It’s recently come to my attention that there is an interesting error involving Microsoft Word and Symantec Endpoint Protection (aka SEP). Under the right circumstances, attempting to save a file directly from Word onto a USB-connected drive (flash or hard drive), results in an error:
“Word cannot complete the save due to a file permission error”
The problem doesn’t appear to affect Windows Vista users, only XP, and quite possibly, only XP installations that have been patched to Service Pack 3.
Luckily, on my network, it mostly won’t matter. About 95 percent of my clients have Symantec Antivirus (SAV), not SEP. My user’s home PCs, however, may have this version. I know at least one person does.
Thankfully, there’s a rediculously easy way to work around the problem: Save your file to your computer first, and then copy it to the flash drive. That’s it.
If you don’t know if you have either one installed, or can’t tell one from the other, just check out this page for even more details.
I had put together a post (unpublished, yet) regarding computer security. I’ll delay it in favor of this one.
One of The Rules of computer security is physical security. If someone with malicious intent has physical access to a machine, they can at least compromise the data on it, probably steal it, possibly alter it, and definitely destroy it. This is why the government freaks out so much about stolen (and lost) laptops. (I should know. I saw it happen a few times while I was at the IRS.)
What those rules don’t cover is restricting physical access among authorized users. An uneducated user (or [especially] administrator) can wreak as much havoc as any malicious attacker. This can be mitigated to some extent by using the principle of least privilege, but not totally eliminated. I can easily write a script to delete files (or change them) and embed it in a webpage (even this one). If I can convince someone browing the website to run it, it will run as whatever level of user they are. If you’re a (standard) limited user, I can deleted/change any files you have access to (Mostly your documents/data). If you’re an administrator, I can delete/change anything on the computer.
In conclusion, I’ll go back to The Rules: if you’re worried about the safety of data on your laptop, I have three words for you: Lock it up. The laptop, not the data. If you were worried about paper files, you’d put them in a locked office, file cabinet, or safe, right? Do the same thing with the computers that hold your digital files, please. Your administrator will thank you. If you have anything you really care about, back it up. If you don’t trust a site, don’t run stuff on it, and just because Google links to it, or because someone you do trust links to it, that doesn’t mean you should trust it.
