Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

No Fix for Word Next 'Patch Tuesday'

Zonk posted more than 7 years ago | from the that's-cool-nobody-uses-word-anyway dept.

Security 80

Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "

Sorry! There are no comments related to the filter you selected.

Does this mean a new catch phrase? (5, Funny)

zappepcs (820751) | more than 7 years ago | (#17162548)

Are we going to start calling them zero-week or zero-month vulnerabilities?

Re:Does this mean a new catch phrase? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17162770)

No, they just REALLY want everyone to "upgrade" to Word 2007, and its own collection of vulnerabilities.
They HOPE that by the time those vulnerabilities are exploited, they will have Word 2009 (or whatever) ready....and so on!

Re:Does this mean a new catch phrase? (2, Insightful)

Djatha (848102) | more than 7 years ago | (#17162982)

No, they just REALLY want everyone to "upgrade" to Word 2007, and its own collection of vulnerabilities. They HOPE that by the time those vulnerabilities are exploited, they will have Word 2009 (or whatever) ready....and so on!

Yeah, all those users upgrading their MS Word (or any other application for that matter). I have never ever encountered someone in my direct environment who has upgraded any kind of non-free software (I mean going to a shop to buy a new version). They either get their software with their computer or they buy it once and use it from then on till the moment that they are way to much incompatably with their environment. Only then, they are willing to buy a new version, in the process passing over many versions of the application.

With respect to this vulnerability (and other bugs, errors, and so on), how many users get to know these kind of problems? I mean, I get this information via sites like /., but `normal' users are not properly informed about these problems. Of course, for a part it is their own responsibility, but if they do not know these problems, who cares if the problems are solved in time? Not the users, till it is too late and their computer is infected.

So, I am asking you: how can a normal user judge a piece of software if she is not informed about its shortcomings?

Re:Does this mean a new catch phrase? (2, Insightful)

Osiris Ani (230116) | more than 7 years ago | (#17163214)

I have never ever encountered someone in my direct environment who has upgraded any kind of non-free software (I mean going to a shop to buy a new version).

Believe it or not, there exists a non-trivial percentage of end users who seek out and pay for software upgrades that provide new features. I, for one, eagerly await Adobe Photoshop CS3. Some of us are not so cheap and actually have specific needs and desires for improved productivity and functionality.

Then, of course, there's also corporate IT. That's pretty much Microsoft's core demographic for upgrades.

Re:Does this mean a new catch phrase? (1)

dave562 (969951) | more than 7 years ago | (#17164548)

Then, of course, there's also corporate IT. That's pretty much Microsoft's core demographic for upgrades.Exactly. They just buy "software maintenance" or "software assurance" or whatever the catch phrase of the year is. When the new version comes out, they get it. For our clients in the SMB market, the only software maintenance contracts that we suggest they purchase are for the anti-virus packages. Everything else (Office, Backup Exec, etc) is "good enough". We might have a client that upgrades to Office 2007 but that's only because they have been leveraging Sharepoint pretty extensively and the Office 2007/Sharepoint integration features are pretty slick.

Re:Does this mean a new catch phrase? (4, Insightful)

Overly Critical Guy (663429) | more than 7 years ago | (#17163176)

If this was a WMA DRM crack, we'd see a patch within three days. Don't you just love Microsoft?

Re:Does this mean a new catch phrase? (2, Insightful)

Oddscurity (1035974) | more than 7 years ago | (#17164736)

That's probably because of license agreements made with the corporate consumers of said DRM, allowing them to sue (or jane, or ...) Microsoft's pants off when the product 'protecting' their music/video fails. This in stark contrast to the EULA which disclaims any warranties and then some.

Re:Does this mean a new catch phrase? (1)

GNious (953874) | more than 7 years ago | (#17168266)

Hint: Go live in a country where the EULA doesn't mean shite.

