed on some computers, your users may experience a constant error message indicating that they need to install Office components in order to send or reply to a message. Your user will get this error message quite a few times before they are able to send their message. Itís frustrating, to say the least.

There are two ways you can correct this error. First, you can just follow the instructions and insert the Office CD that is being requested. If you follow the instructions on the screen, your problem should be resolved.

However, not everyone has their installation CDs readily available. Therefore, you can use Add/Remove programs to achieve a similar goal. From this Control Panel, select Microsoft Office 2000 and add select the Change button. Remove the feature HTML Source Editing. By default, this feature is set to install on first use, which is the reason your users get the continual pop ups. By removing this feature, you take away the problem and donít need an Office CD to do it.


Three recent Knowledge Base articles are worth mentioning.

1. Knowledge Base article 214058, "Days of the week before March 1, 1900 are incorrect in Excel," applies to the WEEKDAY function for all versions of Excel starting with Excel 97. A workaround for the problem is provided.

For details, see: 

http://support.microsoft.com/default.aspx?scid=kb;EN-US;214058

2. Knowledge Base article 224663, "Document file size increases with EMF, PNG, GIF, or JPEG graphics in Word", discusses a problem that occurs when you save a Word document with those graphics in a different file format (Word 95 or as a rich text document, for example). Microsoft says the file size can grow to over 1 MB.

The problem occurs in Word 2000, 2002, and 2003. Be careful: the fix is a modification to the registry.

To access this article, visit:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;224663

3. If you're a VBA programmer, you may want to read Knowledge Base article 830502, "How to customize menus and menu bars in Excel." The article goes into great detail about customizing menus (and menu bars) in Excel 2000 and above, providing step-by-step instructions and code samples to manage and customize menu bars, menus, commands, submenus, and shortcut menus.

To read the article, go to:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;830502


How to Minimize Metadata in Microsoft Office Documents
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223396

{Avoid sharing some information} Whenever creating, opening, or saving a document in Word, Excel, and Powerpoint 97, 2000, and 2002, the document may contain information that you may not want to share with others if you distribute the document electronically. This information is known as "metadata". Metadata is used for a variety of purposes to enhance the editing, viewing, filing, and retrieval of Office documents. Some metadata is readily accessible through the user interface of each Office program. Other metadata is only accessible through extraordinary means, such as opening a document in a low-level, binary file editor. Here's how to cut down on this automatically-generated metadata that's generated.


BabelFish for Outlook 2000/2002 v1.0 [1.5M] Windows FREE

http://www.dimastr.com/babelfish/

{Translate emails} A fun way to use this tool is to have it translate spam. In all seriousness, it's also an opportunity to communicate with others in a different language and learn it. Just run the executable and it puts a "Translate" drop-down box in Outlook. Select the e-mail and then select the language from the "Translate" drop-down. The program works with the information from Alta Vista's BabelFish. Requires Outlook 2000 or 2002 to run. Geben BabelFish ein Versuch.


Outlook Permissions Add-in v1.0.1 [2.7M] Windows FREE (with registration)

http://www.mrhtech.com/Software/OutlookPermissions.asp

{Outlook file types level settings} The Outlook add-on allows users to move file types from a level 1 setting to a level 2 setting so they can interact with blocked files within the Outlook application. After installing the program, start Outlook and select Tools | Options. There will be a new tab labeled File restrictions. Use this interface to add / remove file types from the level 2 group. Level 1 has open and save disabled for restricted files. Level 2 has save enabled and open disabled for restricted files. Requires registration prior to download.


MICROSOFT'S PROBLEM WITH WORD 97 SPYWARE
The, "Document Collaboration Spyware" exploit found in Word 97 is, in a nutshell: Using Word 97 to edit a Word document sent to you by someone else, and you return that document to them, the document may contain a copy of any file on your computer. The copied file is invisible in Word - no matter what you do in Word, you can't see the data that's been picked up and inserted in the document. The data is visible using Notepad or Wordpad.

In fact, the vunerablity is more dangerous than first meets the eye. The scarfed up file can be just about any file (document, Excel spreadsheet, whatever), and it can be located anywhere - even on a secure server. If your Administrator has given permission for you to read the file, and you use Word 97 to edit a document that's been given to you, and the person who's trying to grab the file knows its name and where it's located, the exploit will invisibly suck the file into the Word document as soon as you open it. Sounds allot like the other person has to know you intimately doesn't it? Not necessarily.

The "spy" field code can scan for hundreds of files with impunity. The key word here being scan. If the person trying to drag information out of you doesn't know the precise file name, they can make a whole lotta guesses, and you'll never be any the wiser.

