New File Converter Coming Soon

re: New File Converter Coming Soon

Foolhardy — Wed, 09 May 2007 04:47:57 GMT

>>A somewhat neglected feature that's been in Windows since Windows 2000 is job objects...

I really wish there was a better user interface to these features. The official UI methods that I know of are: a server resource management program (I forget the name), which I presume uses jobs, the "Run this program with restricted access" option of Run As makes a basic restricted token, the similar option of Process Explorer, and the Untrusted, Basic User and Restricted SAFER levels use, which use restricted tokens, with job objects to mitigate desktop attacks.

Still, it'd be nice to have a command line scriptable or otherwise automated interface with fine grained control over groups and job limits built into the OS. I ended up creating my own command line app, ulimitnt (see post URL), to utilize restricted tokens, jobs and desktop objects effectively.

It's a shame too... restricted tokens are very powerful: it's even possible to build an application rights (as a subset of the user's rights) framework with some planning.

[dcl] I agree - most of this is left over from an early sandboxing project, but one problem is that a lot of stuff breaks, and it's a support call waiting to happen if you do use it on regular apps. You really need to build an app to run in an environment like this. Stay tuned - once you see the details, you'll see the complexity.

That said, I've been tossing around the idea of making a toolkit so that people could use all this more easily. No promises, but I've had thoughts much along the same lines as your comments.

re: New File Converter Coming Soon

Russ Cooper — Thu, 10 May 2007 22:33:38 GMT

About time you got around to writing this David!! I can't wait to plug it into email gateways to replace MIME decoders with something better than magic byte detection capabilities! Please find a way for us to put this into a managed sink on Exchange!

Cheers,

Russ

re: New File Converter Coming Soon

Ryan Russell — Fri, 11 May 2007 18:50:03 GMT

Hm, app proxy for file formats, huh?

Is there a page somewhere that would tell one how to configure the jail mode, if one wanted to see what could be done from there, independent of MOICE?

[dcl] It isn't configurable, so it would be a very short page. There is one thing you could do to further tweak it on Vista, which would be to add some deny all firewall rules for the converters. I would have liked to have that in there, but we wanted to get it out for people to use, and you could do that with a VB script if you liked.

You wouldn't want to tighten the screws any further - they're already screwed down as tight as they can get without breaking things - we went overboard, then backed off just enough for things to run, and had to fix a couple of things in the apps for it to work.

I will be documenting everything we've done, and might even wrap this into a library you could use for your own apps, though don't hold your breath - I'm really busy. It will probably eventually happen, but I can't commit to even a vague schedule.

re: New File Converter Coming Soon

Justin Polazzo — Sat, 12 May 2007 04:01:00 GMT

What about people who do not run office 2007?

Are you saying the 2003/2000 versions of office will still be able to read these converted-but-still-associated-with-older-version docs?

-JP

[dcl] That's the point - the converter pack allows downlevel versions of Office to read the new file format. So the file starts out in what was originally the native format for Office 2003, gets converted to the new format (and likely sanitized in the process), and you can then use the converter to allow Office 2003 to read it in.

re: New File Converter Coming Soon

Justin Polazzo — Sat, 12 May 2007 04:44:51 GMT

sorry, the 2003 should have been removed from that question....

I have a lot of friends at colleges that could use this, but also still have office 2000 running.

would this work for them as well?

-JP

[dcl] Office 2000, or Office XP? Support for the converter pack is:

Supported Operating Systems: Windows 2000 Service Pack 4; Windows Server 2003; Windows XP Service Pack 1

Recommended Microsoft Office programs:
- Microsoft Word 2000 with Service Pack 3, Microsoft Excel 2000 with Service Pack 3, and Microsoft PowerPoint 2000 with Service Pack 3
- Microsoft Word 2002 with Service Pack 3, Microsoft Excel 2002 with Service Pack 3, and Microsoft PowerPoint 2002 with Service Pack 3
- Microsoft Office Word 2003 with at least Service Pack 1, Microsoft Office Excel 2003 with at least Service Pack 1, and Microsoft Office PowerPoint 2003 with at least Service Pack 1
- Microsoft Office Word Viewer 2003
- Microsoft Office Excel Viewer 2003
- Microsoft Office PowerPoint Viewer 2003

