Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Holes in PowerPoint and Excel

CmdrTaco posted more than 12 years ago | from the everybody-point-and-laugh dept.

Microsoft 277

jeffy124 writes: "Looks like it's time for IIS and Outlook to make room on the pedestal of security holes. Just about every recent version of PowerPoint and Excel are vulnerable to being taken over to control the system remotely. The hole is a macro-related, as it's possible to bypass asking the user if they'd like a macro to run. Microsoft's advisory can be found here." Funny. I always thought that PowerPoint was already at least as destructive as macro viruses to corporate productivity. You ever watch a suit fiddle with his presentation?

cancel ×

277 comments

Sorry! There are no comments related to the filter you selected.

fp monster (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2398901)

I'm the king of FP!

fnp! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2398992)

(= first nazi post!)

Horst Vessel Lied

1. Die Fahne hoch
Die Reihen fest geschlossen
S.A. marschiert
Mit ruhig festem Schritt
|: Kam'raden die Rotfront
Und Reaktion erschossen
Marschier'n im Geist
In unsern Reihen mit :|

2. Die Straße frei
Den braunen Batallionen
Die Straße frei
Dem Sturmabteilungsmann
|: Es schau'n auf's Hakenkreutz
Voll Hoffnung schon Millionen
Der Tag für Freiheit
Und für Brot bricht an :|

3. Zum letzten Mal
Wird nun Appell geblasen
Zum Kampfe steh'n
Wir alle schon bereit
|: Bald flattern Hitler-fahnen
Über allen Straßen
Die Knechtschaft dauert
Nur mehr kurze Zeit :|

essen meine Scheie!! (-1)

Sexual Asspussy (453406) | more than 12 years ago | (#2399178)

(okie-doke)

Macs too (2, Informative)

liquide (96613) | more than 12 years ago | (#2398919)

This vuln. works on Mac Office 2001 (and 98) too.

Re:Macs too (1)

liquide (96613) | more than 12 years ago | (#2398939)

arr, stupid html checker, this message is plain old text!!! subverted link: http://www.microsoft.com/mac/download/office2001/p ptxlmacro.asp

OpenOffice.org (2, Interesting)

Troed (102527) | more than 12 years ago | (#2398923)

This does fit in very nicely with stable betas of OpenOffice.org [openoffice.org] and of course Sun's version StarOffice. Talk to your manager, show them that you can do everything you need to do at work with free software, that as a side-benefit don't allow people to take over your computers.


It does work.

Re:OpenOffice.org (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2399104)

Help protect US industry from terrorist
threats. Stop using MS software, its like
painting a big target on your companies
vital and proprietary data.

I'm not trying to be sensationalistic, but
alot of the computer security events of the
last couple months are purely illustrating
problems and not truly wreaking the havoc
they could. Its time to batton down the
hatches and if some software needs to be
left out, then leave it out.

Re:OpenOffice.org (3, Insightful)

Tom7 (102298) | more than 12 years ago | (#2399138)


What makes us think that Open Office and Star Office are immune from similar attacks, or things like buffer overflows?

I like free software, but I think it's just urban legend that software not written by microsoft is somehow magically secure. (Witness: BIND, wu_ftpd, sendmail, rpc.*, etc...)

Re:OpenOffice.org (2, Insightful)

Troed (102527) | more than 12 years ago | (#2399173)

Microsoft sat on this fix for two months - does the opensource community do the same?


I haven't evaluated scripting in OpenOffice though, can someone comment on the possibility for malicious code being run there at all?

Re:OpenOffice.org (2, Insightful)

Tom7 (102298) | more than 12 years ago | (#2399220)


OK, that's fair -- I suppose the corporate machine is typically slower at responding to a bug than the free software community. (Though, if you read bugtraq, you'll know that there have frequently been cases of much longer delays in commercial and free software alike!)

However, I think a better metric than how quickly things are patched is the number of holes in the default install. Most users don't install patches, anyway, so this is what really matters for them.

Re:OpenOffice.org (1)

yota (165006) | more than 12 years ago | (#2399249)

> I like free software, but I think it's just urban legend that software not written by microsoft is somehow magically secure. (Witness: BIND, wu_ftpd, sendmail, rpc.*, etc...)

Nobody ever said that Free is magically secure, only that is easier to fix the holes since everybody can modify the source

Re:OpenOffice.org (0)

Jebus_the_spork (449174) | more than 12 years ago | (#2399328)

i bet it is magically secure because nobody uses it! far more people use microsoft office products than star office, or similar suites. If nobody uses it, the security is not tested nearly as much.

it was inevitable (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2398926)

I would expect nothing less from Microsoft. A secure program never gets released because you might never need to upgrade, and you won't need patches. In fact, I wonder if they maybe don't actually make sure that stuff isn't totally secure and bug free.

