The Word on security

Microsoft Word offers many useful features, some of which are threats to confidentiality. In particular, the helpful capabilities for collaboration based on tracking changes, adding pop-up comments, and supplying descriptive information in a properties sheet can become liabilities if they are used without awareness.

Briefly, you can enable Word (and Excel, but let’s focus on Word) to track all changes in a document and identify who made them. Deletions, insertions, modifications – all can be highlighted, with the original version kept in the file as well. When an editor is ready to prepare a new version of the text, it’s easy to select or discard corrections. The Comments feature allows text to be highlighted and comments to be added; these pop up on screen when the cursor floats over the highlighted words. Finally, the properties sheet, common to all Microsoft Office documents, provides a Summary tab with fields for title, subject, author, manager, company, category, keywords, comments and hyperlink. There’s an additional Custom tab with many additional fields.

These features are fine, but if users are unaware of their security implications, they can become covert channels for distribution of confidential information.

Track Changes allows you to show only the final version, suppressing (but not eliminating) all the changes, which are available at the click of a toggle. For example, sending a client a proposal prepared using the feature but not cleaned up before e-mailing the Word document could inadvertently reveal internal discussions about the advisability of particular terms in the proposal, critical comments from staff members disagreeing about issues, unprofessional language in jokes, or worse. As another example, posting a Word document on the Web with too much information in the properties sheet might reveal a bit more about internal administration than needed.

I noticed new security features in Word 2002 (sometimes called Word XP) as I was setting it up during installation a few months ago. Click on Tools | Options and go to the Security tab. In addition to the usual password features, the new privacy options offer the following helpful choices and the corresponding Help text:

* Remove personal information from this file on save: “Avoid unintentionally distributing hidden information, such as the document’s author and the names associated with comments or tracked changes.”

* Warn before printing, saving or sending a file than contains tracked changes or comments: “If a document contains tracked changes or comments, you may want to remove them before you save or distribute it. Do this to minimize your risk or accidentally sharing private information.”

* Store random number to improve merge accuracy: “When you compare and merge documents, Word uses randomly generated numbers to help keep track of related documents. Although these numbers are hidden, they could potentially be used to demonstrate that two documents are related. If you choose not to store these numbers, the results of merged documents will be less than optimal.

Now, although this isn’t new, I’ll repeat the well-known warning about the now-useless “Allow fast save” feature. Found on the Save tab of the Options sheet, this check box is described in Help as follows: “Speeds up saving by recording only the changes in a document. When you finish working on the document, clear the Allow fast save check box so that you can save the complete document with a full save. A full save may decrease the final size of the document.”

Although this feature once made a difference because of slow disk drives and processors running with limited I/O buffering in RAM, on today’s computers, it’s pointless. In addition, checking “Allow fast save” disables the useful “Always create backup copy” feature, which continues to help writers by providing a last chance to recover material they may have accidentally deleted in the last save operation.

Finally, on today’s systems, there’s no reason not to set the “Save AutoRecover information every ___ minutes” to 1. That way if something aborts Word or Windows, at least you won’t lose more than the last minute of your work. I notice that the autorecovery on Word works better in Word 2002 than in previous versions: we get a clearer picture of precisely which files were open when the program crashed.

And that’s the word for today.