Woody Leonhard author of the Mother of all Windows books and owner operator of Woody's Watches says, "It's the worst Word security hole I've ever seen".

If you use Word 97 (theree are about 95% of all the large companies on the planet still using Word 97), you should NOT open and modify a document that someone gives to you, unless you're sure that they can't get the document back.

Far as that goes, this security hole renders Word 97 essentially useless - downright dangerous, in fact - in any corporate environment, and close to useless anywhere else.

Microsoft Management has an interesting decision to make. Microsoft doesn't officially support Word 97 any more. Ergo, the obvious question: "Is Microsoft going to patch the hole, or are they going to let their Word 97 customers twist in the wind"?

By all indications this points to the pound sand alternative. And that makes me mad as hell (Okay, slightly perturbed). It should make you perturbed, too.

No doubt some Microsoft higher-ups figure this is good news: after all, anything that forces customers to upgrade is good, yes?

But in the end, denying Word 97 users a fix eats away at Microsoft's credibility, particularly considering the extent of this security hole. It's the antithesis of "trustworthy." And you have to wonder about Microsoft's liability in a situation like this.

Here are some Q & A's from Woody's Office Watch (WOW)

The exploit, on the other hand, works across all versions of Word.

According to Woody's Office Watch (WOW), "Some of you chastised Alex for publishing details of a security exploit before Microsoft had a chance to fix it. Let me rush to Alex's defense.

First, people like Alex (and Georgi Guninski) have become so fed up with Microsoft's lax response to security fixes that they aren't willing to play the game any more. They don't trust Microsoft to work diligently on a fix, and they figure the only way a hole is going to get plugged quickly is if they get all the details out, right away. After all, it only took Microsoft four and a half months to plug the critical holes in the Office Web Components. (Worse, MS buried the one crucial detail about the fix - telling IE not to trust content from Microsoft - so deep in a security bulletin that most people never read it! Don't get me started.)

Second, there's a lot to be said for getting all the details about a new exploit out in the open as soon as possible - that way, other security-minded folks (such as yours truly) can try to shed light on the problem, and come up with suggestions for Microsoft to consider when creating the patch.

Third, many people figure that if they've stumbled on a big security hole, it's only a matter of time before somebody with a black hat stumbles onto the same security hole, and really makes a mess of things by catching the world unawares.

Fourth, Microsoft has shown absolutely no interest in protecting Word 97 users. None. Why should Alex take on Microsoft management, all by himself, keep his mouth shut, and hope that MS will some day do the right thing?

Personally, I have varying degrees of sympathy with all of those arguments, but after all that's happened I can't fault someone for blowing the whistle."

Update - It Gets Worse
The "Document Collaboration Spyware" exploit Alex Gantman posted on Bugtraq on August 26 has hit almost every major news outlet in the world. Much has happened since the flag went up. To summarize: I've got some bad news. And I've got some very bad news.

The bad news: Microsoft hasn't done squat for its customers. There's a press release that MS posted in response to Ian Hopper's story for the Associated Press (good story, by the way). You can see MS's Party Line at
http://www.microsoft.com/technet/security/topics/secword.asp
But as far as I know, that's the extent of Microsoft's missives to its customers. Three and a half weeks later, and there's no security bulletin, no official warning, no nothing. The only suggestion Microsoft has come up with - examine field codes in your document manually - is so lame I don't know if I should laugh or cry... or scream. Can *you* look at a field code and know if it will automatically suck in a sensitive file? How can hundreds of millions of Office users be expected to tell the difference between a safe field code and a spy?

The very bad news: that new file name retrieval "spy" technique works automatically and silently in all versions of Word - 97, 2000, or 2002 (the version in Office XP). Microsoft says "For best security, we recommend that customers use Word 2002." I don't buy it. Microsoft got lucky when it changed the way certain fields were updated in Word 2002 - Alex's original exploit doesn't work automatically in Word 2002. But they weren't looking at Word fields from a security point of view when they sent Office XP out the door, and they missed at least one gaping hole. Okay, the missed a ton of them.

To my knowledge, the hasn't been any in-the-wild examples yet, but John Leyden at The Register (http://www.theregister.co.uk/content/4/27114.html ) calls it a "no-brainer" exploit: "This is a horribly nasty and childishly easy exploit and Microsoft can't patch it a moment too soon." While the field Alex came up with is quite convoluted, it's easy to copy. I expect we'll see live examples soon.

Woody's Office Watch (WOW) has put together a program which can snif out this spyware. Read on for more detailed instruction and what WOW's Field Sniffer can do. While there, be sure to sign up for some of Woody's Watches.

