Users of Google desktop on my machine are able to see the entire text content
of my Word 2000 documents protected by passwords. In the short term, I
believe you should alert Word users to this vulnerability; in the longer
term, you should develop a password mechanism which is impenetrable to Google
desktop.

On Sat, 7 May 2005 03:01:02 -0700, "Andy Denis" a.denis(at)lse.ac.uk
wrote:

Users of Google desktop on my machine are able to see the entire text content
of my Word 2000 documents protected by passwords. In the short term, I
believe you should alert Word users to this vulnerability; in the longer
term, you should develop a password mechanism which is impenetrable to Google
desktop.

Documents from Word 2000 and earlier are inherently insecure. The
password is meant mostly to prevent unintentional alteration, not much
more. When you apply a password, a weak encryption is applied to the
text.

Word 2002 and 2003 offer options for much stronger encryption,
including 128-bit DSS or RSA algorithms (but you can't exchange these
documents with users of earlier versions of Word). They also have
options to remove personally identifiable data from documents on
saving, and to warn you when such data is present. Unfortunately,
these options are all turned off by default and you have to know to
change them. For a lot more information, see these articles:

How to Minimize Metadata in Word 2000
http://support.microsoft.com/?kbid=237361

Changes in encryption file properties in Office 2003 and Office 2002
http://support.microsoft.com/?kbid=290112

How to Minimize Metadata in Word 2002
http://support.microsoft.com/?kbid=290945

Remove Hidden Data add-in for Office 2003 and Office XP
http://support.microsoft.com/?kbid=834427

--
Regards,
Jay Freedman
Microsoft Word MVP FAQ: http://word.mvps.org

Thanks. That's very helpful.

"Jay Freedman" wrote:

On Sat, 7 May 2005 03:01:02 -0700, "Andy Denis" a.denis(at)lse.ac.uk
wrote:

Users of Google desktop on my machine are able to see the entire text content
of my Word 2000 documents protected by passwords. In the short term, I
believe you should alert Word users to this vulnerability; in the longer
term, you should develop a password mechanism which is impenetrable to Google
desktop.

Documents from Word 2000 and earlier are inherently insecure. The
password is meant mostly to prevent unintentional alteration, not much
more. When you apply a password, a weak encryption is applied to the
text.

Word 2002 and 2003 offer options for much stronger encryption,
including 128-bit DSS or RSA algorithms (but you can't exchange these
documents with users of earlier versions of Word). They also have
options to remove personally identifiable data from documents on
saving, and to warn you when such data is present. Unfortunately,
these options are all turned off by default and you have to know to
change them. For a lot more information, see these articles:

How to Minimize Metadata in Word 2000
http://support.microsoft.com/?kbid=237361

Changes in encryption file properties in Office 2003 and Office 2002
http://support.microsoft.com/?kbid=290112

How to Minimize Metadata in Word 2002
http://support.microsoft.com/?kbid=290945

Remove Hidden Data add-in for Office 2003 and Office XP
http://support.microsoft.com/?kbid=834427

--
Regards,
Jay Freedman
Microsoft Word MVP FAQ: http://word.mvps.org