Windows and Macintosh (5, Funny)

dafoomie (521507) | more than 12 years ago | (#2398927)

Customers using Microsoft® Excel or PowerPoint for Windows® or Macintosh® I guess Mac uses can stop complaining that they don't get all the features of the Windows version.

Re:Windows and Macintosh (1)

Microsift (223381) | more than 12 years ago | (#2399031)

Actually, I prefer the Mac version (I run 2000 on my PC at work and 98 on my Mac at Home) Since the development cycle for both products is not synched, Mac Users get some features before Windows users and vice versa. (Unfortunately, we both got this "feature" at the same time)

First Dildo Post!!! (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2398932)

:o)

Mad propz to all penis birdz.

One more hole (4, Insightful)

entrox (266621) | more than 12 years ago | (#2398935)

Is this really a surprise? I was under the impression, that all macro-enabled applications under windows (office suite) shared such vulnerabilities, because they most probably use the same scripting engine.

One exploit serves all ;)

Re:One more hole (0)

dougmc (70836) | more than 12 years ago | (#2399373)

Actually, any macro-enabled application written by anybody could have these sorts of vulnerabilities, depending on how powerful the macro language is.

If you run untrusted code, then you get what you deserve. It does *ask* for permission to run the macro, right?

Opening Microsoft File Formats (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2398942)

How can the free software community ask Microsoft to open up their file formats, when they don't even know them well enough themselves to properly scan for macros?

What are you amazed of? It's just the tradition... (1)

alcachofo (410947) | more than 12 years ago | (#2398944)

Well, I hope that with this problem more guys think about switching to KOffice or StarOffice ;)

Renegades for ever and the funk never dies...

damn microsoft (0)

Anonymous Coward | more than 12 years ago | (#2398945)

well it looks like yet another round of updates and constant examination of network logs where i work at RIT

Star Office + linux (1, Interesting)

linux_warp (187395) | more than 12 years ago | (#2398947)

Now I can try to finally convince people that, although it may not be quite as userfriendly or have as good of features, star office in most cases wont compromise their systems.

Mindwarp

Re:Star Office + linux (3)

Tom7 (102298) | more than 12 years ago | (#2399157)


Not to burst your bubble, but don't forget that Redhat (and many other linux distributions) install with numerous remote root holes. The solution problem is not germane to Microsoft. (You might successfully argue it is a result of poor administration, though.)

Re:Star Office + linux (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2399363)

I'll have to burst your bubble..

This was true like over a year ago. Now Redhat installs with a firewall (denying all incomming connections by default), and many of the servers that are installed need to be activated manually. The result is that redhat is now has one of the most secure default installs of Linux out there.

Re:Star Office + linux (0)

Anonymous Coward | more than 12 years ago | (#2399188)

'may not', '(doesn't) have good as features',
'most cases won't'.

I AM SOLD!

Suits? No. Teachers? Yes. (1)

keesh (202812) | more than 12 years ago | (#2398948)

I've not seen a suit fiddle with a presentation. I have, however, seen five hours (yes, 5) wasted by several teachers at my school in putting together a few crappy slides for an assembly. They could have made a better job of them by hand in a tenth of the time.

But now... I could, erm, improve the content. Say, replace the word 'Ethos' with something less buzzwords, and add a few more interesting graphics...

*must*... resist... urge... to put in goatse comment...

Re:Suits? No. Teachers? Yes. (3, Insightful)

luckykaa (134517) | more than 12 years ago | (#2399121)

I did a presentation skills course. One of the
rules was not to use slides at all
unless you really need them.
You simply don't need a slide that says we sold
100 000 units if you can just tell them.

Powerpoint - like a lot of modern software -
reverses this rule by making th euser subordinate to
the software.

Macros and scripting (3, Interesting)

Alsee (515537) | more than 12 years ago | (#2398964)

Hasn't anyone at Microsoft noticed yet that macros and scripting are a very dangerous features? They are executable code! They should be avoided if possible. When implemented they should have restricted functionality (why the hell does a macro need to be able to delete files?!?), and they need to be scrutinized for bugs and holes more closely than almost any other piece of code.

Re:Macros and scripting (2, Insightful)

entrox (266621) | more than 12 years ago | (#2399022)

Macros and scripting are a very useful thing. I wouldn't want to miss them. The only thing, which Microsoft should avoid is letting simple documents contain (pot. dangerous) macros. They should be cleanly separated. This would eliminate most of the recent macro attacks.

Re:Macros and scripting (4, Insightful)

reynaert (264437) | more than 12 years ago | (#2399069)

It isn't the scripting per se. It's the fact that the scripts are actually stored in the document files. In other words, they mix data and code.

