Excel 2010 and Protected Views


Monday, February 15, 2010

If you have been looking at the "What's new" sections in the last FlexCel releases, you might have noticed a mysterious "Office 2010 Protected mode support". Here I would like to expand on what that means, but before going any further, let's focus in the message I want you to get from this post:

Please update FlexCel (both VCL or .NET) to the latest version. It is important that you do so.

As you know, we take pride in our long support cycle, and we in this case it is not different: Both 5.1 in .NET and 3.2 in VCL are free updates for everybody who has a valid license, so you have no excuse not to upgrade.

Ok, now that this has been sorted out, and while you are downloading the new files, I think I should explain a little. The reason I am asking you to update, is that Excel 2010 comes with a new feature, called "Protected View" that will flag files created with older FlexCel versions as invalid.

This feature will try to detect if the file is a "genuine" Excel file or not, and if it isn't, drop a big scary red box at the top:

In our case, we had both good and bad news. The good news: As we always cared a lot about creating files that would be virtually impossible to differentiate from a "real" Excel file, there wasn't much Excel complained about, we only found 3 wrong records in thousands of files. The bad news: Sadly one of those records was written to almost every file, so Excel 2010 would complain in most files FlexCel created.

So we fixed those records and then spent more than a month testing literally thousands of files created by FlexCel (from single "Hello world" files to files as complex as you can imagine) to verify that Excel 2010 opens them fine. Each one of them was individually opened in Excel 2010 and we manually verified it was ok.

So now it's your turn. Please install the latest FlexCel versions today, so when your customers get Excel 2010, they won't complain.

Do we still have some minutes left ? Ok, then it's rant time.

I would like to keep this kind of confidential between me an you, but really, I must say really, I don't get it. Saying it is the silliest idea ever would be mean, so I will just say "I don't get it".

To have yet another silly real world analogy, this is like if you discovered that "most terrorists use black t-shirts". So, you ban people with black t-shirts from airports, and claim to have "improved the security". You might even be able to convince someone that it was in fact a bright idea, but what will actually happen is that: 1) Terrorists will start using white T-shirts. 2) Lots of innocent people using black t-shirts will be banned from the airports.

In this case something very similar happens. Excel checks for some records, and if it sees they aren't exactly what it would expect, it will declare the file "dangerous". The problem? 1) If I am doing a malicious file, I will make very sure I get those records right. And yes, there are thousands of ways to craft a malicious file without them. 2) You will be banning millions of innocent files that bear no risk at all. For the record, the screenshot above wasn't made with a file created with an older FlexCel version, but with the latest (a couple of days old) version of OpenOffice. I just dropped a chart over an empty sheet, and voila, I had a "dangerous" file.

How many files completely harmless but not created with Excel itself are out there? What's the idea? OpenOffice, GEdit, KOffice, ourselves, are all "terrorists" now?

If you ask me, what Microsoft should have really have done here is fix the problem, period. Remove all possible buffer overflows. All of them. Review every line of the file loading process, and make sure there is no way a wrong value can crash Excel. Too much work you say? Well, not when the product generates the kind of revenue Office generates:


If they used just a fraction of those billions to fix Office instead of financing xbox and bing, they could buy a legion of security experts to review every single line. Or some engineers to rewrite the xls-loading code in managed code. Or both. What do we get instead? A band aid solution that doesn't solve anything, but does make life more complex to everyone.

Ok, the rant is off. You can ignore everything else in this post, but just remember to update FlexCel.
Thanks for your time,

Adrian Gallero


This blog post has received 4 comments.

1. Tuesday, February 16, 2010 at 3:23:37 PM

Well, let''s see. Microsoft discovers that there are potential security vulnerabilities in its file format. They have two choices.

1) They can do the right thing, go carefully over all their file loading code, however big it may be, and spend a lot of time and money tracking down, identifying and fixing any vulnerabilities and hope they caught them all. Or
2) They can put in a quick-and-dirty check that will catch the vulnerabilities they deem most critical, and oh-by-the-way also display scary "possible security vulnerability" warnings when it opens a file created by any of Microsoft''s competitors and not Excel itself, that will make non-tech-savvy users (well over 90% of the customer base) leery of anything from any other source.

Bear in mind this is Microsoft we''re talking about.

Why are you even the least bit surprised that they went with option 2?

Mason Wheeler

2. Wednesday, February 17, 2010 at 8:13:02 AM

First of all, thanks for the comment, you are exposing a valid concern I deliberately left off to focus in the technical part.
Now, I will say, if this is the reason, I think it is even sillier^W^W^W^W I don''t get it even more.

It is too easy. What did I think when I heard about protected views? What did you think? What will everybody think? Does Microsoft really want to get into other AARD code mess? ( http://en.wikipedia.org/wiki/AARD_code )

You know, Microsoft has actually changed in the last years. I say this as a guy who has spent countless days and nights reverse engineering a cryptic and completely undocumented xls file format, and that now can go and read full xlsx spec as a part of a standard.

Of course, I don''t think they changed because suddenly they woke up and said "oh, we are being evil, we need to change". I think the reason is simply that not being openly evil makes more money today, and corporations don''t exist to do evil or good, they exist to make money. All corporations (including those that have "don''t be evil" in their motto) will make evil if they need to, but they need to make sure they don''t get caught. If people suspects you are being evil, the PR backlash can be huge.

And well, this particular case might be ignored by the big public, but it might not. Open office has a big enough installed user base that someone somewhere in some influent place might start the flame, and the news (big bad Microsoft trying to crush competitors) is exactly the kind of news that would spread like wildfire.

After all millions Microsoft spent trying to erase its "evil" image, this looks like a rookie mistake. I still don''t get it.

Adrian Gallero

3. Thursday, February 18, 2010 at 9:51:52 AM

What mess? AARD code was a huge success. It ended up finishing off DR-DOS, and when they took it to court they ended up settling out-of-court for $280 million. That may sound like a lot to you and me, but it''s pocket change to Microsoft.

Paying a coder to write the AARD code: A few thousand.
Settling with Novell: $280 M
Finally gaining monopoly power in the operating system space: Priceless

Mason Wheeler

4. Thursday, February 25, 2010 at 5:55:55 AM

I agree with Adrian - I don''t get it at all. What Microsoft seems to forget here is that many of their biggest customers (Financial Institutions, for one) may rely on data that resides in "Excel" files that were not created in Excel.

For instance, analysts might need to use data dumped from a third party system into a pseudo-Excel file and then use it in Excel 2010.

This kind of "warning message" is exactly the kind of thing that will swamp help desks with questions and petitions, making the TCO much higher than it needs to be.

Yes, it may make them a quick buck now, but given how many big firms are already looking at moving away from MSFT Office (due to costs arising from what could in this case probably be labeled growing lack of user confidence) I do not think they are keeping the bigger picture in mind.

If 280MM USD is pocket change to them, then surely they can afford to fix this - it will cost *less* and make them *more* money. Besides, they already have the spradsheet monopoly. Steps like these will lose them market share, not help them gain more.

Young Timothy

Add a new comment:
  You will receive a confirmation mail with a link to validate your comment, so please use a valid email address.
Change Image
Fill in the characters from the image above:

All fields are required.

Previous  |  Next  |  Index