Legacy Code Security: Clippy the Office Assistant and Lessons in Usability
Ah, Clippy. Some of us remember that creepy animated assistant that came pre-installed in Microsoft Office in the late 90s.
The googly-eyed anthropomorphic paperclip would pop up in Word, unprompted by the user, start fidgeting uncontrollably and then offer troubleshooting tips for users as they tried to go about their work.
Clippy was widely considered a failure in the tech community and beyond - users unanimously hated it, quickly elevating a shared disdain for the paperclip to meme-worthy levels.
In response, Microsoft turned off the feature by default in Office XP, then killed it off completely in Office 2007-08.
Intelligent User Interfaces
Clippy was considered an intelligent user interface (UI), also known as an interface agent. UIs are supposed to help guide users through processes or provide information, similar to wizards. Someone actually wrote an entire thesis paper about Clippy, which I’ll quote here:
“Agents describe a system designed to mimic human behavior on some level - an interpretation most associated with Artificial Intelligence (AI) and the idea of ‘intelligent agents.’” - Why People Hate the Paperclip: Labels, Appearance, Behavior and Social Responses to User Interface Agents, Luke Swartz, Stanford University
The Computers Are Social Actors (CASA) theory stated that users treat computers like people. Clippy was born out of a desire to make computer programs more responsive and relatable to users, while guiding users through any usability issues.
This is something Security Researcher Dan Kaminsky recognizes in Duo’s video, Who Killed Clippy? Even though Clippy contained some of the “most annoying and oldest code ever shipped with Windows” from a security perspective, he acknowledged that, if not human, at least Clippy was communicating with users in their own language.
“There should be some silliness and connection to people in computers,” he said.
But Clippy didn’t even pass user approval in early focus group tests. Roz Ho, a former Microsoft executive, was quoted on the negative results of that testing in the documentary, Code: Debugging the Gender Gap (which Duo screened earlier this year):
Most of the women [in the focus groups] thought the characters were too male and that they were leering at them. So we’re sitting in a conference room. There’s me and, I think, like, 11 or 12 guys, and we’re going through the results, and they said, ‘I don’t see it. I just don’t know what they’re talking about.’ And I said, ‘Guys, guys, look, I’m a woman, and I’m going to tell you, these animated characters are male-looking.’
Yet, Clippy shipped anyway.
Security Problems with Legacy Code
In 2005-06, a group of 27 hackers were hired to break Windows Vista - supposedly Microsoft’s most secure operating system, according to Dan’s tale in our Who Killed Clippy? video. They found a hole in the legacy software behind Clippy, still shipped with new versions of Windows.
In 2000, ZDNet.com reported on a security hole in Microsoft Office Assistant (Clippy) that allowed an attacker to take control of a user’s system, and add or delete files. Clippy was a backdoor for Microsoft to allow macros that can take control of a PC and help out users - as well as manipulated by an attacker.
Then, in 2007, Symantec released research on the security implications of Windows Vista. Despite Vista’s new security features, Symantec found that legacy malicious code still persisted - 3 percent of backdoors (and 4 percent of keyloggers) could execute and survive a system restart.
Another critical vulnerability was reported in 2007 that exploited Windows Agent, the component that drives the operating system’s animated characters, including Clippy, according to PCWorld.com. It allowed an attacker to remotely execute code on an affected system, according to a Microsoft security bulletin.
It’s no big surprise then, that the hackers were able to compromise Vista via the old Clippy code. Watch the video to hear Dan’s side of the story.