WOW's Field Sniffer
Claude Almer
- Webmaster and programmer to the stars - and Mike "Mr. WOPR" Craven have put their heads together and come up with a program that will scan your Word documents and point out any suspicious-looking fields. Since we don't know exactly which fields are exploitable (I'm not sure anybody knows for sure at the moment), we've cast a wide net, figuring that you'll be better off clobbering a few good fields than letting one sneaky little one go through.

  The result is WOW's Field Sniffer, which you will find at
  http://www.woodyswatch.com/util/sniff it is FREE to all WOW
  readers with our compliments.

Woody says, "We'll be updating it frequently, as we find more exploitable fields so keep checking that page.

I won't claim that it's perfect, but it goes a long way toward nullifying any "Document Collaboration Spyware" exploits that we could find.

If you edit documents given to you by someone else, and pass along the edited documents, you really need to scan them before they go out. No doubt the anti-virus companies will have something soon, and Microsoft might even come up with a solution in the next month or two. In the interim, Field Sniffer should help. "

Why should you care? I'll tell ya!

We have been getting a ton of emails on the vunerablility, asking, Why should I care?
Okay, fairnuff. Here is why you should care:

Until Microsoft patches Word, any document you open could reach out and pilfer some one, or any file on your PC, or any file you have access to on your network. The pilfered file can be stashed invisibly back in the document. (Presumably, you would be talked into returning the document to the "bad guy", and she would be able to see the pilfered file.) Or the first part of the pilfered file can be broadcast over the Internet (presumably to the pilfer's Web site).

To all intent and purposes, the "spy" works without your knowledge or consent.

Details and mitigating circumstances abound. But the bottom line is that any Word document could, potentially, steal almost any file on your PC, or any file you can look at on the network.

Therefore you should be concerned. Big time. Even if the most sensitive data you own is a list of telephone numbers for your Boy Scout Troop.

This isn't Rocket Science here. The "spy" fields are well within the understanding of any advanced Word user. There is no programming required.

Microsoft will have to patch Word 2000 and 2002 eventually. But MS no longer supports Word 97. Convieniant huh? Tens of millions of people use Word 97, (Heck, I use Word 97) and I think Microsoft has an obligation to help them out, okay...US out. Microsoft is hoping that this Word 97 vunerablity will get brushed aside. Considering the number of Office 97 useers out there I doubt this is simply going away. If you yell load and long enough, they are going to have to come to the same conclusion.

Microsoft's cash cow is Office, face it Bill, If you don't take care of my version of Office, what makes you think I'll ever upgrade? Come on Uncle Bill,..... ya know deep down in your heart, you do have one right?.....that Office 2002 (Office XP) sucks big time. Don't you want me to at least take a look at the upcoming Office 11?

The Hidden File Detector

Bill Coan's Hidden File Detector catches every "spy" field we've seen to date. There may be other surprises waiting in the wings, but at this point, HFD finds the offensive fields without a hitch, it helps you understand what they may be doing, and brings you to suspicious locations inside your documents so you can take imediate action. Imediately.

Everyone who has access to sensitive files - doesn't matter if they're Word documents, Excel spreadsheets, text files, or even Outlook files - they should scan every single Word document they open for "spy" codes. Bill's HFD makes it easy. It's free. And it's something you need.

Tell your friends. Tell your co-workers. Tell your boss. Tell your second cousin on your mother's side's ailing aunt. The barn door is wide open, and it's only a matter of time before all the horse get out. Or something like that. You know what I mean.

  Go to http://www.woodyswatch.com/util/sniff/ or
  http://www.wordsite.com/HiddenFileDetector.html and get your copy now.

Hidden File Detector v1.9

An innocent-looking document might contain memory-hogging embedded graphics or even sneaky spyware. This add-on locates hidden fields and linked files in Microsoft Word documents. The program slips an icon into your Word toolbar to make it easy to launch Hidden File Detector. Click the icon whenever you need to search a Word document for unwanted visitors. Download

                                  Download

HOW TO RUN THE HIDDEN FILE DETECTOR AUTOMATICALLY
Several of you have asked Bill to come up with a way to make Hidden File Detector run automatically whenever any document is opened.

Most of the documents I open are ones that I created all by myself, using my own templates. There's no need to scan documents like that. (At least, not until somebody figures out a way to make "spy" fields migrate. It could happen.) For me, running HFD automatically when any document gets opened is overkill. But if you handle outsider's documents all the time, this could be a very important tip.

