Linked by Thom Holwerda on Tue 15th Aug 2006 18:12 UTC
Features, Office OpenOffice.org has hit back at claims that the alternative office applications suite is riddled with security holes. Researchers at the French Ministry of Defense say that OpenOffice is subject to security weaknesses that make it at least as susceptible to computer viruses as the commercial, more widely used, Microsoft Office.
Thread beginning with comment 152686
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 21:19 UTC in reply to "RE: friggin obvious"
DrillSgt
Member since:
2005-12-02

"And if you're publishing Word documents no one should be reading what you've published either..."

Yep, that's right. You wouldn't want your customers to be able to communicate with you now, that might be good for business ;)

Yeah, I know..a little smart comment there, but unfortunately true. Most use MS Office since it is the accepted business standard, like it or not.

As for security flaws, MS Outlook is very secure, it is the users that insist on clicking "OK" to allow things to run that are the security problem, not the application. Outlook does not even allow attachments by default anymore without registry hacks, and it most certainly does not automatically run any scripts. Do not confuse Outlook and Outlook express...2 different products.

Reply Parent Score: 3

RE[3]: friggin obvious
by ma_d on Tue 15th Aug 2006 21:48 in reply to "RE[2]: friggin obvious"
ma_d Member since:
2005-06-29

It's an editing format, not a publishing format... It's just not made for publishing, it's far too feature rich.

Use it internally all you want, but you shouldn't expect people who don't trust you to open your .doc.

As of Office 12 Microsoft will be providing them a fully working export format: PDF. Before they could have used rich text, or html, or some other format (list postscript).

Reply Parent Score: 3

RE[4]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 22:00 in reply to "RE[3]: friggin obvious"
DrillSgt Member since:
2005-12-02

"It's an editing format, not a publishing format... It's just not made for publishing, it's far too feature rich.

Use it internally all you want, but you shouldn't expect people who don't trust you to open your .doc.

As of Office 12 Microsoft will be providing them a fully working export format: PDF. Before they could have used rich text, or html, or some other format (list postscript)."


In actuality I totally agree. The problem is users do not understand all this. Is the same reason HR Departments request resumes in "Microsoft DOC format". Send one in PDF or any other and the resume will get trashed and never read. Not as bad as it used to be, but it has hurt me in my job hunts before.

Reply Parent Score: 1

RE[4]: friggin obvious
by MattK on Wed 16th Aug 2006 16:13 in reply to "RE[3]: friggin obvious"
MattK Member since:
2005-11-14

I agree. When sending documents to clients, I always prefer to use PDF for several reasons:

1. Read-only format. Don't want clients changing terms of contract, invoice numbers etc.
2. Highly accessible. Works on virtually any system. Readers are free and highly pervasive.
3. Size. PDFs are generally smaller than .Doc
4. No virii worries!!

After all, PDF stands for Portable Document Format!

Reply Parent Score: 1

RE[3]: friggin obvious
by alisonken1 on Tue 15th Aug 2006 23:26 in reply to "RE[2]: friggin obvious"
alisonken1 Member since:
2006-03-20


Yep, that's right. You wouldn't want your customers to be able to communicate with you now, that might be good for business ;)


The only time a word processing document should be emailed is for collaboration. If you're sending something to a customer to just read, you should be sending in a final output format. That's why I prefer to send PDF's to my customers.

Not only that, but PDF is available for all platforms, not just MS platforms.

Reply Parent Score: 1

RE[4]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 23:33 in reply to "RE[3]: friggin obvious"
DrillSgt Member since:
2005-12-02

"The only time a word processing document should be emailed is for collaboration. If you're sending something to a customer to just read, you should be sending in a final output format. That's why I prefer to send PDF's to my customers."

I agree. My point is that management at most companies don't agree, and MS Word Documents ARE the final output format. If that was not the case there would not be big discussions on compatibility of file formats, and it would be a non-issue.

Reply Parent Score: 1

RE[3]: friggin obvious
by unoengborg on Tue 15th Aug 2006 23:28 in reply to "RE[2]: friggin obvious"
unoengborg Member since:
2005-07-06

As for security flaws, MS Outlook is very secure, it is the users that insist on clicking "OK" to allow things to run that are the security problem, not the application.

I beg to differ.

Security in an application is not only about how hard it is to break the code. It is also about how the user interacts with the application, or rather is allowed to interact with it.

To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs.

If you can click OK to initate dangerous actions some users will do it, either because of lack of knowledge or because of convienience or lazyness in combination with "This will not happen to me" think.

Reply Parent Score: 2

RE[4]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 23:38 in reply to "RE[3]: friggin obvious"
DrillSgt Member since:
2005-12-02

"To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs."

I agree, but then every email client does that these days. They ask the user what they want to do with the file. So by your definition then almost all email clients are insecure. The only ones I know of that do not are the ones that no longer have a place in the business world, such as Pine and the like. All collaborative ones, which as required by Business, such as Outlook, Evolution, Lotus Notes, etc allow this type of activity. User training is what will increase security, as trying to make idiot proof applications results in smarter idiots that figure out how to break it.

Reply Parent Score: 2

RE[4]: friggin obvious
by MattK on Wed 16th Aug 2006 16:17 in reply to "RE[3]: friggin obvious"
MattK Member since:
2005-11-14

Also. Users will get used to clicking 'OK' for every document they open at work. Do you really think most users actually read those warning dialogs? I doubt it very much.

This is the same old MS way of increasing *percieved* security by making the user jump through more hoops. Trust me, those 'security' dialogs will be invisible to 99% of users in no time.

Reply Parent Score: 1