On Unix, lots of applications have extremely powerfull scripting languages. Just think about the stuff you can do with Emacs (elisp) and the Gimp (which uses guile, a full Scheme interpreter). But the user has to explicitly install them. They aren't hidden away in some document.

Re:Macros and scripting (2)

Ian Bicking (980) | more than 12 years ago | (#2399165)

Emacs does include some features that are equivalent to these sort of macros. They are disabled by default, but I don't believe there is any other security -- i.e., you can't turn them on and have them run in a sandbox or anything.

I can't remember the exact syntax, but you can put elisp statements in a comment section of the file and have Emacs execute them when opening the document. Since it's not that easy to turn the feature on (I can't remember how), it's unlikely to ever be used widely enough to become a vector. For Emacs' problem space, there are a number of non-scripting solutions that mostly fill the need.

Re:Macros and scripting (5, Insightful)

cybaea (79975) | more than 12 years ago | (#2399174)

It isn't the scripting per se. It's the fact that the scripts are actually stored in the document files. In other words, they mix data and code.

On Unix, lots of applications have extremely powerfull scripting languages. Just think about the stuff you can do with Emacs (elisp)...

Actually, Emacs mixes data and code in the same way. Check the File Variables section in the info system, and in particular the enable-local-eval variable. Basically, you can set buffer local variables by embedding the commands for this at the end of the file. One of these variables is 'eval' :-). Thus spake RMS:

The `eval' "variable," and certain actual variables, create a special risk; when you visit someone else's file, local variable specifications for these could affect your Emacs in arbitrary ways. Therefore, the option `enable-local-eval' controls whether Emacs processes `eval' variables, as well variables with names that end in `-hook', `-hooks', `-function' or `-functions', and certain other variables. The three possibilities for the option's value are `t', `nil', and anything else, just as for `enable-local-variables'. The default is `maybe', which is neither `t' nor `nil', so normally Emacs does ask for confirmation about file settings for these variables.

In this sense Emacs is just as guilty as Microsoft Office. Just because it's Free doesn't mean it is without security free. (But the fact that the average person using Emacs is more clued in than you Power Point suit, does help...)

Re:Macros and scripting (2)

dvdeug (5033) | more than 12 years ago | (#2399422)

Emacs also has the advantage that you can scroll down to the bottom of the page and see the virus in plain text. Even the most computer ignorant people will know something's wrong when the bottom of the document is filled with computer code.

Educate the users (3, Interesting)

Red Aardvark House (523181) | more than 12 years ago | (#2398972)

At my job, the IT tech gave instructions to all users to disable macros on all incoming attachments in Excel and Word, or not to even open them at all if they're not sure.

It's not foolproof but it does make the people at my job aware of one of the many ways that viruses are spread.

MS Choice, No Accident By Corporate IT (0, Flamebait)

joel_archer (124897) | more than 12 years ago | (#2398975)

I wonder how many Corportate IT Dept's have deployed Microsoft products precisely BECAUSE they are so full of vulnerabilities. It offers ongoing access to CEO, CFO, and BOD computers! Hard to keep a secret about future corporate plans. In addition, its a way of doing constant ongoing survielance of employees.

BOD? (1)

jeffy124 (453342) | more than 12 years ago | (#2399014)

Care to explain?

Re:BOD? (1)

caseydk (203763) | more than 12 years ago | (#2399095)

Board of Directors.

Re:BOD? (1)

trentfoley (226635) | more than 12 years ago | (#2399136)

That would either be: Black Orifice of Death, or perhaps, Board of Directors.

Should I mod this funny or troll (0)

Anonymous Coward | more than 12 years ago | (#2399284)

enough said.

This hole could be in more versions that listed! (4, Interesting)

Troed (102527) | more than 12 years ago | (#2398993)

Taken from Microsofts website:


Tested Versions:
Microsoft tested the following products to assess whether they are affected by these vulnerabilities. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities.


Office 98 for Macintosh

Office 2001 for Macintosh

Office 2000 for Windows

Office 2002 for Windows


Do note - just because older versions aren't supported Microsoft won't check if the whole is there!

Re:This hole could be in more versions that listed (2)

Chanc_Gorkon (94133) | more than 12 years ago | (#2399075)

If you have Office 97 or 95, their should be no Powerpoint hole because powerpoint does not have macros until Office 2000 and then Office XP. Just checked the help file cuz I happen to have Office 95 (it does what I want and is not as bloated as the new stuff....it's still bloated, just not as bloated as the latest stuff....).

Gork

Re:This hole could be in more versions that listed (1)

rde (17364) | more than 12 years ago | (#2399107)

powerpoint does not have macros until Office 2000 and then Office XP
I was writing powerpoint macros in Office 97 (possibly 95; not sure about that one).

