Posted on 08/13/2006 10:01:47 PM PDT by zeugma
From the article:
"Whoever did the security for OpenOffice has totally ignored what Microsoft has gone through with the security of their own Office documents."
One would hope that the folks working OpenOffice would have preemptively closed some of the paths that have been previously exploited in Microsoft's office suite.
I've not used macros within OpenOffice, so I'm not sure of how they are executed. In a Linux environment you should be reasonably safe from any macros doing actual damage to your system, but I'm quite sure it could hose your local data and settings badly if it wanted to. One way around this would be to not have a directory defined for "trusted" scripts/macros. This is the default setting apparently. You have to define one yourself, so that should limit the effectiveness of malicious code.
These types of issues need to be watched, though much of what was discussed seemed to be largely theoretical.
ping
No billions to repair faulty software?
Considering the two products are really not objectively comparable, this article strikes me as being mostly disingenuous.
Probably not, though according to the article, the actual vulnerability found was fixed, so perhaps you don't need billions to repair faulty software.
Some companies spend billlions and develop nothing but.
Why do you not consider them to be 'objectively comparable'?
Interesting.
Thanks for posting this.
Response To The French Ministry of Defence Report Leak
2006-07-20
There has been comment in the media about a report on a French language website: "Le ministère de la Défense met OpenOffice à l'index"
The ZDNet article claims to describe the proceedings of a confidential meeting within the French public administration. It is not appropriate for the OpenOffice.org community to comment on a leak from a private meeting. However, one of the people mentioned in the article, Eric Filiol, has posted two replies to the online article clarifying the purpose of the research and correcting some of the incorrect conclusions in the original article.
The OpenOffice.org office suite is being widely adopted within the French public administration, and the OpenOffice.org community has been working closely with the departments involved. OpenOffice.org is pleased that its source code is being scrutinised by the most important and respected department of security in France.
If security vulnerabilities are suspected, there is a well defined procedure within the IT industry for reporting, analysing, and resolving any issues, which aims to minimise any public announcement (and the resulting creation of exploits) until fixes are available.
The OpenOffice.org community confirms it regards security as of the highest importance and will react immediately to any security issues reported by the French public adminstration or other competent bodies or individuals.
-The OpenOffice.org Team
Leave it to the French...
:)
Thanks for the update from the OO team.
Even though they basically do the same thing, the difference in their backgrounds, price and resources render them incomparable.
Last time I checked, Sun Microsystems was a multi-billion dollar corporation. They are the driving force behind OpenOffice.
Personally, I really like Abiword for open source word processing. I have OpenOffice and Microsoft Office on my work machines, but I use Abiword -- fast, small and simple.
Don't make files executable.
Not worth it and a dumb idea.
It's disappointing software on many levels, IMHO. Clunky and labored and inelegant. And now, insecure.
Unfortunately, open-source software often seems designed by committee.
So in the choice between OpenOffice and MS Office, it seems we're talking about which brand of Swiss cheese we want to buy.
It really depends on the individual project, just as in proprietary software.
Could be. Then again, it would probably be worth it to look at which one has demonstratable and exploited holes.
At the moment, it is possible that OO is of the Swiss variety. We know MS-Office is.
Feature-wise, they both do pretty much the same thing IMO, though I'm not one who uses one of those rather esoteric features of MS-Word that was bolted on because it was requested by exactly one customer.
Yes, they are the driving force, but not the developers. OpenOffice is an Open Source project.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.