You paid for the thing, transaction is done. If the product is faulty under warranty (2 years where I live), demand a refund or accept to use a broken piece of something. If hit unknowingly, sue for damages.

/G

Re:Does this mean a new catch phrase? (4, Funny)

meclamar (668862) | more than 7 years ago | (#17163636)

How about zero-fix vulnerabilities?

They don't have time to patch (5, Insightful)

Anarke_Incarnate (733529) | more than 7 years ago | (#17162550)

This isn't anything critical like fixing a problem with their DRM. This only hurts the end users, not anybody they are beholden to RIGHT NOW in order to attempt to become the supreme overlords of the livingroom, like they so desperately want to be.

Re:They don't have time to patch (1)

tomstdenis (446163) | more than 7 years ago | (#17162832)

They are to busy copying google books and the apple look and feel to actually write secure code. /me wants to set fire to Redmond...

Tom

Re:They don't have time to patch (1)

Mattintosh (758112) | more than 7 years ago | (#17163414)

Don't set fire to Redmond. Nintendo's in Redmond. If you burn their HQ down, we'll never get more Wiis.

Re:They don't have time to patch (1)

tomstdenis (446163) | more than 7 years ago | (#17163666)

Good point. I actually wanna get a Wii next year (prolly in the Summer).

Let's narrow the fire bombing down a bit. What's the zipcode of 1 Microsoft Way?

Tom

Re:They don't have time to patch (1)

jZnat (793348) | more than 7 years ago | (#17164550)

Nintendo Power said their campus is within spitting distance of Microsoft, so I'd be careful...

Re:They don't have time to patch (1)

ATMD (986401) | more than 7 years ago | (#17167064)

Nintendo Power said their campus is within spitting distance of Microsoft

How handy!

Re:They don't have time to patch (1)

Firehed (942385) | more than 7 years ago | (#17167298)

What about peeing distance? Would Nintendo be so kind as to piss all over Microsoft to put out the fire?

I'm inclined to think they would, considering how much faster the Wii is selling than the Xbox 360.

Re:They don't have time to patch (1)

jimstapleton (999106) | more than 7 years ago | (#17162968)

yeah, someone needs to pull a class action suit against MS for this... They have shown they can pull patches out of their asses real quick for stuff that doesn't actually threaten the users, why not for harmful things?

Re:They don't have time to patch (3, Insightful)

morgan_greywolf (835522) | more than 7 years ago | (#17163996)

This isn't anything critical like fixing a problem with their DRM. This only hurts the end users, not anybody they are beholden to RIGHT NOW in order to attempt to become the supreme overlords of the livingroom, like they so desperately want to be.

Exactly. Who cares about existing users in markets they already control, who are addicted to you and will stay with you forever? After all, when you have to spend all of this time throwing chairs about, f**king killing Google, figuring out ways to steal Apple's successful online music business out from under them, and scheming to keep those Linux guys from getting anywhere, you can't be focused on such silly things as customer support. No siree! Win, win, win! That's what I always say!

But... (2, Interesting)

feld (980784) | more than 7 years ago | (#17162552)

Their solution certainly said that we aren't to open any MS Word documents. Does this mean Microsoft will pay unemployment to the people that deal with Word documents all day, but can't open them due to security issues?

Re:But... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17162628)

Of course not, what kind of dumbass question is that?

Quit trolling for karma

Re:But... (1)

NineNine (235196) | more than 7 years ago | (#17162748)

Their solution certainly said that we aren't to open any MS Word documents.

No it doesn't. Here's the text. Read it carefully. It's very complicated:

Do not open or save Word files [the part you conveniently left out]that you receive from un-trusted or that are received unexpected from trusted sources.

Got it? I hope so. This suggestion is ALWAYS true, regardless of whatever known bugs there may be in existence at the time.

