TM & Microsoft Word - I think this is security issue

ItWasNotMe

macrumors 6502
Original poster
Dec 1, 2012
280
83
I have some documents created in the MacOS version of Word that I want to keep confidential

1. They are on an encrypted drive
2. The whole drive is excluded from my TM backups

Browsing through my Time Machine (TM) history, by accident, I found a complete copy of one of the Word documents in the following location on the TM drive

/<redacted>/Users/<redacted>/Library/Containers/com.microsoft.Word/Data/Library/Preferences/AutoRecovery

IMHO Rather breaks the security of my document....

I've now excluded that folder from my TM backups
 

chscag

macrumors 68040
Feb 17, 2008
3,200
993
Fort Worth, Texas
You can change the location of your AutoRecovery folder from within Word Preferences. Instead of the default location above, change it so that it's on your encrypted drive.
 

casperes1996

macrumors 68040
Jan 26, 2014
3,956
1,903
Horsens, Denmark
You can change the location of your AutoRecovery folder from within Word Preferences. Instead of the default location above, change it so that it's on your encrypted drive.
Whilst it's true that MS does offer you a level of control here, the OP is right in that the transparency of this feature may not be entirely good enough for confidential information held by users unaware of the behaviour of the auto-recovery function and its workings.
 

StralyanPithecus

macrumors regular
So you have a separated encrypted volume and you didn't encrypted the most important drive, the user one? It's your fault not Microsoft's. Almost all the programs write some temporary or recovery files when used.

FYI, All my MacBook drive is encrypted, firmware password protected (the MacBook) and my backups are encrypted too.
 

ItWasNotMe

macrumors 6502
Original poster
Dec 1, 2012
280
83
You can change the location of your AutoRecovery folder from within Word Preferences. Instead of the default location above, change it so that it's on your encrypted drive.
I looked at that and could only see the option to set a single location for AutoRecovery which doesn't work as the encrypted drive is only mounted when I need it.

So you have a separated encrypted volume and you didn't encrypted the most important drive, the user one? It's your fault not Microsoft's. Almost all the programs write some temporary or recovery files when used.

FYI, All my MacBook drive is encrypted, firmware password protected (the MacBook) and my backups are encrypted too.
Only "stuff" I have on my user drive (boot) is Applications - seemed a bit pointless encrypting that.

My data files are split between those I don't need secured, on unencrypted drives that are TM backed-up; and those that I do need secured, not TM backed-up and backed up using software that supports strong encryption.

Also, putting all the AutoRecovery files by default in a Preference folder seems crass.
 

chscag

macrumors 68040
Feb 17, 2008
3,200
993
Fort Worth, Texas
I looked at that and could only see the option to set a single location for AutoRecovery which doesn't work as the encrypted drive is only mounted when I need it.
I can set my AutoRecovery location to just about anywhere on my drive. As far as I'm aware, that particular option has not changed over the past 4 or 5 versions of Mac Office. However, if your encrypted drive is not mounted at the time you select that preference, then it won't show up as a choice.
 

ItWasNotMe

macrumors 6502
Original poster
Dec 1, 2012
280
83
I can set my AutoRecovery location to just about anywhere on my drive. As far as I'm aware, that particular option has not changed over the past 4 or 5 versions of Mac Office. However, if your encrypted drive is not mounted at the time you select that preference, then it won't show up as a choice.
I decided in end to set the AutoRecovery Folder to a permanently mounted drive, clearly labelled as such and just make sure that TM wasn't backing that up. That way I could reset TM to back-up preference changes but not AutoRecovery files.

Still seems sloppy to write things that aren't preferences to a preference folder
 

AVonGauss

macrumors 6502
Oct 6, 2006
267
37
Boynton Beach, FL
So you have a separated encrypted volume and you didn't encrypted the most important drive, the user one? It's your fault not Microsoft's. Almost all the programs write some temporary or recovery files when used.
Actually, no. The application should not be creating a copy outside of the container that the document exists within. For reference, the NSFileManager implementation explicitly has a method to return the location for a temporary file appropriate for a given file location.
 

ItWasNotMe

macrumors 6502
Original poster
Dec 1, 2012
280
83
The application should not be creating a copy outside of the container that the document exists within
Thats the way the Office suite on Windows worked last time I looked, and its what I expected would happen. So, for example, if the document is on an encrypted drive it stays on that encrypted drive.

On MacOS, anything but, and its sloppy across much of the Suite

1. I had a quick look at Excel and Powerpoint as well. They also have AutoRecovery folders deep inside the users Preference folder structure and for these apps I couldn't see a way to change it to anywhere else. I haven't checked that the files end up there but since when is a temporary copy of a document a preference?

2. In Word, where you can change the single location used by all documents (poor practice), when you open up the relevant dialog for the first time, the location is blank - not even a hint as to where your data is going.
 

chscag

macrumors 68040
Feb 17, 2008
3,200
993
Fort Worth, Texas
1. I had a quick look at Excel and Powerpoint as well. They also have AutoRecovery folders deep inside the users Preference folder structure and for these apps I couldn't see a way to change it to anywhere else. I haven't checked that the files end up there but since when is a temporary copy of a document a preference?

2. In Word, where you can change the single location used by all documents (poor practice), when you open up the relevant dialog for the first time, the location is blank - not even a hint as to where your data is going.
It's been known for quite some time that the AutoRecovery system is broken and does not work in versions of Mac Office. I don't know how many times I've had to remind users to select the option to always make a backup from Word preferences so that a document is not lost in the event of a system crash.

And as you discovered, Powerpoint and Excel AutoRecovery folders cannot be changed. I don't know why MS can't make things work right as they have with their Windows version of Office.
 

mailbuoy

macrumors member
Jan 16, 2014
60
15
Davidsonville, MD
Only "stuff" I have on my user drive (boot) is Applications - seemed a bit pointless encrypting that.

My data files are split between those I don't need secured, on unencrypted drives that are TM backed-up; and those that I do need secured, not TM backed-up and backed up using software that supports strong encryption.

Also, putting all the AutoRecovery files by default in a Preference folder seems crass.
Except, there is other "stuff" on the user drive - as you discovered with the Word recovery files. It would seem that the most secure option is just File Vault encrypt all your drives (even if you choose to put some files on a separate encrypted drive) and also encrypt your TimeMachine backup. I don't think there is a significant downside to using File Vault.