Re:This hole could be in more versions that listed (3, Informative)

Chanc_Gorkon (94133) | more than 12 years ago | (#2399221)

Maybe something like recording keystrokes, but I was pretty sure there was no VBA in PowerPoint 95 and 97. The macro languages in Word and Excel were also incompatabile because of minor differences in each. At least for the 95 version. In the 95 version, there was WordBasic for Word (subset of VB) and VBA in Excel (Visual Basic for Applications...another subset of VB). In Office 2000 (it could be 97, but I thought it was 2000) everything got a compatible macro language. Thus the recent blossoming of macro virii. Personally, I have PowerPoint installed, but don't use it much. Only people I have ever seen use this are suits and sales monkey's.

Re:This hole could be in more versions that listed (2)

grammar nazi (197303) | more than 12 years ago | (#2399383)

Only people I have ever seen use this are suits and sales monkey's.

...and students, engineers, IT management, teachers, , researchers, training staff, etc.

Just because you haven't seen people use PowerPoint doesn't mean that it doesn't get used. I can't help that your job/experiences don't include presenting/being presented information to/from others.

Good presentation software is invaluable to business and education. Just because some people waste hours with screen swipes, cheesy clip-art, and other useless crap doesn't mean that it's not useful. Once I have my content finalized, I can whip up a decent looking presentation in PowerPoint in about 1/2 hour... faster than I could ever do it by hand.

Obviously... (5, Insightful)

Balinares (316703) | more than 12 years ago | (#2399200)

You know, I think that if the former versions aren't vulnerable, they're not gonna tell you. They just can't take the risk to have people want to revert to older versions on the basis that they "work better", not when their business relies so much on people upgrading over and over...

next worm (2, Interesting)

Harbinjer (260165) | more than 12 years ago | (#2398995)

anyone wanna wager how long it will take for some worm to exploit this? I know it can' t spread as easily as an outlook worm, because excel doen't do communication like outlook, but still, this could be nasty. If paired with the next outlook/IIS security hole, if could be just as bad.

Is the hole exploitable in Mac OS X? Does the unix architecture and security prevent this from being a problem?

Excel worm seems unlikely (2)

Adam Jenkins (121697) | more than 12 years ago | (#2399058)

I don't understand how if as you say, Excel can't do communication like Outlook, that it can be so nasty? There have been viruses with payloads around forever.. Word macro viruses for what, about 6 years?


Outlook/IIS have many holes; it is very rare that someone has bothered to write a worm that uses them. I personally won't be holding my breath for these exploits to be used in one. You aren't a reporter or AV person are you? :)


That Microsoft advisory states that Macintosh versions are affected, yes. I doubt the OS matters much with viruses that rely on a macro language within an application rather than using the OS itself or its services to propagate.

Re:next worm (1)

TheMidget (512188) | more than 12 years ago | (#2399099)

anyone wanna wager how long it will take for some worm to exploit this?

How about Sunday October 14th, 16h27 GMT? In a way, it would be kinda counterpart for Nimda, if you see what I mean...

Must be a slow news day... (3, Offtopic)

Microsift (223381) | more than 12 years ago | (#2399008)

If a story about a vulnerability in Microsoft created software is considered news.:)

Re:Must be a slow news day... (0)

Anonymous Coward | more than 12 years ago | (#2399027)

Yep ... slow news day. Nothing going on. Bored ...

So what? (5, Insightful)

reynaert (264437) | more than 12 years ago | (#2399011)

These things first appeared in 1996 or so. Word.Concept or what was it called. Microsoft responded by disabling the AutoLoad macro (or whatever it's called). Now somebody found a new way to make Excel/etc. execute stuff when loading a file. Big deal.

I wonder why virus writes bother at all. They can just put a button labeled "Click here" on the page, and 95% of the lusers will click it. The only defense against that is just disabling all macro support. And everybody knows that isn't going to happen.

Fixes on Office Update (0)

Anonymous Coward | more than 12 years ago | (#2399017)

http://office.microsoft.com/ProductUpdates/ [microsoft.com]

.EXE Patches are also available. They can be distributed to client machines using sign-on scripts and some custom coding. They're not nearly as automated as I'd like, but they're getting better.

proof? (0)

kwallace01 (513969) | more than 12 years ago | (#2399023)

I didn't see any proof of concept. Can anyone point me in the right direction?

Really? (2)

Zero__Kelvin (151819) | more than 12 years ago | (#2399035)


" Funny. I always thought that PowerPoint was already at least as destructive as macro viruses to corporate productivity. You ever watch a suit fiddle with his presentation?"

Funny ... I always thought it was the 'Ones.' I have always found that 'suits' have less difficulty managing streams with an inordinate number of 'Zeroes' in them. Too many ones and it gives the poster of this article a marked advantage in his/her efforts to over-generalize.

Scripting and office suites (2, Interesting)

gimmie_prozac (525455) | more than 12 years ago | (#2399039)

The article does not address this question, so I'll ask it here.

