Smart Tag Installation and Security for Microsoft Office XP
Microsoft® Office XP
Summary: This article provides information on smart tag installation and security in Microsoft Office XP. (13 printed pages)
Installation and Deployment
Updating Smart Tags
The Trust Diagram
Smart Tag Persistence
With Microsoft® Office XP, Microsoft is releasing an exciting and new technology called "smart tags." The smart tag technology found in Office XP is an extensible API (Application Programming Interface) that enables the real-time, dynamic recognition of user input and provides a set of relevant user actions based on the text that was entered and subsequently recognized. A typical user scenario might be the following: a user is typing text into a document that contains contextual information relevant to his or her job. This content could include the names of business partners, financial information, addresses, or any relevant business data. The organization could use a smart tag to dynamically recognize a piece of data and provide relevant user actions. When the user opens the document, the relevant data appears with a small, dashed underline. The user can then place the cursor over the text to expose the smart tag actions.
Most organizations are cautious when it comes to introducing executable code into their computing environment. Any situation where malicious code could be executed is rightly seen as a severe security risk. Smart tags were designed with these security concerns in mind. Although smart tags run within documents, no actual code is transported with the document when it is sent via e-mail. For a smart tag to execute properly, it must be installed and registered on the computer on which it is being used. Smart tags leverage existing security technologies and practices such as code signing and certification. Additionally, users of individual machines or network administrator can employ a variety of security measures and settings, allowing them full control over what code executes in their environment.
Each smart tag consists of two parts, both of which are COM (Component Object Model) DLLs, a recognizer and an action component. In addition, a document that contains smart tags will contain one or more XML data islands, which identify the text that the smart tag recognizes.
Because a smart tag is composed of COM DLLs, no code actually travels within the document. This means that smart tags cannot be used to transport malicious code. Additionally, smart tags users get the full benefit of the security precautions that apply to all COM DLLs. For a smart tag to be installed on a computer, the code must be installed and registered. Often, the installation can be in the form of a Web-based download package. Organizations can also sign their COM DLLs with a certification authority to guarantee that users and administrators know exactly what is being installed on a given machine.
Installation of a smart tag is the same as the installation of any COM DLL. The smart tag must be copied to the local machine and then registered with a registration package such as regsvr32.exe after which Microsoft Office XP must be restarted. Visual Studio® Installer is a good way to create smart tag installation packages the help this process. For more information on building smart tag installation packages using Visual Studio Installer, see the Smart Tag SDK located on the MSDN® Online Office Developer Center.
When a smart tag DLL is installed, its location must be written to the registry.
As part of Office XP, smart tag recognizers are registered in the \HKCU\Software\Microsoft\Office\Common\Smart Tag\Recognizers registry folder.
The smart tag actions are registered in the \HKCU\Software\Microsoft\Office\Common\Smart Tag\Actions registry folder.
Custom smart tags must be registered in the same location by creating a new key in the correct location. The new key's value must be the Class ID numbers (CLSIDs) of the recognizer and action DLLs. Thus, when Office XP queries the registry for the list of installed smart tags, it will find the CLSID and related smart tag DLL for all custom smart tags.
Smart tags can be deployed using any of the standard deployment methods currently used for COM objects. Policy templates can deploy smart tags automatically. For more information on using policy templates, see the Office Resource Kit (ORK). A systems management product like Microsoft Systems Management Server can also be used, or smart tags can be distributed via the Web. Office XP applications also include a More Smart Tags button on the smart tags tab of the AutoCorrect Options dialog box (found under the Tools | AutoCorrect Options | Smart Tags tab), which allows users to download new smart tags from Microsoft. Administrators can turn the More Smart Tags function off or redirect it to a server on their own network using administrative policy.
Many organizations want to make use of third-party or internally developed smart tags. Microsoft highly recommends that such smart tags be digitally signed using a certification authority such as Verisign.
A document that contains smart tags will contain an XML data island that identifies the string that the smart tag recognizes. Another data island will usually contain a property called the Download URL; the smart tag developer can direct the user to this URL for updates to their smart tags. Network administrators can override this URL using administrative policy and direct all requests for smart tags to another location. This will typically be the case when the user is behind a firewall. By placing the smart tags that users need on a server inside the firewall, the network administrator removes any possibility of a user downloading foreign and potentially harmful code.