I'm not 100% sure what MOICE supports in terms of the full deal with file blocking and so on - that may be only Office 2003, but I can check on Monday. However, it can be used as a command-line tool to convert files to the new format, and they'll do so in a protected manner. You can then open them with anything the converter pack supports (above). As far as the sandbox goes, I know it is tested on XP and up, not as sure about Windows 2000, and Win9x doesn't support what it needs at all - no security on Win9x.

re: New File Converter Coming Soon

alexeck — Sun, 13 May 2007 00:29:41 GMT

Very interesting post. One question: How will one deal with current O27 files? You're not going to "downconvert" and then upconvert those, are you? You're just upconverting the older files?

[dcl] exactly

in other words, this doesn't do anything to protect user's from a Metro file which is exploited, right?

[dcl] - right - this wouldn't protect from a native Office 2007 file that is exploitable. It wouldn't convert, and in the second place, if the converter itself could be made to run completely arbitrary code, it could emit any file it likes in the new format. If that file were an exploitable 2007 file, then you'd have an exploit. This is exactly why I said customers would be _safer_ - it's still possible something could get through, but a lot of things will get blocked - there are whole classes of attacks that can't make the transition.

Microsoft Office Isolated Conversion Environment

Teamzille.de — Tue, 15 May 2007 17:56:24 GMT

Bei der Entwicklung von Office 2007 ist den Entwicklern aufgefallen, dass in alten Office-Dokumenten enthaltener Schadcode verloren geht, wenn diese in das neue Format konvertiert werden. Genaugenommen passiert dies nicht immer aber die Wahrscheinlichkei

re: New File Converter Coming Soon

Nathanael Jones — Tue, 22 May 2007 14:22:38 GMT

Will this help with word 2.0 files in an way? We've still got thousands of Word 2.0 files, and newer versions of Word don't open them correctly. Word 2.0 won't run on newer computers, so we're going to be stuck when our last pentium 3 dies.

[dcl] I don't know - it's basically the same code as Office 2007 would use to convert the files, so it would do the same job. If you've got lots of files, my assumption would be that most (all?) of them aren't malicious, and MOICE may be overkill. I believe Word 2 will run on a recent system - saw one of our devs run it on his Win2k3 system one day. You can also certainly install all this into a virtual PC running whatever combination of downlevel OS and Office you like. You don't need actual hardware.

Given the security implications of the older parsing code, it isn't a great idea to expect us to support older formats forever. Taking into account the engineering cost of bringing that code up to current standards and the decreasing user base, something has to give. What might be a good idea for you would be to use whatever version of Office you feel has good fidelity (though we do strive to make this work really well - I'll accept your word in terms of how it works for you), and upconvert the files to something newer - Word 2 was great 15 years ago...

Hope this helps - and this is all just IMHO, and not an official statement on behalf of Office.

Microsoft Office Isolated Conversion Environment

IT, IS, etc... — Tue, 02 Oct 2007 12:37:09 GMT

Как всегда: начинаешь копать одно, а выясняешь для себя много нового совсем из другой оперы. Сегодня...

Microsoft Office Isolated Conversion Environment

ИТ, ИБ и т.п. — Mon, 22 Oct 2007 06:50:27 GMT

Как всегда: начинаешь копать одно, а выясняешь для себя много нового совсем из другой оперы. Сегодня...

Ooops, formatele vechi nu sunt secure?

Weblogul lui Zoli — Sat, 05 Jan 2008 20:36:22 GMT

Nu. Totusi, Office 2003 SP3 blocheaza o serie de formate de documente (foarte putin folosite in Microsoft