Quoth Bill: "A lot of users might find Hidden File Detector too intrusive if it ran automatically. If you'd like to try it, you can accomplish it as follows:


Office 11 Beta Coming October 9
If you've been accepted into the beta test program for the next version of Microsoft Office, expect to see your CDs on or shortly after October 9.

SteveB will officially launch the beta at the Gartner Symposium/ITExpo 2002 show in Orlando, during his "Mastermind" keynote.

Most of us will have to wait until well into 2003 before seeing Office 11 - but given all the 'problems' we're having with Office XP I expect most of us will be happy to wait. Word Perfect, your looking better every day!

Jeff Raikes Discloses Some of Office 11's Features
Microsoft Group VP Jeff Raikes - the "$3 Billion man" - gave an interview to eWeek that covered some of the features you can expect to see in Office 11. If you have a chance, head on over there and take a peek:
  http://www.eweek.com/article2/0,3959,562039,00.asp

Jeff explains that XML will be "baked into" Word.
  (http://www.eweek.com/article2/0,3959,561973,00.asp )
I'm tempted to insert the term "half" somewhere... ah, don't get me started...


Can PCs read Mac docs?
Q. Are Mac MS Office files (2001 or X) directly readable by PCs, or do I have to add special identifiers?

A. The answer to both of your questions is yes. In order for your Windows PC to read Mac Office files, you may have to rename them by adding the appropriate Office extension. Some files formatted on a Mac show up as DAT files that can't be opened on a PC; just change the extension to, say, .doc or .xls, and the Office apps can open them with no problem.  Yes Mac fans, the opposite is also true.


Adjusting Time Formats In Office - No mater the version
Several of our overseas readers have complained about the way Office only shows dates and times in the American format.
We have also heard from those from the US who have jobs for the State Department and work overseas.

Well, we have heard you...yes even those of you who have had, shall we say, less than complamentary things to say about the States.

The problem is with your "short date" formatting,  - and it's in Windows as a whole, not just Office.

Here is the fix: Click Start | Control Panel | Regional Options and make the change. Office picks up the date format from that setting.


THWARTING SQLSPIDA
SQLSpida
has been harvesting SQL Server id's and passwords from PCs all over the world. SQLSpida's a big problem for Office users because SQL Server could be installed on your machine, without you knowing about it. SQL Server is included in a product called Microsoft Data Engine, and MSDE ships with several different flavors of Office.

According to the MS security releases, the SQLSpida hole only affects MSDE 1.0, but I'll be hanged if I can figure out when MSDE 1.0 was supplanted by MSDE 2.0. (Apparently MSDE 2.0 doesn't have the problem.) Microsoft's white paper
at
  http://www.microsoft.com/sql/techinfo/deployment/70/AccessMSDE.doc

says that MSDE 1.0 was part of Office 2000 Developer's Edition. It also goes into detail about installing MSDE 1.0 manually, and on how to deploy MSDE 1.0 with custom Access programs.

Microsoft's coverage of the problem, at 
  http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-035.asp
  and
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q263968
focuses on SQL Server "Administrator" passwords that are written to log files in the clear (which is to say, so anybody can read them) when SQL Server is installed. The tool Microsoft provides wipes out the clear passwords in the log files.

The documentation is absolutely steeped in SQL Server lingo, and won't make sense to most Office users. At least, it didn't make much sense to me. I only want to know if I (as an Office user) am at risk - and if so, how to fix the problem. The docs don't address my problem, and they probably don't address yours, either, unless you're a SQL Server geek.

I've been told that the fundamental problem for Office users is even worse - that MSDE installs SQL Server with an Administrator account called "sa" with a blank password. If that's the case, wiping out the log files won't do much.

At this point, I'm recommending that you download and run Microsoft's KillPwd tool (see the MS02-035 bulletin listed  above) if:

IF YOU THINK WE HAVE IT BAD, LOOK AT LINUX
I readily admit that I live in a Microsoft-dominated world, and I tend to look at problems through Microsoft-colored glasses. By focusing on the Microsoft end of things - particularly in the security arena - I inevitably get a distorted view of how Office, Windows, IE and the rest fit into the big picture.

A company called mi2g has come up with some interesting statistics, showing that Linux systems are under heavier attack than Windows servers. The numbers at http://www.mi2g.com/cgi/mi2g/press/images/digital_attacks_OS.pdf should give you pause.

Of course that doesn't include all the viruses and worms that are sneaking in through Outlook and Internet Explorer - mi2g is looking at servers - but the fact that they're showing a 20% increase in Linux attacks from the first half of last year to this year leaves me shaking my head.


