Linked by Thom Holwerda on Tue 15th Aug 2006 18:12 UTC
Features, Office OpenOffice.org has hit back at claims that the alternative office applications suite is riddled with security holes. Researchers at the French Ministry of Defense say that OpenOffice is subject to security weaknesses that make it at least as susceptible to computer viruses as the commercial, more widely used, Microsoft Office.
Thread beginning with comment 152647
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: friggin obvious
by ma_d on Tue 15th Aug 2006 19:10 UTC in reply to "friggin obvious"
ma_d
Member since:
2005-06-29

Woh now, slow down there. Most of the worst security flaws haven't been design errors but implementation errors, and that's why they can be fixed without major disruption, usually. However, there may be design errors making it more difficult to keep things secure.

Also, .doc has historically been a binary format because it's quick and easy to save and restore data this way: Meaning there's not a lot of checking going on. OOo is written to work on multiple platforms and it's in a different language: That means they're processing those binary formats which means they should be validating them (not that Microsoft isn't validating them these days).

But I still hold to the opinion that there's only one application on MS Office where security is a prime concern: Outlook. If you're opening Word documents from completely untrusted sources then you deserve a virus ;) .

And if you're publishing Word documents no one should be reading what you've published either...

Reply Parent Score: 2

RE[2]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 21:19 in reply to "RE: friggin obvious"
DrillSgt Member since:
2005-12-02

"And if you're publishing Word documents no one should be reading what you've published either..."

Yep, that's right. You wouldn't want your customers to be able to communicate with you now, that might be good for business ;)

Yeah, I know..a little smart comment there, but unfortunately true. Most use MS Office since it is the accepted business standard, like it or not.

As for security flaws, MS Outlook is very secure, it is the users that insist on clicking "OK" to allow things to run that are the security problem, not the application. Outlook does not even allow attachments by default anymore without registry hacks, and it most certainly does not automatically run any scripts. Do not confuse Outlook and Outlook express...2 different products.

Reply Parent Score: 3

RE[3]: friggin obvious
by ma_d on Tue 15th Aug 2006 21:48 in reply to "RE[2]: friggin obvious"
ma_d Member since:
2005-06-29

It's an editing format, not a publishing format... It's just not made for publishing, it's far too feature rich.

Use it internally all you want, but you shouldn't expect people who don't trust you to open your .doc.

As of Office 12 Microsoft will be providing them a fully working export format: PDF. Before they could have used rich text, or html, or some other format (list postscript).

Reply Parent Score: 3

RE[3]: friggin obvious
by alisonken1 on Tue 15th Aug 2006 23:26 in reply to "RE[2]: friggin obvious"
alisonken1 Member since:
2006-03-20


Yep, that's right. You wouldn't want your customers to be able to communicate with you now, that might be good for business ;)


The only time a word processing document should be emailed is for collaboration. If you're sending something to a customer to just read, you should be sending in a final output format. That's why I prefer to send PDF's to my customers.

Not only that, but PDF is available for all platforms, not just MS platforms.

Reply Parent Score: 1

RE[3]: friggin obvious
by unoengborg on Tue 15th Aug 2006 23:28 in reply to "RE[2]: friggin obvious"
unoengborg Member since:
2005-07-06

As for security flaws, MS Outlook is very secure, it is the users that insist on clicking "OK" to allow things to run that are the security problem, not the application.

I beg to differ.

Security in an application is not only about how hard it is to break the code. It is also about how the user interacts with the application, or rather is allowed to interact with it.

To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs.

If you can click OK to initate dangerous actions some users will do it, either because of lack of knowledge or because of convienience or lazyness in combination with "This will not happen to me" think.

Reply Parent Score: 2