Once a smart tag has been deployed, users still have control over how smart tags work on their computer systems through settings in Microsoft Word 2002, Excel 2002 and Outlook® 2002. These settings are part of the macro security settings and can be found in the macro security settings under the Tools | Macro | Security… menu.
- Macro Security Level
Figure 1 presents the Security Level dialog. This setting tells the application whether a Low, Medium, or High security level is desired.
Figure 1. Security Level dialog
- Trusted Sources
Figure 2 presents the Trusted Sources dialog. The Trust all installed add-ins and templates checkbox, found on the Trusted Sources tab, tells the application to load custom smart tags into memory that have been installed by the user, regardless if the smart tag DLL was signed. This checkbox is checked on by default. This box may be unchecked by the user or by administrative policy if more control over macro security is desired.
Figure 2. Trusted Sources dialog
The trust diagram in Table 1 explains exactly how Office XP will handle a custom smart tag that is installed on a user system. How Office XP handles the system will depend on the following variables:
- Is Trust all installed add-ins and templates checked on?
This setting is checked on by default.
- Is the smart tag digitally signed?
Microsoft strongly recommends that all developers sign their smart tags with a certification authority such as Verisign.
- Is the smart tag from a trusted source?
The application is capable of identifying sources that the user or an administrator as identified as trustworthy. This could be the user's own organization, for internally developed smart tags, or another company, such as Microsoft.
Depending on these settings, Office XP will handle the smart tag in one of the following ways. Office XP will:
- Load the smart tag into memory silently
The smart tag loads into memory without user intervention or prompting.
- Present the digital signature prompt
The user will be asked to accept the smart tag that has been digitally signed. This dialog includes a checkbox that allows the user to identify the source of this smart tag as a source that should be trusted in the future. This is the same dialog given to all digitally signed add-ins and is not specific to only smart tags.
- Not load the smart tag into memory
The smart tag does not load into memory. This is done silently without any user acknowledgement or dialog.
- Prompt the user to enable macro
This dialog box warns the user that the current document contains macros. The user may choose to enable macros in the current document, in which case any smart tags will be loaded, or to disable them, in which case they will not load into memory. Unless the user changes their security settings, they will see this dialog box every time they open a document containing smart tags.
Table 1. Trust Diagram
In addition to concerns over the contents of documents brought into an organization, users and administrators must consider their privacy when documents are sent from user to user or organization to organization. While smart tags generally will not constitute any risk to privacy, it is important to know exactly what kind of information travels with a document that is using smart tags, and how to control this data transport if needed.
When a document containing smart tags is transported via e-mail, network or other medium, no executable code travels with the document. A smart tag can only execute the code if it is installed on the machine on which the document is being viewed. The only part of a smart tag that travels with the actual document is an XML data island that identifies the text that the smart tag recognizes. In some cases, the information that is recognized may be considered private. For example, if an organization has a smart tag that recognizes the names of its customers, and its their customer list is not public, it may wish to disable this smart tag in any documents that would be shared outside of its organization. This step can be accomplished by turning off the Embed Smart Tags checkbox in the application. This checkbox can be found in the following locations:
- Microsoft Word 2002
Under the Tools | Options | Save tab. See Figure 3.
- Microsoft Excel 2002
Under the Tools | Autocorrect Options | Smart Tags tab. See Figure 4.
- Microsoft Outlook 2002
Create a new mail message using Word as your mail editor (the default). Then look under the Tools | Options | General tab | E-mail Options… button, General tab, uncheck Save Smart Tags in E-mail. See Figure 5.
If these options are disabled, no smart tag data will travel with a document.
Figure 3. Embed smart tags option for Word 2002
Figure 4. Embed smart tags in workbook option for Excel 2002
Figure 5. Save smart tags in e-mail option for Outlook 2002
If, in fact, a smart tag is sent from one user to another via a document, the experience of the recipient of that document will vary depending on his or her local security settings and the smart tags he or she has already installed. When a user encounters a smart tag that recognizes text in a document, he or she will typically see the recognized text underlined with a small dashed line. When the user places the cursor over the underline, the smart tag icon will appear. Clicking on this button gives a list of actions associated with the smart tag. If the smart tag has a Download URL property associated with it, one of these actions will be Check for New Actions. Note, however, that if the smart tag has no actions and no Download URL, the user will not see the underline or smart tag action button. However, this does not mean that the smart tag is not marked in the document. Rather, the document may still include an XML data island that contains smart tag meta data. This is explained in more detail by the privacy diagram.