MOUS CERTIFICATION GOES TO 7-YEAR-OLD
So you're a seven-year-old kid living in the Gaza Strip.Quite literally, all hell is breaking out around you. Not a good idea to hang with the kids in the mall, as it were, or go out for a bit of pickup b-ball. But you have a PC. The power's a little dicey, but when the lights are on, Windows works, and Office 2000 (no doubt SR-1a) runs like a-ringin'-a-bell.

  So what do you do?

You go out and take the Microsoft Office User Specialist certification exam, for Word 2000. That's what you do. And  if your name is Anudeep Bhaskar, you pass it with flying colors
  (http://www.reuters.com/news_article.jhtml?type=technologynews&StoryID=1063996).

At 7 years of age, Anudeep has full MOUS certification. I stand in awe. Talk about taking life's lemons and making lemonade...wow!


HOLDING MICROSOFT'S INSECURE FEET TO THE FIRE
Nope, Microsoft hasn't patched any Office holes this week.Many of you have asked for a 60-second recap of what every
Office user should be doing to protect their system, at this moment. Here goes:

  A. Make sure you're using the "best" version of Office, and follow all common-sense security advice, at
     http://www.woodyswatch.com/office/archtemplate.asp?v7-n01

  B. Either turn off WordMail - that is, stop using Word as your email editor - or install the 25 April 2002 Word 2000/Word 2002 patch. Details at
     http://www.woodyswatch.com/office/archtemplate.asp?v7-n18

  C. If you open a spreadsheet in Excel 2002 (the version of Excel in Office XP) and you get a message that looks like this:

     Import XML

     The file you are opening contains stylesheet(s).What would you like to do?

      > Open the file without applying a stylesheet

      > Open the file with the following stylesheet applied (select one):

      Workbook Formatting Information

     Make sure you make the first choice (details at
     http://www.guninski.com/ex$el2.html )

  D. Install the 15 May 2002 Internet Explorer cumulative security patch to help Outlook avoid some security holes
     when viewing formatted messages. It's at
     http://www.microsoft.com/technet/security/bulletin/MS02-023.asp
     . Some of the patches are trivially simple to bypass, and there are some screwy side-effects (Outlook's Organize pane and FrontPage previews, among others), but at least it's a start.

  E. If you have installed MSDE (= "Microsoft Data Engine", recently renamed "SQL Server Desktop Engine"), you're
     vulnerable to the SQLSpida SQL Server worm - a real nasty one. Many Access developers (and some Access users) have installed MSDE. Visio Enterprise users who chose to install the Network Discovery tools got it, too. See
     http://www.woodyswatch.com/office/archtemplate.asp?v7-n25
     for details and
     http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q319930
     for removal instructions. (

Currently, that's the best any mortal can do, far as I can tell. There are more than a dozen widely-known security holes in Office still floating around (see, e.g.,
  http://www.guninski.com/m$oxp-2.html and
  http://sec.greymagic.com/adv/ , for starters).

  No need to panic, but Microsoft's inability to produce solid patches quickly ain't helping matters one little bit. Let your friends know. And complain LOUDLY. Microsoft isn't keeping up its end of the bargain.


More SECURITY Issues and answers:

QUICK SECURITY UPDATE
Trick question: how much is 105 lines of Word macro programming code worth? Answer: 20 months in a federal penitentiary, if the 105 lines in question happen to be Melissa. David L. Smith, Melissa's creator, is off to the hoosegow. Rob Rosenberger has a great look at the larger
  picture, at http://www.vmyths.com/rant.cfm?id=486&page=4 .

The Guninski and GrayMagic security holes are still alive and kicking.
See http://www.guninski.com/ex$el2.html , and the master list at
  http://www.woodyswatch.com/office/archtemplate.asp?v7-n20, for the sorry state of Office insecurity.

Those of you who installed MSDE - the Microsoft Data Engine that ties into Access - need to be worried about a SQL
  Server security hole. Even if you can't spell SQL, if you have MSDE, you have SQL, and you have problems. Seems that
  MSDE leaves your machine exposed with an incredibly stupid default system administrator id that has no password.
  Details below.

  And it looks like there's yet another Internet Explorer security hole that takes advantage of IE's willingness to run programs inside compiled help (*.chm) files. Details at
  BugTraq http://online.securityfocus.com/archive/1/275126 .

"One big-name "analyst" was quoted in a major wire service as saying all the brouhaha about Web browser security holes is a "tempest in a teapot." That's garbage, of course - the same kind of garbage Microsoft tried to foist on us when they called the first Word macro virus a "prank macro." These are big-time security leaks, folks. Gully washers. The manufacturers need to plug the leaks, but most of all consumers like you and me need to be aware that there's no such thing as a "secure" Web browser. Stay on your toes out there."