This does not seem to be a problem unique to Miscrosoft Office. Wouldn't this type of security hole be possible in any office suite with scripting/macro capabilities? Do KOffice or StarOffice not support macros (I've never used them, so I don't know)?

Kudos to MSFT for making a patch immediately available, but I must say that MSFT's constantly having to play catch-up with secuirty holes does not make me real confident in .NET's data safeguard capabilities.

Re:Scripting and office suites (2)

jeffy124 (453342) | more than 12 years ago | (#2399096)

i dont know about K or Star Office, I've never used them either.

My guess (just a guess, dont flame if I'm wrong) is they do use macros, but those macros dont have the same priviliges as MS's macros do. For example, does a macro really need complete access to the filesystem of the machine? That's one of the things a macro virus exploiting this hole can do and start deleting files.

I think KOffice's and SO's developers learned from MS and would decide to not allow such possibilities.

Re:Scripting and office suites (2)

tshak (173364) | more than 12 years ago | (#2399262)

Actually, .NET has a better chance of being secure for two reasons:

1) Microsoft has said (real developers not marketing drones) that security was a huge focus of .NET.

2) .NET is a brand new platform that is built from the ground-up. Running a .NET EXE is not like running a VB or C++/MFC EXE. It stands on it's own, and is closer to a Java-like model when it comes to application execution (ala "Sandbox Security", etc.).

Now, this doesn't mean that it's "airtight", but I believe that it will prove to be more resiliant from a security standpoint.

Re:Scripting and office suites (1)

innocent_white_lamb (151825) | more than 12 years ago | (#2399409)

Kudos to MSFT for making a patch immediately available, ----> "immediate" being two months after the problem was first discovered and reported, according to the article. That's two months where everyone EXCEPT the "good guys" (that's you and me, bub) knew about this hole.

I don't know about you, but that doesn't give me a warm fuzzy feeling.

I've Watched a Suit Fiddle With... (-1)

tealover (187148) | more than 12 years ago | (#2399045)

her pussy. i banged one on her desk one day after work. and she was married to the COO.

How ya doing, Tara?

:)

Now *that's* a security "hole"... (0)

Anonymous Coward | more than 12 years ago | (#2399079)

couldn't resist ;)

People abused by powerpoint (2, Interesting)

victim (30647) | more than 12 years ago | (#2399049)

I was attending a presentation by some state officials last week. The presenter's Powerpoint presentation was set to autoadvance every 30 seconds or so and apparently they couldn't make it stop, so she had an assistant sit at the computer and backup the slide everytime it jumped ahead prematurely.

So who else has watched someone by victimized by powerpoint? Add your anectdote as a reply.

So, what do you use for presentations? (0)

Anonymous Coward | more than 12 years ago | (#2399089)

cat? less? banner?

Come on, Powerpoint is the de facto standard.. Don't expect millions of business users to jump through hoops just because 'M$ sux0rs'

Re:So, what do you use for presentations? (5, Insightful)

sjames (1099) | more than 12 years ago | (#2399230)

Come on, Powerpoint is the de facto standard.. Don't expect millions of business users to jump through hoops just because 'M$ sux0rs'

Unfortunatly, you ahave a point. Apparently, the billions of dollars wasted on cleanup after the MS exploit of the day haven't convinced enough people.

Perhaps macro viruses need to touch on corperate hotbutton issues in order for the suits to start thinking.

Perhaps the sexual harassment virus. You get it and it starts sending sexually harrasing email to your coworkers. If done well, the courts could be tied up for decades.

The IP virus, looks for documents containing trade secrets, and quietly posts them to random usenet groups.

Porn virus: Quietly downloads porn into your browser cache. Bonus points if the porn is illegal where you live.

Carnivore virus. Sends suspicious emails to the targets of FBI investigations.

Rootkit virus: Deploys a rootkit from your machine against a bank or government website. Instant felony.

Please note! I don't condone any of these, I just recognise that so far the holes in MS products have been used primarily for childish pranks rather than for real damage.

The least MS could do is at least TRY to limit the damage by putting macros in some sort of sandbox.

Re:People abused by powerpoint (0)

Anonymous Coward | more than 12 years ago | (#2399145)

no, but we might expect people using powerpoint to at least know how to use it. it's not microsoft's fault the dumbass didn't know how to use the program. linux dick up your ass again?

Re:People abused by powerpoint (0)

Anonymous Coward | more than 12 years ago | (#2399208)

Maybee the person just had no idea how to use powerpoint.... that is more common and likely then someone hacking the thing....

