UPDATE -- This BugNet Alert has changed as Microsoft has changed its story on this Severity 1 bug.

Microsoft's current position is that this is not a bug at all. MS says it is a "feature" of FrontPage 98 that the program can delete your entire hard drive -- including Windows itself -- and completely trash your system.

Based on Microsoft's current explanation of the problem (which bears scant resemblance to the explanation in its Knowledge Base), BugNet believes Microsoft needs to take one of two steps to fix this rare but potentially disasterous bug:

  1. either fix the bug in FrontPage 98's design which makes it use the presence of FrontPage's wwwroot folder -- instead of the Windows folders or files -- to determine if the Windows OS is installed on a drive...
  2. or change FrontPage's Delete Web dialog box to specifically warn users that deleting a disk-based web in the root of their C:\ drive will leave a user's system the digital equivalent of a smoking crater.

No word yet whether Microsoft has any plans to provide any help for this problem, but check back for further developments...

Updated May 6, 1998

A Rare But Disastrous Scenario...

FrontPage 98 Can Erase Your Entire Hard Drive

MICROSOFT HAS acknowledged a problem in FrontPage 98 which may be the most potentially destructive bug that BugNet has encountered in the last half decade.

It won't affect the most FrontPage users, but those few who stumble across it are in for a very nasty surprise.

The problem can cause Microsoft FrontPage 98 to erase a user's entire hard drive, including all data, all installed programs and even Windows itself.

The bug will bite if you create a disk-based web in the root directory of your hard drive -- e.g., in C:\ -- and then later delete the disk-based web. (A disk-based web is a FrontPage web that doesn't employ the FrontPage Personal Web Server or another server.)

If you DO delete a disk-based FrontPage web in the root directory of your hard drive, FrontPage will delete EVERYTHING on the drive.

There are some very specific steps that you must follow first for this sad result to occur to your C:\ drive, however. The most important step -- call it a mistake, or pilot error -- is to delete the default web folder (generally c:\webshare\wwwroot) that FrontPage places on a user's system when the program is installed.

If you don't delete the wwwroot directory, the FrontPage bug won't be able to trash your C:\ drive (it may, however, still be able to trash everything on other drives or partitions that have had FrontPage disk-based webs created on them).

But if you do delete the wwwroot directory, you've started down a very slippery slope where bad things can happen fast without the user even realizing that they're headed for the falls.

The first sign of trouble comes when the user tries to create a new disk-based web. FrontPage now easily allows the user to turn their entire C:\ drive into a FrontPage web. There is a confirmation dialog box that comes with this action, but it seems totally benign at this point.

This is a cruel illusion, for when the user eventually wants to delete the disk-based web (as inevitably will happen), the only sign of impending disaster is the standard FrontPage delete web dialog box, which warns that once a web is deleted it can't be restored.

If the user doesn't remember that FrontPage now thinks the whole C:\ drive is a FrontPage web -- or if they weren't the person who accepted the conversion -- or if they are simply in a hurry and assume that surely Microsoft is not going to let FrontPage delete Windows, they're in for real grief.

Microsoft told BugNet today that "this is not a bug," but we respectfully beg to differ. We define bugs as "errors of coding or design which cause a program to behave unexpectedly or cause loss of functionality within a program."

We feel this is clearly a bug because it can make FrontPage 98 behave in an unexpected and extremely destructive manner which definitely causes loss of functionality.

Specifically, we feel it is a error in design which relies on the presence of the wwwroot directory -- rather than the windows\system directory -- to determine whether Windows is installed on a drive.

MICROSOFT'S QUICK and dirty work around is Don't Do That (DDT). "Always create disk-based webs in a subfolder of the root of the hard-disk," advises Microsoft.

If you are creating a new disk-based web, you can be sure your web is not in the root directory by following these steps:

  1. On the File menu, click New FrontPage Web
  2. In the FrontPage Web dialog box, select the type of web you want to create
  3. Click the Change button
  4. In the Change Location dialog box, type a path like c:\my_web
  5. Click OK and OK again

Beyond this, you should not let FrontPage convert any drive or partition into a FrontPage web without thinking through the consequences.

We at BugNet deal with tens of thousands of bug reports a year, and we can't remember ever seeing a problem in a program with this kind of destructive potential.

General Protection Faults look like a stroll in the park by comparison.

This bug only affects FrontPage 97 and FrontPage 98 for Windows.

-- Wade Bobb and Bruce Brown

© BugNet material copyright 1994-1999 by BugNet.
® BugNet is a Registered Trademark of KeyLabs.
Astonisher.com material is

© Copyright 1973 - 2015 by Bruce Brown and BF Communications Inc.
Astonisher.com is a trademark of BF Communications Inc.

This historic replica of BugNet from the period 1994-1999
is presented by astonisher.com with the permission of BugNet.

BF Communications Inc.
P.O. Box 393
Sumas, WA 98295 USA
(360) 927-3234

Website by Running Dog

* Here's Bruce Brown's BugNet Memoir...
* Here's the free BugNet from 1999...