Five years later, and we aren't any better off. Gad.

Oy. Another Internet Explorer security exposure. I couldn't pass it by because of the name of the company that reported it: Oy Online. Oy. From Finland. Seems that IE still supports the ancient Gopher protocol for transferring files, and there are ways to make Web pages refer to malicious Gopher sites. Microsoft was notified of the gaping hole on May 20, and there's no fix at this point.
Details at
  http://www.solutions.fi/index.cgi/news_2002_06_05?lang=eng

NEW OFFICE XP SPULLER
There's been so much news I neglected to mention a small download that might be worth the effort. Then again, maybe not. There's a new dictionary available from Microsoft at:

http://office.microsoft.com/downloads/2002/oxpsu01.aspx

It only works with Office XP SP-1.

While the new dictionary is supposed to include additional surnames, street names, company names, technical terms, geographical terms, and language names, I didn't see much difference.

The one difference I did see was in the replacements offered for words ending in -abad. That's a common suffix for city names in some parts of the world. Office XP with the old dictionary would offer "Bohunky0 Bad" as a spelling correction to "Bohunky0abad". It's not hard to envision how various combinations of names and "abad" could offend some people - rightfully so.

But I won't be hurt in the least if you call me "Bohunky0 bad". Promise.

Finnally
MICROSOFT TEAMING WITH MCAFEE?
Malware makes strange bedfellows, I s'pose.
According to an account from investment bank Fechtor Detwiler, reported in TheStreet

(http://www.thestreet.com/tech/ronnaabramson/10024700.html ),

"Microsoft has developed a sort of antivirus engine that allows for easier integration of any antivirus product. How the world's largest software maker would bundle that into Windows remains to be seen."

Of course, Office 2000 and XP both have antivirus "hooks" that work pretty darn well. Could the Windows folks be taking a page from the Office team?

Stranger things have happened.
--------------------------------------------------------------------------------------------------------------
ACCESS MSDE USERS WATCH OUT
This is so utterly idiotic it's hard to believe.

Quoth Microsoft: "SQL Server has been certified under the U.S. government's C2-level security certification - one of the highest levels of certification available in the industry."

If Microsoft gives two hoots 'n a holler about C2 security, would somebody please tell me why the Microsoft Data Engine installs SQL Server with a system administrator account called "sa" and a BLANK PASSWORD?

Lemme back up a second. MSDE - more recently known as the SQL Server Desktop Engine - is a common tool for Access developers that ships with Office 2000 and Office XP Developer's Editions.

See
  http://www.microsoft.com/sql/techinfo/deployment/70/msde.asp
  and
  http://www.microsoft.com/sql/techinfo/development/2000/MSDE2000.asp
  and
  http://support.microsoft.com/default.aspx?scid=kb;EN-US;q290627

  SQLSpida, the latest SQL Server worm
  (http://www.europe.f-secure.com/v-descs/sqlspida.shtml )

attacks exposed SQL Servers through port 1433, looking for installations that have the "sa" user ID with no password. Apparently this worm is benign in the sense that doesn't cause any harm - it's in the information gathering stage, sucking up the SAM database of users and passwords and sending them off to Malwaristan, or somewhere, possibly for use in full-blown attacks later this summer. The fix is to change all your passwords and assign a strong password to the sa login.

When you install MSDE (the SQL Server 7 version anyway), it creates a gratuitous sa (system administrator) account with a blank password. Most Office users who work with Access view MSDE as just a bigger Access. They don't realize that they really have SQL Server in all its glory.

Look at it this way. If someone hacks the security of an Access database, the most they walk away with is an .mdb and its data. MSDE, on the other hand, is the full SQL Server engine, running under a Windows Administrators account. So someone hacking into MSDE gets not only whatever is in your SQL databases, but also has administrative access to Windows itself, the operating system, the network, and any other servers that are connected to it. So many, many people are affected who don't have a clue as to how dangerous a vulnerability an unsecured MSDE installation can be...



OPEN SOURCE IN OFFICE?
Back in the [ahem] good old days, macro programmers - particularly Word macro programmers - used to distribute their programs freely, often encouraging other macro   programmers to pick up their code, tweak it, make it work better, and share the results with everyone else. Of course, we didn't know it back then, but we were all participating in a subversive activity, which has since become known as "open source."

(Strange but true: the older versions of Word didn't even allow you to hide your macros - if you wanted to give somebody a macro, you gave them the source code, and full access to it. On the one hand, having working macro samples helped kick-start the entire Office programming industry. On the other hand, people who made a living out of selling macros weren't amused when large portions of their code were lifted, verbatim, and incorporated into competing
products.)