Re:People abused by powerpoint (1)

thrig (36791) | more than 12 years ago | (#2399298)

Sure, PowerPoint 98 (that's the Mac OS version) defaults to printing everything in "Black and White" until you find the stupid default hidden under the PowerPoint menu in the print dialog box. Don't know how many times an irate user has wandered in trying to get their color document to print color to the color printer. And due to the damnable binary preferences file format, you have to muck with the GUI on each client to fix the stupid default.

Besides that, for fun, generate a .ppt on version X of powerpoint, then take it over to version Y, and see how different the "WYSIWYG" document looks between the two. We get a lot of similar printing/display problems in our heterogeneous environment.

powerpoint (2, Insightful)

LazyDawg (519783) | more than 12 years ago | (#2399064)

Powerpoint is about the only part of Microsoft Office worth keeping around. It used to be a mac app made by a third party, and for making up posters on Windows with a shoestring budget, you can't top it.

More than Word or Excel, Powerpoint is the killer app for office. Once Linux makes up something as tidy, fast and easy to use, corporate acceptance will go through the roof, just BECAUSE suits like to spend time playing with their slides.

Gerenal security bug rant (3, Insightful)

mgkimsal2 (200677) | more than 12 years ago | (#2399086)

Others have said it in the past, and I'm starting to believe it more myself. I really think that many at large companies use default installs of Office as job security. No one can blame them entirely if there's a problem - after all, the IT guys themselves didn't write the viruses. Failing to keep up with patches released months earlier can be cause for problems, but if a virus just came out recently, or there's just no patch for it, then "It's not my fault!" is a very valid point.

The 'job security' aspect comes in because *someone* has to go around and patch every machine. *Someone* has to go round and install/test new virus software. I think it's past being 'common knowledge' that *by default* most MS products install themselves pretty insecurely. So someone has to learn about how to lock down those products - then actually do it. It's job security, choosing products which you KNOW will require you to always be updating them.

Yeah, I'm a bit overly cynical about this. I've met some people who really just think this is how computers are supposed to be - you're always playing 'catch up' to virus writers. The concept of prevention to them is installing the latest 'Norton' utility. Proactively analyzing the systems they have for potential vulnerabilities (turn off scripting on machines that don't need it, etc) just doesn't occur to them.

I'll be the first to admit that StarOffice/OpenOffice have not been up to snuff in the past, and even the current versions may not be up to snuff for everyone, but they're getting better. SO6 and the next OO may in fact be solid enough to let *many* in an organization use those as their primary or only Office applications, and let the few people that need the MS-specific features keep using MS Office. Yes, there'd be some relearning costs - figure that gets covered by the savings in upgrade licensing for those people.

Re:Gerenal security bug rant (1)

reynaert (264437) | more than 12 years ago | (#2399166)

The sad thing is the majority of the people (especially the people in charge) don't really know anything about computers. They think it's normal computers crash once in a while. They think it's normal script kiddies, err, hackers can bring down their networks. For them Microsoft eq good and everything else is inferior. After all, we all use Windows, don't we?

Re:Gerenal security bug rant (2)

mgkimsal2 (200677) | more than 12 years ago | (#2399177)

Well, actually I do, but I don't use it exclusively. There are things better done in Windows than Linux, and vice versa - at least when you have a budget to work within. :)

Time to use the wizard (1)

Bender Unit 22 (216955) | more than 12 years ago | (#2399100)

Time to use the "bad news" powerpoint presentations wizard. heh :-)

StarOffice NOW. (2)

NetJunkie (56134) | more than 12 years ago | (#2399131)

Sun needs to get StarOffice 6.0 out the door NOW. Do it while Microsoft keeps getting bad press. I'm a Network Admin at a company with 200 employees and the guys before me never kept licensing info. So, I'm doing a license audit right now. We're either going to be buying a lot of Microsoft Office licenses, or looking for an alternative. I sure wouldn't mind bringing up StarOffice, if a real usable and supported version was out there.

With the recent change in MS licensing policy NOW is the time for Sun to act and get their product in the door..

Re:StarOffice NOW. (2, Insightful)

snoozerdss (303165) | more than 12 years ago | (#2399146)

I'd much rather have Sun wait untill StarOffice is a finished product rather then releasing it now while it is unfinished just to grab some M$ Office users.

Re:StarOffice NOW. (2)

motherhead (344331) | more than 12 years ago | (#2399189)

if this keeps up staroffice is going to start selling for $600... but the good news is the upgrade will be only half that... put a little sticker on the side saying, "no talking paperclips/ no hidden remote access booby traps"... isn't it amazing how much people pay for shelfware with huge honking vulnerablities built right in? how much has office made from people that never even bothered to install Access...

