New (to me) Windows Internets Security Feature
-
Look at the fancy new button at the bottom for unblocking files. While the idea is a good one, the implementation is a complete fail.
You see, when the file is locked you can't access it. But rather than putting up an alert of some sort, the OS just blocks access to the file. Permission denied or corrupted. Want to unblock multiple files, go ahead....one at a time.
-
-
Maybe it's just broken because of all the spaces in your file- and foldernames ...
-
that's a feature that's been in windows 7 from like day 1. can't say i've ever run into a problem with it.
got some more context on how you acquired that file that it's causing you trouble maybe?
-
-
That's been around since forever.
I mostly encountered it when trying to read .chm files downloaded from the internet. It took some googling to figure out that IE-styled "page not found" error inside Windows Help Viewer means "need to unblock file".
-
But rather than putting up an alert of some sort, the OS just blocks access to the file. Permission denied or corrupted
?
NOREPRO
Also that doesn't even exist at all on 10. But on 7 you get a little popup dialog...
ED: This thing
-
TIL. Never realised they were the same thing
-
Yup. With .exes you get Windows Explorer giving you a popup...
-
See, now this right here is a solution only Microsoft could come up with.
They added scripting to nearly every product they ever made...insecure VB scripting. Then, rather than make the scripting secure, the solution is, "Well we just won't allow people to share documents anymore."
Documents which are, inevitably, intended only for sharing, since the whole point of writing a document is for business communication.
So what about SharePoint? Those documents are made by another computer. What about internal email? I am always getting that (paraphrased) notification, "Oooo...this document from your Accounting department might be unsafe because it's from another computer!" warning all...the..time. So I assume all of those documents will be blocked now as well?
All from a company that beats up on Java, Chrome and Adobe (at least) because, "They aren't secure!"
-
Java
Microsoft aint got nothing on Java. I got one word for you. Applets.
Filed Under: Belgium them in all their little belgium-holes
-
Well I was an early adopter of 7, update it often, and I can't explain it but I've never seen it until around 2 weeks ago. For some reason Word files are the only ones and even then all I get is:
And no, that information wasn't helpful.
-
insecure VB scripting.
And pray tell, how do you make "running arbitrary code" secure?
It's like complaining
bash
is insecure because someone might have writtenrm -rf --no-preserve-root
ordd -if=/dev/random -of=/dev/hda
in a seemingly harmless installation script.
-
It's like complaining bash is insecure because someone might have written rm -rf --no-preserve-root or dd -if=/dev/random -of=/dev/hda in a seemingly harmless installation script.
EVERYTHING AN OS DOES SHOULD BE REVERTABLE. I shouldn't be able to type code and have it destroy my belgiuming computer. If you can do that, you're using shitty open source linux hardware.
</mini blakey>
Well I was an early adopter of 7, update it often, and I can't explain it but I've never seen it until around 2 weeks ago. For some reason Word files are the only ones and even then all I get is:
Huh. That's... strange. Perhaps it's because it's a.doc
and not a.docx
? I've never had that happen before...And no, that information wasn't helpful.
+ OK
-
Microsoft aint got nothing on Java. I got one word for you. Applets.
I'm not saying that Java doesn't deserve some criticism for slow response; clearly Oracle has dragged it's feet. Yet, generally, the Java platform, including its applets, has remained secure; excepting occasional discovery of exploits.
But Microsoft is often slower than Oracle to respond. (Important: That article is by a Windows partisan/apologist. The point to note is that Google notified Microsoft and waited 90 days before publishing the exploit publicly. The author glosses over the little detail that Microsoft knew about the exploit and did nothing for 90 days because, apparently, it is okay for Microsoft to take its time patching its security holes. Unlike Oracle, which gets beat up for a 3-day response, in some cases. Compare this Java security article by the same author.)
Then we have this case...this is an unqualified shrug; pretty clearly a statement that Microsoft has no intention of securing its scripting. Instead of securing their document platforms, they're just going to stop you from sharing documents.
