News

Clippy Has a Dark Side, Microsoft Says

Clippy, the Microsoft Office Assistant, has inspired a range of feelings from annoyance to outright loathing since arriving in 1997. Microsoft Corp. now says Clippy may be a dangerous security hole; since the Office Assistant is Active X enabled, it can act as a back door for malicious users. Microsoft has released a patch, which it says eliminates the security issues.

The Office Assistant, which defaults as a helpful paper clip animation, aids new users in taking advantage of Office’s full functionality. The Office Assistant has the ability to perform any Office task, helping users perform simple tasks with an intuitive interface.

Clippy’s scripting capabilities allows ambitious administrators to create custom macros for new users. Microsoft (www.microsoft.com)enabled Active X scripting in Office 2000’s Office Assistant, unintentionally creating the security issue. Active X is a protocol allowing greater scripting functionality on the Internet. Because of the unlimited functionality of the Office Assistant, malicious web administrators could potentially write scripts for the Office Assistant to perform destructive tasks.

One potential use of the Office Assistant is launching destructive macros or Visual Basic scripts. The “love bug” worm was a Visual Basic script.

Ever since Clippy debuted with Office 97, some users have been frustrated and annoyed with the automated, dumbed down help feature. Magazines have even offered technical advice on getting rid of the box. Posters on the Slashdot message board (www.slashdot.org) had mixed feelings about the revelations.

“Just what we need. The stupid 3D paper clip jumps up and tells you it loves you,” wrote one reader, referring to the recent “love bug” worm. Other posters had suggestions for creative uses of the security hole: “It would be even funnier to have the Office Assistant explain why he is doing bad things to the system as the malicious code runs--let the user think that the clip is sick of being his secretary,” wrote another Slashdotter.

Active X is a safe technology, according to Microsoft, who attributes the back door to human error. The patch prevents Active X control of the Office Assistant via the web. The patch is available at: http://www.microsoft.com/technet/security/bulletin/fq00-034.asp. -Christopher McConnell

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.