Skip to main content

Windows improves handwriting-recognition skills at the peril of users’ security

Microsoft Surface Pro and Surface Pen 2017
Kyle Wiggers/Digital Trends

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Some are concerned, however, that the way it stores that information could prove to be a security risk, as researchers have discovered everything from the content of emails to passwords stored in a single file.

Handwriting recognition was introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. To help improve its accuracy, it looks at commonly used words in other documents, storing such information in a file called WaitList.dat. But digital forensics expert Barnaby Skeggs has highlighted that it stores just about any text on your system — not just handwritten content.

Recommended Videos

“Once [handwriting recognition] is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs told ZDnet.

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

PowerShell command:

Stop-Process -name "SearchIndexer" -force;Start-Sleep -m 500;Select-String -Path $env:USERPROFILEAppDataLocalMicrosoftInputPersonalizationTextHarvesterWaitList.dat -Encoding unicode -Pattern "password"

— Barnaby Skeggs (@barnabyskeggs) August 26, 2018

This is something that has purportedly been known about in the forensics space for some time and has provided researchers with a useful way to prove the prior existence of a file and in some cases its contents, even if the original had been scrubbed from existence.

Although typically such a potential security hole would warrant contacting Microsoft about the issue before making the public aware of it, Skeggs has reportedly not done so, since the handwriting recognition feature is working as intended. This isn’t a bug, even if it’s potentially exploitable.

If you want to close up that potential security hole on your system, you can delete WaitList.dat manually by going to C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester. If you don’t find that folder, you don’t have handwriting recognition enabled, so you should be secure.

Well, you should be secure against this potential security flaw at least. We’d still recommend you enable Windows Defender and use one of the best anti-malware solutions.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Windows 10 KB5051974 update adds a new app without asking
A Dell laptop with Windows 10 sitting on a desk.

Microsoft has released the KB5051974 cumulative update for versions 22H2 and 21H2, adding security fixes and patching a memory leak. However, as Bleeping Computer reports, the update also includes a surprise: the new Outlook for Windows app.

The update is mandatory because it includes the January 2025 Patch Tuesday security updates. Once you install it, you will notice the new app icon near the classic one in the Start Menu's apps section. Since the new app can operate concurrently, you don't have to worry about interfering with the old one.

Read more
Microsoft is cracking down on unsupported Windows 11 installs
A Dell laptop with Windows 10 sitting on a desk.

A support document showing users how to install Windows 11 on unsupported PCs was deleted sometime in the past two months. Its disappearance, noticed by Neowin, echoes Microsoft's recent "year of the Windows 11 PC refresh" rhetoric, encouraging (or forcing) users to buy new PCs that meet Windows 11 hardware requirements.

When Windows 11 launched in 2021, Microsoft announced that it was adding TPM 2.0 as a hardware requirement -- a move that was met with plenty of resistance. To soften the blow, Microsoft also published a support document detailing how users could edit their registry key values to bypass the TPM 2.0 check.

Read more
Microsoft is axing support for its own apps on Windows 10
The Surface Laptop 7 on a table in front of a window.

Microsoft has announced that support for Microsoft 365 apps on Windows 10 will end this year on October 14, as reported by The Verge. This is also the end-of-support date for Windows 10 as a whole, but the move is still a little surprising considering that Microsoft is now offering the Windows 10 Extended Security Updates (ESU) Program.

Anyone who joins this program for $30 can continue to safely use Windows 10 for a whole extra year -- so you might think that Microsoft would let them continue to use the Office apps too. That said, it's not like the apps will disappear, they just won't receive any more updates. According to Microsoft, this could cause "performance and reliability issues over time" but whether these issues will pop up within the ESU program's duration or not is anyone's guess.

Read more