Re:StarOffice NOW. (1)

nusuth (520833) | more than 12 years ago | (#2399225)

"Do it while Microsoft keeps getting bad press." Don't worry microsoft has been getting bad press for years and probably will for the forseeable future.

shocked! (0)

Anonymous Coward | more than 12 years ago | (#2399141)

I am SHOCKED! SHOCKED I tell you! Microsoft products have holes? How can this be, when Microsoft has always only hired the most intelligent programmers, and the most talented engineers!?!? Clearly someone has made a mistake somewhere here, and it is clearly not Microsoft, as they are the most innovative (ie: best) corporation to ever exist. This slashdot place should be ashamed of itself for propogating these lies and mistruths clearly funded by the likes of Sun and IBM, those terrosist corporations.

OFFTOPIC but important (-1, Offtopic)

LS (57954) | more than 12 years ago | (#2399168)


VA Linux uses subliminal pornography in it's advertisement here on Slashdot. It's a known fact that sex sells. In graphic design, curviness is used to allude to the female body. In the following ad from VA Linux, the two mouses are layed out to look like a woman's ass lifted in the air, with the right cheek sticking out further than the left. Squint your eyes a bit and look again. It's there:

The ass-cheek mouses [slashdot.org]

Re:OFFTOPIC but important (0)

Anonymous Coward | more than 12 years ago | (#2399231)

mouses?

Re:OFFTOPIC but important (0)

Anonymous Coward | more than 12 years ago | (#2399252)

You have been looking at too much porn if you see a woman's butt in those two mice! How do you know it wasn't a man's butt?

geez!

Re:OFFTOPIC but important (1)

tijnbraun (226978) | more than 12 years ago | (#2399276)

Eduard III: "Honi soit qui mal y pense"

REAL pornography on slashdot advertisement (0)

Anonymous Coward | more than 12 years ago | (#2399347)

The rackspace ad [slashdot.org] . Blatant group sex, guy inserting a dildo into a woman's mouth, nothing less.

Remove this SHIT NOW!! (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#2399182)

We are at WAR!!! Your rights have been curtailed and you CANNOT bash microsoft!! Im calling the FBI right now and there gonna send tanks into your fucking homes and burn you fucking commies alive!!! FUCK LINUX ITS SHIT I HATE IT@!! oyu cocksu kingb FAGGOTS MAKE ME WANT TO PUUUUKE@!!!@

Powerpoint (2)

Tom7 (102298) | more than 12 years ago | (#2399183)


I know it's popular to bash Powerpoint, but I have to say that's one product without any acceptable replacements on the linux side. ("Impress" does not. ;)) Have you just never given any presentations that you needed to develop rapidly, or do you have some secret?

Re:Powerpoint (2)

BroadbandBradley (237267) | more than 12 years ago | (#2399260)

star office has ...I think it's called presenter... and it's got templates and walks you right through the whole thing. Koffice has something similar but I haven't tried it. IMHO both are acceptable alternatives to powerpoint.

try HTTP (1)

dragonfrog (451722) | more than 12 years ago | (#2399288)

Build a web page, using some suitably cookie cutter format. Put it on some server that your audience will have access to at home.

Then, instead of having all this text, and forcing people to pretty much choose between writing it down, or listening to you, you can just say, "This is all on the web, at this address, so you don't need to write it down." I had a couple of profs do that, and it was sooo much better than all this powerpoint nonsense.

Plus, with a browser, you can scroll back half a page, and let the slow writer in the room get that last figure, while you go on with the talk. With ppt, it's back the whole page, and wait for the one slow guy, or the hell with the slow guy and go ahead with the talk

Re:Powerpoint (2)

peccary (161168) | more than 12 years ago | (#2399301)

magic markers.

Three colors: red, black, and green.

With these and a stack of blank transparencies, I can go anywhere, and present a topic to any size audience, on any topic which I am knowledgeable about.

The only thing this approach lacks is the VERY OCCASIONALLY useful photograph or map.

Oh goody... (1)

allism (457899) | more than 12 years ago | (#2399184)

Now I have an excuse for my mistakes..."The baddies took over my computer and messed with the data!" I can't wait!

Sun Problem (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2399195)

There's a fairly serious new exploit against Solaris machines. Read about it at SecurityFocus.Com (been there since Oct 4). Why do these never get reported here?

Linus likes PowerPoint (1, Informative)

Anonymous Coward | more than 12 years ago | (#2399203)

I know I've read it somewhere, I believe in an interview in Linux Journal from a few years back. Linus stated at the time that PowerPoint was one of the Microsoft products that he liked using.

Not that it matters to me, but go ahead and knot up your undies in angst.

Productivity (5, Funny)

Phroggy (441) | more than 12 years ago | (#2399212)

I always thought that PowerPoint was already at least as destructive as macro viruses to corporate productivity. You ever watch a suit fiddle with his presentation?

How does that hurt productivity? You seem to be implying that the suit would be doing something productive if he weren't using PowerPoint.