I don't write documents so I can gloat over them and congratulate myself on how well written they are. (Well, not most of the time, anyway.) I write them to be read by other people. So now what, back to burning trees because if I send it email or post it to a website, Microsoft is going to block it?
-
This post is deleted!
-
It was introduced in (AFAIK) Windows XP SP2.
Either that, or Vista. But yeah, this is ancient.
What's the exact complaint here? I don't get the WTF at all...
-
So what about SharePoint? Those documents are made by another computer. What about internal email? I am always getting that (paraphrased) notification, "Oooo...this document from your Accounting department might be unsafe because it's from another computer!" warning all...the..time. So I assume all of those documents will be blocked now as well?
Your company should be on a domain, and this would be a non-issue.
It flags files that come from some domain/internet location your computer doesn't trust. If it's all internal business-y stuff, it should all be on the same trusted domain. Or your admin guy done fucked up gud.
-
I've never seen Word react to the flag in that way. Usually it opens the document in "reader" mode with a little notice that says it's read-only and you can use "Save As..." if you really want to edit it.
Are you sure the file isn't legit corrupted? That seems more likely to me.
-
Yet, generally, the Java platform, including its applets, has remained secure; excepting occasional discovery of exploits.
Generally, my uncle has remained a teetotaler, excepting occasional getting smashed like a Messerschmitt.
-
I'm saying Java applets are so locked down it's ridiculous. You need a signed applet, which costs $$$, or you probaby won't even be able to launch the thing.
Even if it's signed, you get like 5 warning dialogs before the code is run. None of the Microsoft stuff is nearly that bad...
-
I've never seen Word react to the flag in that way. Usually it opens the document in "reader" mode with a little notice that says it's read-only and you can use "Save As..." if you really want to edit it.
Okay, yes, it puts it in reader mode. Right now, if I save it I can edit it, but that's apparently changing, isn't it?
Your company should be on a domain, and this would be a non-issue.
It flags files that come from some domain/internet location your computer doesn't trust. If it's all internal business-y stuff, it should all be on the same trusted domain. Or your admin guy done fucked up gud.
We are on a domain, and it forces the documents to reader mode anyway. That's on the same domain; and then there's the parent company domain...guess how that works? I don't know about the fucked up part, but I doubt it since we had people from Microsoft from France and Germany learning how to fix their domain bugs off our setup.
Generally, my uncle has remained a teetotaler, excepting occasional getting smashed like a Messerschmitt.
So why do you persist in saying that uncle is a terrible uncle, while you're ecstatic about the uncle who's a complete sot?
-
Are you sure the file isn't legit corrupted? That seems more likely to me.
Or the OP is running a really old version of Word...
-
getting smashed like a Messerschmitt.
Back in my younger days, I dated a girl with the Messerschmitt surname. My sample size of one leads me to the conclusion that this is a perfectly valid analogy.
-
And pray tell, how do you make "running arbitrary code" secure?
By not giving it access to dangerous functionality !
@Maciejasjmj said:It's like complaining
bash
is insecure because someone might have writtenrm -rf --no-preserve-root
ordd -if=/dev/random -of=/dev/hda
in a seemingly harmless installation script.
And that would fail, unless you are logged in as root, in which case you deserve it
-
It's like complaining bash is insecure because someone might have written rm -rf --no-preserve-root or dd -if=/dev/random -of=/dev/hda in a seemingly harmless installation script.
And that would fail, unless you are logged in as root, in which case you deserve it
How the balls are you going to run an installation script as non-root? At least if you want it to go into one of the usual locations... (i.e. /usr, /usr/local, or /opt)
-
How the balls are you going to run an installation script as non-root? At least if you want it to go into one of the usual locations... (i.e. /usr, /usr/local, or /opt)
The context of the discussion is Office documents with script embedded in them, not installation scripts.
And in the case of an installation script in bash, at least you can review the code before running it.
-
By not giving it access to dangerous functionality !
