UPDATE -- This BugNet Alert has changed as Microsoft has changed its story on this Severity 1 bug. Microsoft's current position is that this is not a bug at all. MS says it is a "feature" of FrontPage 98 that the program can delete your entire hard drive -- including Windows itself -- and completely trash your system. Based on Microsoft's current explanation of the problem (which bears scant resemblance to the explanation in its Knowledge Base), BugNet believes Microsoft needs to take one of two steps to fix this rare but potentially disasterous bug:
No word yet whether Microsoft has any plans to provide any help for this problem, but check back for further developments... Updated May 6, 1998 A Rare But Disastrous Scenario...FrontPage 98 Can Erase Your Entire Hard DriveMICROSOFT HAS acknowledged a problem in FrontPage 98 which may be the most potentially destructive bug that BugNet has encountered in the last half decade. It won't affect the most FrontPage users, but those few who stumble across it are in for a very nasty surprise. The problem can cause Microsoft FrontPage 98 to erase a user's entire hard drive, including all data, all installed programs and even Windows itself. The bug will bite if you create a disk-based web in the root directory of your hard drive -- e.g., in C:\ -- and then later delete the disk-based web. (A disk-based web is a FrontPage web that doesn't employ the FrontPage Personal Web Server or another server.) If you DO delete a disk-based FrontPage web in the root directory of your hard drive, FrontPage will delete EVERYTHING on the drive. There are some very specific steps that you must follow first for this sad result to occur to your C:\ drive, however. The most important step -- call it a mistake, or pilot error -- is to delete the default web folder (generally c:\webshare\wwwroot) that FrontPage places on a user's system when the program is installed. If you don't delete the wwwroot directory, the FrontPage bug won't be able to trash your C:\ drive (it may, however, still be able to trash everything on other drives or partitions that have had FrontPage disk-based webs created on them). But if you do delete the wwwroot directory, you've started down a very slippery slope where bad things can happen fast without the user even realizing that they're headed for the falls. The first sign of trouble comes when the user tries to create a new disk-based web. FrontPage now easily allows the user to turn their entire C:\ drive into a FrontPage web. There is a confirmation dialog box that comes with this action, but it seems totally benign at this point. This is a cruel illusion, for when the user eventually wants to delete the disk-based web (as inevitably will happen), the only sign of impending disaster is the standard FrontPage delete web dialog box, which warns that once a web is deleted it can't be restored. If the user doesn't remember that FrontPage now thinks the whole C:\ drive is a FrontPage web -- or if they weren't the person who accepted the conversion -- or if they are simply in a hurry and assume that surely Microsoft is not going to let FrontPage delete Windows, they're in for real grief. Microsoft told BugNet today that "this is not a bug," but we respectfully beg to differ. We define bugs as "errors of coding or design which cause a program to behave unexpectedly or cause loss of functionality within a program." We feel this is clearly a bug because it can make FrontPage 98 behave in an unexpected and extremely destructive manner which definitely causes loss of functionality. Specifically, we feel it is a error in design which relies on the presence of the wwwroot directory -- rather than the windows\system directory -- to determine whether Windows is installed on a drive. MICROSOFT'S QUICK and dirty work around is Don't Do That (DDT). "Always create disk-based webs in a subfolder of the root of the hard-disk," advises Microsoft. If you are creating a new disk-based web, you can be sure your web is not in the root directory by following these steps:
Beyond this, you should not let FrontPage convert any drive or partition into a FrontPage web without thinking through the consequences. We at BugNet deal with tens of thousands of bug reports a year, and we can't remember ever seeing a problem in a program with this kind of destructive potential. General Protection Faults look like a stroll in the park by comparison. This bug only affects FrontPage 97 and FrontPage 98 for Windows. -- Wade Bobb and Bruce Brown
© BugNet material copyright 1994-1999 by BugNet. This historic replica of BugNet from the period 1994-1999 BF Communications Inc. Website by Running Dog
|