News Press Release for immediate release -- all media

Microsoft Office Users Assess Damage
"Demonstrable and indisputable fact" may be scandal or industrial sabotage

by Maj. Hog

Microsoft Office users are assessing the damage after reports by Net Census that user data may be saved to disk in a corrupted form by programs such as Excel. In this update, analysts test drive explanations for the mixed up files and Net Census releases further details on the data storage problem.

What is the damage?

While it is too early for a full accounting, damage may be estimated in two areas. First, Microsoft Office users may be unhappy that their work and data is corrupted without their knowledge or consent when saved to disk, even though the Office program is able to undo the tampering when the file is read again. "Imagine you withdraw some money from your bank account and the teller smiles at you and hands you counterfeit bills," said Doctor Electron. "Even if the bank later gives you real money in exchange for the bogus bills, there may still be a loss of confidence, especially if you encounter problems because of the phony money."

The ability of a software program to save to a file a true and faithful version of user data is basic. Inability to do so is like a horse that cannot run, a radio that cannot play, a car that cannot move. Thus, the second area of damage might be a loss in consumer confidence in Microsoft. The loosers could be the owners of the company -- its stockholders.

Are my Excel files corrupted?

Net Census has provided a free utility program called "xlstest" to document the corruption schemes applied to user data and to assist users in assessing the damage in their Spreadsheet files. Affected .xls data files are about 100 kilobytes or more and contain macros or basic programs. A computer expert in the Netherlands has reported to Net Census that apparently all files of sufficient length produced by so-called OLE applications are also affected. The xlstest program identifies most cases of user data corruption in Excel files.

The tampering with user data saved to disk files involves scrambling its order and repeated insertion of nonsense information. Analysis has now shown that both of these corruption methods involve manipulation of the OLE portion of Microsoft Office files called the FAT. "This suggests that the corruption may be intentional," said Doctor Electron at Net Census, "since nothing in OLE format requires it. In fact, the xlstest utility shows that many user files using OLE are not corrupted."

With the release of xlstest, the presence of corrupted Microsoft Office files on computers worldwide is "a demonstrable and indisputable fact." By examining the dates on Excel files that are corrupted according to xlstest, the history of this problem can be traced and may go back as far as 1997 or before.

Who is responsible for the user data corruption?

In two separate communications, Net Census has asked Microsoft Corporation for comments and suggested that an internal investigation might be appropriate. Unless it is supposed that outsiders somehow inserted malicious code into official company releases of Office software, the responsible parties are or were within the company. The two most likely possibilities may be industrial sabotage by employees or the scandal of management approval of what many consider to be a fundamentally dishonest practice.

Time-bomb theory
The time-bomb theory supposes that renegade staff within Microsoft managed to insert malicious code into Microsoft Office to corrupt user data saved to disk. The time-bomb of these rogue programmers would explode when user data corruption was disclosed, resulting in a public relations disaster for Microsoft Corporation. In this scenario, Microsoft may be a victim of industrial sabotage by company insiders.

Several arguments support the time-bomb theory. For the "time" part of time-bomb, the saboteurs apparently strove to make their handiwork unnoticeable in two ways. First, the malicious code allowed the Microsoft Office program to read the file. Second and very crafty, only selected files would be corrupted, so that spot checks of file contents would show that everything was in order for uncorrupted files. The theory states that the perpetrators expected an enormous "bomb" effect on the public image of the company. When the corruption schemes became known in late October, the time-bomb payload exploded.

Since public confidence in a company relates to its success, the time-bomb may produce more negative press than the combined recent reports of software security issues and legal ranglings concerning business practices. On the other hand, if this theory is correct, the saboteurs may fail in the end. Microsoft Corporation may be seen as a victim and may actually garner sympathy from the public.

Self-destruct theory
According to the self-destruct theory, the user data corruption schemes in Microsoft Office were approved by management with full knowledge of the issues involved related to honesty and integrity. Upon reflection, this theory becomes as fantastic as the tale of possible industrial sabotage. Basically, management is supposed to have "bet the farm" in a high stakes gamble which played fast and loose with customer effort and data. Customer confidence and trust in Microsoft products was presumably risked to pursue an objective implemented by program code which corrupted user data. What objective would outweigh customer trust? When the farm is Microsoft Corporation, it is not easy to think of what that objective might have been.

This theory states simply that a questionable business decision was made. Bad decisions usually do lead to misfortune down the road. Hence, the theory is named "self-destruct."

Software bug theory
Net Census has all but excluded a software bug as an explanation of the corruption schemes applied to user work and data. First, it is actually more difficult to write the mischievous code, which would be required in addition to the regular code which writes correct files.

Second, the corruption code would have to override the regular code which demonstrably works in writing uncorrupted files. Much like a malicious virus that can remain dormant, trigger mechanisms identified by Net Census would also be required to signal the conditions under which the nastiness would be activated.

Third, Net Census analysis has shown that the shuffling of the order of user data in corrupted files deploys a special variation of ordinary FAT usage which arguably has no purpose other than to corrupt data. That is, if the FAT in the corrupted files is read according to normal procedure, the corrupted data will not be correctly retrieved by the Microsoft Office program. Thus, the corruption schemes must contain an alternate method to retrieve the corrupted data.

The physical evidence strongly supports the thesis that corruption of user data by Microsoft Office was intentional. But who did it?

Copyright © 2002 Global Services

Original Publication: November 1, 2002

Back to Net Census