Windows improves handwriting-recognition skills at the peril of users’ security

Microsoft Surface Pro and Surface Pen 2017
Kyle Wiggers/Digital Trends

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Some are concerned, however, that the way it stores that information could prove to be a security risk, as researchers have discovered everything from the content of emails to passwords stored in a single file.

Handwriting recognition was introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. To help improve its accuracy, it looks at commonly used words in other documents, storing such information in a file called WaitList.dat. But digital forensics expert Barnaby Skeggs has highlighted that it stores just about any text on your system — not just handwritten content.

“Once [handwriting recognition] is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs told ZDnet.

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

This is something that has purportedly been known about in the forensics space for some time and has provided researchers with a useful way to prove the prior existence of a file and in some cases its contents, even if the original had been scrubbed from existence.

Although typically such a potential security hole would warrant contacting Microsoft about the issue before making the public aware of it, Skeggs has reportedly not done so, since the handwriting recognition feature is working as intended. This isn’t a bug, even if it’s potentially exploitable.

If you want to close up that potential security hole on your system, you can delete WaitList.dat manually by going to C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester. If you don’t find that folder, you don’t have handwriting recognition enabled, so you should be secure.

Well, you should be secure against this potential security flaw at least. We’d still recommend you enable Windows Defender and use one of the best anti-malware solutions.

Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.
Computing

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Computing

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?
Computing

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts.
Computing

Microsoft’s Windows 10 updates have been a disaster despite safeguards

After a string of Windows 10 update issues, including severe data loss for a number of users, Microsoft's Corporate Vice President of Windows, Michael Fortin, has spoken out about quality control surrounding Windows development at…
Computing

Email take-backsies! Gmail's unsend feature is one of its best

Everyone has sent a message they wish they could take back. How great would it be if you could undo that impulsive email? If you're a Gmail user, you can. Here's how to recall an email in Gmail.
Computing

These laptop makers produce the most reliable, quality hardware today

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.
Computing

Here's why 64-bit (not 32-bit) dominates modern computing

Today's computing world isn't the same as it once was. With 64-bit processors and operating systems replacing the older 32-bit designs, we look at what 32-bit vs. 64-bit really means for you.
Computing

No more wild goose chase: ‘Duck.com’ now leads to DuckDuckGo instead of Google

DuckDuckGo recently acquired a shorter domain name from fellow search engine competitor Google. As a result, longtime and new DuckDuckGo users can now access the privacy-focused search engine by going to duck.com.
Computing

Samsung Notebook 9 Pen is back with new design, internals and S Pen

Samsung's new Notebook 9 Pen looks to be an ideal Windows 2-in-1 for creators. New features include a modern design, an updated S Pen in the box, and the latest eighth-generation Intel Core i7 processor.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Computing

Costco members can cut up to $200 off MacBook and iMac price tags

Costco is discounting MacBook Air and MacBook Pro laptops by as much as $200 as part of a members-only sale. It also has deals on select MacBooks and iMacs, with optional Apple Care in most instances.