Linked by Thom Holwerda on Tue 15th Aug 2006 18:12 UTC
Features, Office OpenOffice.org has hit back at claims that the alternative office applications suite is riddled with security holes. Researchers at the French Ministry of Defense say that OpenOffice is subject to security weaknesses that make it at least as susceptible to computer viruses as the commercial, more widely used, Microsoft Office.
Thread beginning with comment 152714
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: friggin obvious
by unoengborg on Tue 15th Aug 2006 23:28 UTC in reply to "RE[2]: friggin obvious"
unoengborg
Member since:
2005-07-06

As for security flaws, MS Outlook is very secure, it is the users that insist on clicking "OK" to allow things to run that are the security problem, not the application.

I beg to differ.

Security in an application is not only about how hard it is to break the code. It is also about how the user interacts with the application, or rather is allowed to interact with it.

To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs.

If you can click OK to initate dangerous actions some users will do it, either because of lack of knowledge or because of convienience or lazyness in combination with "This will not happen to me" think.

Reply Parent Score: 2

RE[4]: friggin obvious
by DrillSgt on Tue 15th Aug 2006 23:38 in reply to "RE[3]: friggin obvious"
DrillSgt Member since:
2005-12-02

"To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs."

I agree, but then every email client does that these days. They ask the user what they want to do with the file. So by your definition then almost all email clients are insecure. The only ones I know of that do not are the ones that no longer have a place in the business world, such as Pine and the like. All collaborative ones, which as required by Business, such as Outlook, Evolution, Lotus Notes, etc allow this type of activity. User training is what will increase security, as trying to make idiot proof applications results in smarter idiots that figure out how to break it.

Reply Parent Score: 2

RE[5]: friggin obvious
by Ookaze on Thu 17th Aug 2006 12:22 in reply to "RE[4]: friggin obvious"
Ookaze Member since:
2005-11-14

"To be secure, an application not only need to have secure code, it need also be designed in a way that it doesnt encourage unsafe behavior among its usrs."

I agree, but then every email client does that these days

No, that's completely false.

They ask the user what they want to do with the file

That's just not true at all. I only need to take Evolution to see you're wrong. Get a clue !
Evolution never asks you what to do with a file, it has a default action when you click on it, and allows choice of actions through a drop menu box.

So by your definition then almost all email clients are insecure

No, that's just by your clueless opinion. Most email clients are not so insecure, but Windows is a pretty badly insecure OS, that allows scripts to execute.
Evolution never allowed any script to execute by default.
What you say is just ignorant FUD to try to put Outlook in a better light. Yes Outlook, not even Outlook Express.

The only ones I know of that do not are the ones that no longer have a place in the business world, such as Pine and the like. All collaborative ones, which as required by Business, such as Outlook, Evolution, Lotus Notes, etc allow this type of activity

No, you only know of Pine and Outlook, and extrapolated to say they all are the same.

User training is what will increase security, as trying to make idiot proof applications results in smarter idiots that figure out how to break it

Yes user training will increase security, but that's on the Windows platform you hear people say FOSS is too complicated because it requires some training.
So these people are happy to be ignorant, take it like a good thing, and all this comes from MS marketing making idiots believe Windows is easy.
I'm not saying people are idiots, that's actually Windows people (shills/zealots) that always use this term to describe Windows users, as soon as there is a problem in a MS application. They will never admit Windows or a Windows app is insecure or crap, no, that's always the user who is an idiot.
Sorry to tell you that on Linux, the very same user without training never catch any virus or script in his mail, using Evolution. And no, I never call Linux or FOSS users idiots.

Reply Parent Score: 1

RE[4]: friggin obvious
by MattK on Wed 16th Aug 2006 16:17 in reply to "RE[3]: friggin obvious"
MattK Member since:
2005-11-14

Also. Users will get used to clicking 'OK' for every document they open at work. Do you really think most users actually read those warning dialogs? I doubt it very much.

This is the same old MS way of increasing *percieved* security by making the user jump through more hoops. Trust me, those 'security' dialogs will be invisible to 99% of users in no time.

Reply Parent Score: 1