The Privacy Diagram
Table 2 presents the privacy diagram. A variety of privacy settings affect how smart tags are embedded in documents and will help developers understand the privacy issues when using smart tags.
The following settings affect the inclusion of smart tags in a document and the resulting recipient user experience:
- Is the Embed Smart Tags checkbox marked?
Whether the Embed Smart Tags checkbox is checked or not.
- Does the smart tag have associated actions?
Whether the smart tag has any actions associated with it. Smart tags can be written to simply recognize terms but provide no visible user actions.
- Does the smart tag have a Download URL property?
Whether the Smart Tag has a Download URL associated with it. This property is set during the smart tag design process.
Depending on the user's privacy settings and the smart tags he or she has installed, the following behaviors affecting privacy and the document recipient's experience are possible:
- XML is embedded in the document
An XML data island is embedded in the document that designates the recognized text.
- Smart tag text will be underlined when the recipient opens the document.
When text is recognized in the document by the smart tag, that text will be underlined and the smart tag button will appear if the cursor is placed over the text.
- Actions are available for the recipient
All the available actions for the smart tag will appear in the drop-down menu when the smart tag button is clicked.
- The Check for new action is available to the recipient
Check for New Actions will appear in the drop-down menu.
- None of the options listed above will occur
The document will contain no smart tags or smart tag related XML markup.
Table 2. Privacy diagram
Smart tag recognizers run on a background thread. Consequently, they will not interfere with the user's ability to type or otherwise use the application. Text is passed from the application to these recognizers. The list of recognized text is held in memory while the smart tag is running. To determine which text to smart tag first, Word uses an algorithm similar to the one used by the spell checker. Excel only checks for smart tag recognition once a cell as been committed. This means that text in the visible portion of a spreadsheet is given highest priority so that users are not left waiting on smart tags.
If more than one recognizer is installed, the order in which they execute will be arbitrary. Whenever possible, developers should avoid building recognizers that consistently rely on database connections or Web access, as those may not always be available. If a recognizer that relies on this kind of functionality is running slowly, it may prevent other recognizers from running.
Developers also need to be aware of the possibility of recognition conflicts when building smart tags. The smart tag developer is required to define an XML namespace for the custom smart tag. This provides the ability to keep each custom smart tag independent from one another.
First, it is quite possible that two smart tags will recognize the same text as two different smart tag types. For instance, Greal could be recognized as both a company name and a chemical type. In this instance, both smart tags will recognize this text and provide the user with a cascading menu so that the user can choose which smart tag action to execute.
It is also possible that two recognizers will identify an overlapping text pattern. For example, imagine two recognizers, Recognizer A and Recognizer B. Recognizer A recognizes "123 Main Street, Apartment D" as a streetname smart tag, while Recognizer B recognizes "123 Main Street" as a streetname smart tag. In this case, in which two tags recognize an overlapping area as the same type, only one of the tags, chosen arbitrarily, will be accepted. Note that in Excel recognizers will only recognize text that is the entire contents of a cell.
Microsoft makes the following suggestions to organizations that are using smart tags and have concerns about security.
- Digitally sign your smart tag DLLs
Digitally signing COM DLLs should be considered a standard step in any development effort, including smart tag development.
- Use the appropriate macro security settings
The default settings provide adequate security for most settings. If more control over security is desired, uncheck the Trust all installed add-ins and templates checkbox and set macro security to High or Medium.
- Manage privacy
If your organization uses smart tags to recognize sensitive data, turn off smart tag embedding in all externally bound documents.
- Redirect smart tags within firewalls
Organizations with firewalls may consider using a local distribution point within their firewall for all smart tags and direct the Download URL and Check for new Smart Tags functions to this location using a policy template.
Users and administrators are becoming increasingly conscious of security issues. Microsoft already keeps a number of excellent measures in place to help administrators manage the security of their network. These include Digital Signature support, policy templates, and the security settings within Office applications. Smart tags work well within this security environment because no actual code travels with a smart tag-enabled document. Also, because much of the control on how Office XP handles smart tags is available to end-users, smart tags do not provide an avenue through which malicious code can enter the environment. Nevertheless, administrators should be proactive in managing their network's security. Part of this task is to understand what smart tags are, what they do within the application environment, and the benefit they can bring to an enterprise environment.