Microsoft, of course, invented open source (yes, my tongue is firmly in cheek - see
  http://www.theregister.co.uk/content/4/22749.html)
but has since disavowed some of the underlying principals (see, oh
  http://news.com.com/2100-1001-270684.html?legacy=cnet ),
backed something called "shared source" - which I still don't understand - and has been roundly vilified in the open source community (hey, they're a big target, and they make a profit).

Which is why it tickled me no end to discover that Microsoft uses open source code to milk the cash cow we all know as Microsoft Office.

CNet News reports
  (http://news.com.com/2100-1001-860328.html?tag=cd_mh )
that the recent discovery of a security hole in an open source compression library known as zlib has sent MS scrambling to see which of its products are vulnerable. Office is on the list.

Yes, that means Microsoft uses at least one open source program in Office. Personally, I think that's A Good Thing. If you're interested in looking at open source macro code, start at http://www.vb-bookmark.com/vbSourceCode.html .
And be sure to drop by the open source sanctum sanctorum while you're getting up to speed: http://www.opensource.org/


Shortcuts

Try them in Word for Windows, Write, WordPad and even little old Notepad will use some of them. Sadly it's not 100% consistent, but they are always worth trying.

Moving One word to the right Ctrl + <right arrow>
One word to the left Ctrl + <left arrow>
Start of line Home
End of line End
Up one screen PageUp
Down one screen PageDown
Top of Screen Ctrl + PageUp
Bottom of Screen Ctrl + PageDown
Beginning of Document Ctrl + Home
End of Document Ctrl + End
Display Macros dialog     Alt + F8 - Works in Office 97/98

+ means to press the keys at the same time. For example, 'Ctrl+PageUp' means to hold down the Ctrl key while pressing the PageUp key.

Clipboard Copy selection Ctrl + C
Cut selection Ctrl + X
Paste selection Ctrl + V
Undo last of the above Ctrl + Z (general Undo in MS Office)

these clipboard functions are very handy in all sorts of places, for example, you can copy a Web address from an email message or document into the 'Address' part of your browser. Almost any place where you might move info from one program to another can be done using these keys. Because of their more global application they are better habits than some equivalent keystrokes (Shift+Delete to cut etc) that are not as widely recognized.

Most of these shortcuts are pretty obvious and have an internal logic that becomes apparent once you give them a try. Most have some link between the shortcut letter and the name (Ctrl+C = Copy). But others are less obvious, the clipboard keys seem weird until you realize they are the bottom left four letters on a standard QWERTY keyboard.

 


See Special Note from Bo on the demise of Office 97/98 Support from Microsoft

"Earlier versions of Outlook aren't officially supported by Microsoft any more, so you Outlook 97 and 98 users can pound sand. Microsoft doesn't put it that way in so many words, but the implication's clear: The only option that's offered in the Security Bulletin for Outlook 98 is to disable ActiveX - hardly an, uh, elegant solution. Outlook 97 isn't even mentioned."

Ends up that there's an alternative for you Outlook 97 and 98 users. I have it on very good authority that the script blocking feature in Norton AntiVirus 2002 (and presumably in NAV 2001 as well) blocks the Guninski vulnerability with not one but two warnings. That's a viable option for anyone who [prefers to/is required to] stick with Outlook 97/98. Though I hate to hype any company, kudos to Symantec for at least offering it. For all of the latest info on pactches and updates be sure to visit Georgi Guninski security advisory. Georgi, the hapless Bulgarian, delights in finding holes in Microsoft products and making them public.


Scroll Lock -  What it's all about

I can't think of a lesser used key on a keyboard than Scroll Lock. Many computer users have gone DECADES without touching it... save for whacking it by mistake. I believe we can change that sentiment, however. You Excel jockeys know that when you move around using the arrow keys, the cursor moves from field to field. Handy, but when you want to move down the worksheet to check on a bit of data, you'll end up losing your place because the cursor moves down the page with you. Toggle the Scroll Lock key ON and THEN move around. Now the page moves around -- but the active field never changes (even if you scroll it completely out of view). Other applications also take advantage of the Scroll Lock key in different ways. This varies widely from program to program, but functionality usually has to do with how the cursor behaves (or toggles active / inactive status for a program). Experiment! And if when get tired of troubleshooting, take a Pause Break.


AUTO-WIDTHS IN OUTLOOK, EXCEL, WORD AND ELSEWHERE
This tip comes under the category of nifty tricks that people often forget. And in this case it works not just in Office but in many Windows programs.