Is this piece of news interesting? (2, Insightful)

Ipsilon (214211) | more than 12 years ago | (#2399218)

All of us DO know that Micro$oft's programs are full of bugs and security holes, but I don't think we should post every security hole on slashdot. Everyone know that M$ sucks, but please: don't post more stuff like this and concentrate on improving whatever is your open source operating system (Linux, FreeBSD, NetBSD, OpenBSD, etc.) because they have security holes too.

I don't get it (2)

vrt3 (62368) | more than 12 years ago | (#2399251)

This is so f*cking stupid (excuse me lame language, but that's just how I feel about it). If I understand it correctly, the code that is responsible for executing the macros can find them, but the code that it is responsible for finding them (in order to be able to ignore them), cannot find them.

I could rant on and on, but I'm not going to because, in fact, there just are no words to say how braindead this is.

from the everybody-point-and-laugh dept. (-1, Offtopic)

jeffy124 (453342) | more than 12 years ago | (#2399253)

could not resist some ascii art....

_________ MM MM SS
.-'-' ____)_____ MMM MMM SS SS
| .-' ______) MM M MM SS
| --- _) MM MM SS
| `-. _) MM MM SS SS
`---._____) MM MM SS

HH HH AA HH HH AA ||
HH HH AA AA HH HH AA AA ||
HHHHHH AAAAAA HHHHHH AAAAAA ||
HH HH AA AA HH HH AA AA ||
HH HH AA AA HH HH AA AA ..

Lameness filter encountered.
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

After 4 attempts, it still violates!! ARGHH!

Yea!! 5 attempts was the charm!!

An idea for Microsoft (1)

AnimeFreak (223792) | more than 12 years ago | (#2399281)

Have a group of people proof-read the code before compiling it.

It's amazing! (2, Informative)

famazza (398147) | more than 12 years ago | (#2399306)

The most amazing thing of all these virii it that they all exist only due to one (and no more than one) function in the whole VBA language:

  • CopyMacro
Maybe it has another name today, but it means exactly the same, copy a macro from a document to another. THAT'S AMAZING!!! Erradicating all these dam virii is much more easy to erradicate malaria from a non-tropical country, kill all the vectors.

That's wright we don't even need to kill the vector, all we need is to avoid the vectors to infect the host. This dam macro must not exist anymore!!!

Simple as that, and M$ doesn't seems to want to solve the problem.

What I really want to know is... (2)

BroadbandBradley (237267) | more than 12 years ago | (#2399309)

what makes a macro hidden? is it a malformed tag?

Office Updater (2)

alanjstr (131045) | more than 12 years ago | (#2399311)

For versions of Office 2000+: Office Update Wizard [microsoft.com] .

Be forwarned, though, that even WindowsUpdate [microsoft.com] doesn't list ALL of the patches that are out.

Openoffice scripting ? (2, Interesting)

hack0rama (253610) | more than 12 years ago | (#2399399)

Does OpenOffice support a scripting similar to the macros in MSOffice ? If so would it be possible to see similar issues with OpenOffice as well ?

It may not be as bad on Linux/Unix because of the user processes not getting access privilages to do anything nsty, but OpenOffice has a windows version as well.

If there is a sizable installed base of OpenOffice , then maybe you can imagine OpenOffice script worms doing annoying stuff with user files/mails.
And if your friendly Mozilla/Kmail/Evolution/PINE mail tool has the MIME type set to open with OpenOffice then it can spread the worm around.

Slashdot = Bin Laden for Geek's (0, Troll)

WildBeast (189336) | more than 12 years ago | (#2399401)

Really I mean, Bin Laden is jealous of the U.S. because it's a successfull and powerfull country that made a few mistakes (which he keeps on talking about) yet doesn't do much to help his people. Same goes for Slashdot, they're afraid of MS because it's a successfull and powerfull company who happened to make a few mistakes (they keep on talking about them) and do very little in order to help with Linux issues. If you look closely you'll see that very few of their articles talk about Linux.

Somebody tell the suits what this costs (4, Informative)

BroadbandBradley (237267) | more than 12 years ago | (#2399429)

I work for a BIG company, (fortune 500) that runs MS Exchange server for mail. We recently upgraded from 95 to 2000 just a few months ago. (support for our working Win95 system having been discontinued by MS) The overhead created by all the security stuff running on the network has created lots of problems. Email is no longer 'realtimeish' meaning it may take 1/2 hour to recieve a message sent across our network. When right clicking in my browser window, it takes about 5 seconds for a menu to open (pentium III 500 128meg ram). My home pc runs Linux, and outperfoms my work computer at about half the hardware (PII 266)
IT has been trying to figure out how to fix the mail delays for a few months now with no progress, and I don't think they even care that it takes me so long to perform functions in the browser, but most of my work is done in web-based tools. MS has the world by the nuts, and they're milking us all!!! at least in my home I still have a choice.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?