So allowing non-arbitrary code?
-
By not giving it access to dangerous functionality !
"Sorry everybody, but because it's not possible to perfectly sandbox scripting, @TimeBandit made us rip it entirely out of the product. On the positive side, you'll be doing the economy a solid with all the people you'll be hiring to update linked spreadsheets forever."
-
We are on a domain, and it forces the documents to reader mode anyway. That's on the same domain; and then there's the parent company domain...guess how that works?
Domains can be set to trust other domains, so we're back to "someone dun fucked up the setup".
-
I wish it was old but it's 2013. I've hated Office since they introduced the ribbon.
-
And a macro needs UAC as much as any other program, unless you run Word as an administrator, which is such an idiotic idea I wouldn't even know where to start.
-
"Sorry everybody, but because it's not possible to perfectly sandbox scripting, @TimeBandit made us rip it entirely out of the product. On the positive side, you'll be doing the economy a solid with all the people you'll be hiring to update linked spreadsheets forever."
So it's all or nothing ?
-
I wish it was old but it's 2013. I've hated Office since they introduced the ribbon.
my entire reaction to the ribbon was:
"Goddess that's ugly, do all my keyboard shortcuts work? groovy."
I then proceeded to ignore it completely.
-
So it's all or nothing ?
Quick: determine whether any arbitrary functionality is safe or not.
-
Quick: determine whether any arbitrary functionality is safe or not.
That's Microsoft job, not mine. Beside, I don't work with MS Office scripting.
And since Windows, quoting @blakeyrat, is supposed to be a "well engineered platform", they should know what is safe and what is not.
-
That's Microsoft job, not mine.
Right, so, since you've admitted it's hard to do, then decide: all, or nothing.
-
And since Windows, quoting @blakeyrat, is supposed to be a "well engineered platform", they should know what is safe and what is not.
You're asking Microsoft to solve the Halting Problem.Good luck with that.
-
Right, so, since you've admitted it's hard to do, then decide: all, or nothing.
I did not say it was hard.
But if I must decide between having my computer owned just by opening a Word document or not having scripting in Word, I vote for the secure option.
Anyway, it's not my problem since I don't use MS Office at all.
-
Right, so, since you've admitted it's hard to do, then decide: all, or nothing.
We're talking about VBA, right? Where they already have settings for whether you allow nothing to run or everything to run or to ask if you want them to run, right?
Is this just random trolling now or what? Asking for a macro.
-
EVERYTHING AN OS DOES SHOULD BE REVERTABLE. I shouldn't be able to type code and have it destroy my belgiuming computer. If you can do that, you're using shitty open source linux hardware.
I hope that was sarcasm or something?
-
Given it was followed by
</mini blakey>
, I'd say… maybe
-
That doesn't make it any clearer.
-
-
Holy shit:
introduced here Sep 10, 2013 indrora/steam_latest@21cc141 line 359
Is that OUR indrora??? How many people can be named "indrora"?????
-
http://what.thedailywtf.com/t/dont-try-to-move-steam-on-nix/7165
I'm surprised that you didn't catch that when it came around.
-
Neither did anybody else, if Discourse's search is working.
-
We're talking about VBA, right? Where they already have settings for whether you allow nothing to run or everything to run or to ask if you want them to run, right?
Is this just random trolling now or what? Asking for a macro.
If it's all or nothing, there's probably a reason there's not more flexibility is all I'm saying.
-
Neither did anybody else, if Discourse's search is working.
Don't you mean if it's malfunctio— oooh right; Discourse...
Carry on then.
-
And since Windows, quoting @blakeyrat, is supposed to be a "well engineered platform", they should know what is safe and what is not.
There are so many security cock-ups in Windows and the default user account configurations of Windows that it's not even funny. You could fill a book with all the screwed up stuff that is infact screwed up by design.
Expecting Microsoft to secure VBScript in any fashion with the genie as far out of the bottle as it is? Heck no; not happening.