When you have a column in Excel you can automatically adjust the width to fit the current data simply by double-clicking on the vertical bar at the right of the column heading.

Just move the mouse pointer carefully over that vertical 'groove' on the right side of the column heading, when it turns into a double headed arrow double-click. The entire column will shrink or grow to fit the then contents of the column.

The auto-width adjusts to fit all the data in the column, not just what you can see. That will explain why it grows beyond what seems immediately necessary. In addition the 'auto-width' doesn't then automatically adjust for new data, you'll have to double-click again to accommodate any future changes.

Of course, when you see the double-arrow mouse icon you can always drag the column to a manually chosen width.

You'll see this tip in plenty of Excel books, but you won't always see the logical extensions of the same tip.

For starters, the same trick works for row heights in Excel. Move your mouse to the horizontal bar BELOW the row number and double-click when you see the horizontal version of the double-arrow icon. Unlike the column auto-width (which does nothing if there's no data in the column) the row height will return to the default height for an empty row.

Adjusting row heights is handy, especially when you've copied something from another source like a web page. The heights of the cells get all screwed up and this is an easy way to get them back into line.

You can change widths in groups too. Select a group of rows or columns then click on the double-arrow icon, it will automatically change the widths / heights for all the selected rows / columns. Taken to an extreme you can select the entire worksheet (click on the top-left button where the row and column headings meet) then double-click on both a row and column boundary.

So much for Excel, that's the easiest place to show how auto-width works but it doesn't stop there. You can do the same thing in most (but not all) Windows programs that can column listings.

Outlook views have columns and you can apply column widths automatically in the same way as Excel.

The same trick works in other Windows programs, just look for the column headings and double-click. Usually the double-arrow icon will appear but sometimes it doesn't but the auto-width trick may still work. It won't hurt to try. Windows Explorer has this feature among many programs.

In Word and FrontPage you can do a similar auto-width/height trick in tables, except in tables you don't have to go to the headings. If you move your mouse to any table gridline, the now-familiar icon will appear and double-clicking will auto-size the entire row / column.


Microsoft ends free support for Office 97
In another move at least partly aimed at prodding people to upgrading their software, Microsoft has ended its free support for customers of its most popular business software product. The Redmond, Wash.-based software giant on Friday began charging for person-to-person troubleshooting advice regarding Office 97. People wishing to pay the fee may call Microsoft or submit a personal service request on Microsoft's support site. Or they can scan Microsoft's online support library and try to find answers themselves for free.
June 5, 2001, 12:35 p.m. PT | Read Full Story

Bo's eyeview...End support...grab more money

Not to worry, we here at, BLCOW,  make an effort to provide sensible and always FREE tips, tweaks, and work-a-ronds for Microsoft's older, but still usable software. Check out:

Bo's Office 97 Tips page
Index one or
Index two
Bo's Windows Pages
        Windows 98 Tips & Tricks Index 1
        Windows 98 Tips & Tricks Index 2
        Windows Millennium
        Is Win XP For Me? Q&A
        Windows XP - Help & How to's
Bo's Browser Tips, Tricks, and Tweaks


TURNING OFF THE OFFICE ASSISTANT

ScreenshotOne way to eliminate the Office Assistant from your life is to move the Actors folder to another location on your hard drive. Eliminating the obsequious "Clippit" can be accomplished even more easily by simply renaming the Actors folder.

To do this, run Windows Explorer and go to C:\Program Files\Microsoft Office\Office. In the right pane, you'll see the Actors folder. Click the folder's icon once, then wait a second or two and click it again. Now type in a new name. If you ever want Office Assistant back, just rename the folder Actors.

For more on how to kill Clippy, check out this ZDNet article by Peter Deegan, Help & How-To
Kill Clippy! (The Microsoft Office Assistant)


SORT FILES IN THE MICROSOFT OFFICE OPEN DIALOG BOX

You have quite a few files in your Word folders. What's the best way to organize them? One way is to sort the files so the most recent one appears at the top. Another is to get Word to sort its data files by date and time.

To sort the files by date and time, choose File, Open. When the Open dialog box appears, click the Commands And Settings button (it looks like a window with a check mark in the foreground). When the menu opens, choose Sorting to open the Sort By dialog box. Now click the arrow at the right side of the Sort File By list box and select Modified from the list. Select the radio button labeled Descending and click OK to close the dialog box and sort your files. Now you should see the last modified file at the top of the list. The new setting remains in effect unless you elect to change it.

This method works in all the Microsoft Office 97 programs.

Entertainment Government Technology

About

Email Me

For more For Office tips and anything Windows or Office be sure to visit Woody's Office Watch at
www.woodyswatch.com