Clipboard Extender Dot Com

If you visit a website and are asked if you’d like to allow the site to read your clipboard, you probably want to say NO.  Unless you’re expecting the web page to be reading your clipboard, you should not allow it.  It could be something sneaky, possibly gathering passwords or credit card information.

This blog post describes the security setting in IE7 that warns you, and tells how you can turn it off (I don’t recommend turning it off….)
http://www.mydigitallife.info/2006/09/25/disable-allow-this-webpage-to-access-your-clipboard-pop-up-warning-message-in-ie7/

Technically, it’s pretty simple. A single line of javascript on the page can read your clipboard (unless IE is set to block it).

This article describes how the javascript trick is done:
http://www.arstdesign.com/articles/clipboardexploit.html

This blog post also describes how it’s done, and has a sample link, if you’d like to see this in action, or just to test if you’re protected or not:
http://harriyott.com/2005/01/javascript-clipboard-control.aspx

As for ClipMate (our product), the vulnerability doesn’t go any further than what’s on the clipboard (the currently selected clip). Such scripts have no capability to dig into ClipMate’s database or force it to give up other clips.

Update: (Dec 7, 2007) Now it looks like an e-mail trojan is exploiting this. I suspect that it can only work if you used web-based e-mail such as squirrelmail, yahoo, gmail, etc.. If you are opening your (web-based) e-mail and your browser asks permission to use the clipboard,  DON’T!  Here’s a link to the discussion about that:
http://www.windowsbbs.com/showthread.php?t=69461

I’m writing this off-topic post in hopes that it’ll save other folks the time/trouble that I just wasted trying to troubleshoot an installer that seemed to be installing old versions of files.  Nothing was wrong with the installer, nothing was wrong with my eyes, nothing was wrong at all, except my memory. As a software developer, I had already learned about this pitfall, and just plain forgot.

 Vista Pain In The Neck Rule #1: If you modify or create a program in the “program files” directory, or a program does it for you, Vista will play tricks on you.

This includes: 

1. Editing a file yourself, even if you have administrator privleges
2. Any program that writes a data file to the program files directory (unless it’s an installer).
3. Any program that writes configuration or .ini files to the program files directory (unless that program was launched by an installer).

Here’s what I did:

I had modified a file myself, using Notepad or EmEdit (both are excellent text editors), in c:\program files\ClipMate7\Languages.  The file was called “english.lng”.  This was to test some changes for an upcoming maintenance release.  The modified file contained a version string 7.2.05.165, so I could easily check it within the program, to see if the translation was up-to-date.

A few days later (today), I installed my shiny new version 7.2.06.166.  Guess what?  English.lng contained the 7.2.05.165 version. 

I re-checked the installer and build scripts and directories. Everything was fine. As far as I could see, 7.2.06.166 was making it into the installer.  I uninstalled, rebooted, re-installed, and still had the old file.

Then I remembered the whole UAC thing, and how Vista makes some sort of “shadow” copy.  That’s what happens when Vista asks for special permission to continue with the “file save” or delete.  Yes, yes, yes indeed.  I found the old file lurking in:
C:\Users\Chris\AppData\Local\VirtualStore\Program Files\ClipMate7\Language\English.lng

I deleted it, and everything was fine. 

How did this happen? 

I was assuming that the installer would be able to clean up any such problems, but apparently, while the special UAC privlege for installers only allows them to install/delete files in the program files directory, it does NOT have provisions for reconciling newly-installed files with older files that are lurking in the VirtualStore directory.  Even though the installer supplied a new version of english.lng, Vista showed me the old one.

Lessons Learned To Date:

1. If a program file needs to write important data to its own directory, install it somewhere else. I have set up D:\Apps, for this purpose.
2. If you are backing up a program that seems to store its data in its own directory, and you didn’t follow #1 above, don’t count on the backup actually having the right files.
3. If you install a program and it offers to “run program now”?  Don’t. Just let the installer quit, and then run the program yourself. Otherwise you’ll run the risk of the program running with elevated privleges, and creating data and configuration files that cannot be updated later.
4. And today’s lesson: If you edit anything in the Program Files directory, you’re asking for trouble.  Be sure to check the VirtualStore cache.
5. The Virtual Store resides in: C:\Users\<userid>\AppData\Local\VirtualStore\Program Files\ClipMate7\Language\English.lng

References and helpful links:

• Vista and User Virtualization
• What is UAC? (And how to turn off those annoying prompts!)

Tags: uac, user account control, vista

Microsoft Office has a clipboard history window, which can be bothersome, or if you are working with a clipboard extender such as ClipMate, can interfere with normal operation. It’s not always intuitive how to close it, so we’ve collected and summarized information here.

Office 2007:

• Doesn’t seem to be a problem. I haven’t seen a clipboard come up, when performing multiple copies. 

Office 2003: See these articles:

• http://malektips.com/word_2003_0025.html
• http://www.annoyances.org/exec/forum/winxp/1187382118

Office2000:

• From Microsoft: “As you copy items, the Office Clipboard automatically appears on your desktop. You can close it if you do not want it to appear automatically. After closing the toolbar three times, you are prompted to permanently close it. If you permanently close the clipboard, to redisplay it, on the View menu, click Toolbars and then click Clipboard.”
• This information is from the Microsoft Support Knowledge Base, Article: Q221190 : Using the Office 2000 Clipboard
  There is yet another way, if you want to edit the registry.  The information is in a related Knowledge Base article: Q207438 OFF2000: Preventing the Office Clipboard Toolbar from Appearing
• Here are two registry scripts that will turn off, or on, the Office2000 clipboard by adjusting the value that is mentioned in the above MS Knowledge Base article:  
  Turning it off: office2000clipboardoff.reg
  And back on again:office2000clipboardon.reg
  Just click on either of the above links above, download and run the file to update the registry. You’ll be prompted with an “are you sure” dialog, and then the registry is updated.  If you want to see what they’re doing first, just download to your hard disk and open with a text editor such as Notepad.

• Note: This registry patch won’t work in Office XP

OfficeXP Clipboard:

• OfficeXP has a clipboard that will interfere with certain ClipMate operations like PowrePaste.  Disabling it is easy.  Start WinWord, and you’ll see the “task pane” at the side of the screen.  Within the task pane, you’ll see the clipboard appear if you copy two items in a row.  Now you can turn it off for good.  Select the “Options” menu, and turn off the “Show Automatically” and “Collect without showing” options.  There is a screenshot to show this.  When you re-start WinWord, the clipboard won’t re-appear.  If you need to bring it back, you can do so via the menu at the top of the “task pane”.

• Alternately, if you see the OfficeXP clipboard icon showing in the Windows System Tray (next to the clock), you can right-click on it and select “stop collecting”.

Related Links:

•  Annoyances.Org has a page on disabling the Office Clipboard in both Office2000 and XP.