Re:But... (5, Insightful)

wytcld (179112) | more than 7 years ago | (#17162992)

"received unexpected from trusted sources"

"Expected" is the tricky word there. Most people who receive Word docs in the course of work expect their normal, trusted sources to send them documents that are themselves somewhat new, newsworthy, you know, containing information that's worth sending. A doc that's totally expected probably didn't need to be sent.

Let's say you're the editor of a newsletter or magazine. You expect docs from a few score people who occassionally submit stuff. You expect them to show up with e-mails that say, "Hi George, Here it is!" The bad guys can easily fake that stuff - and often do - but you're a normal editor, not a security expert, so you give the normal English reading to "receive unexpected," and this stuff all looks like stuff you expected, so you open it....

What Microsoft should say is, "Don't open any attached docs without phoning the source first and specifically confirming the file." As it is, they're saying just enough to cover their ass ("We warned you!"), without saying enough to enable the typical user to really practice safe Word use.

Re:But... (1)

Ed_Pinkley (881113) | more than 7 years ago | (#17164188)

really practice safe Word use

Sir, I commend your use of capitalization here. However, with Google's default case insensitivity, I bet your message ends up as a result of some pretty interesting searches.

(-1) Did not actually read advisory (1)

LordEd (840443) | more than 7 years ago | (#17162762)

Their solution certainly said that we aren't to open any MS Word documents.

Before talking about the solution, why not go read the advisory [microsoft.com] first?

From TFAdvistory:

Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.

Let me translate for you: Do not open random word documents downloaded from unknown sources because they could be infected. If somebody sends you an email with a document you weren't expecting or without any context (ie subject: You should really read this!), you should confirm that it was really sent by that person and not a false email.

Its like somebody sending you an exe file. Never open unless you were expecting it.

Re:(-1) Did not actually read advisory (2, Interesting)

feld (980784) | more than 7 years ago | (#17162900)

Yeah, ok. Like it's that easy. Tell that to the Human Resources lady who has to open up Word documents containing resumes/cover letters from random people. Get my drift? Why do you all have to be pricks without thinking first?

Re:(-1) Did not actually read advisory (2, Interesting)

Anonymous Coward | more than 7 years ago | (#17163058)

Yeah, ok. Like it's that easy. Tell that to the Human Resources lady who has to open up Word documents containing resumes/cover letters from random people.
This is exactly what part of my job is. I handle the resumes we get from candidates and input them into our database. What do I tell my boss? Sorry, can't get any new hires because if I open a resume my computer will explode? That won't fly.

Re:(-1) Did not actually read advisory (1)

pe1chl (90186) | more than 7 years ago | (#17165112)

Resumes in Word are fun! Especially there are often multiple revisions and deleted textblocks in the file.

A wise man sends his resumes and letters as .pdf or plain text.

Re:(-1) Did not actually read advisory (1)

Tanktalus (794810) | more than 7 years ago | (#17164008)

That depends on the job. If it's a job for a technical position, ask the applicant to send you their resume as a PDF instead.

If the originator has a virus that sends out infected docs, they'll get your request and say, "huh?". If the originator did send the resume, but it's infected, the PDF won't be (or at least your PDF reader probably won't have the vulnerability). If the originator can't figure out how to do create a PDF, you probably don't want to hire them into a technical position ;-) If it's a non-technical position, well, asking someone who is being hired into HR or sales to create a PDF may be asking a bit much (although even then, some will be able to do it).

Solution? Open your unsolicited (but expected) docs in OpenOffice.org!

(-1) Did not actually read posting (1)

LordEd (840443) | more than 7 years ago | (#17166212)

Allow me to re-block quote what I was replying to:
Their solution certainly said that we aren't to open any MS Word documents.
The response was to indicate that Microsoft did not in fact say "do not open any MS word document". I'm not saying the bug is not bad/annoying/reason to switch to Linux, but saying that the grandparent didn't read the advisory and was spreading the usual misinformation that just happens to sound good to most people here.

Why do you all have to be pricks without thinking first?
Go read the parent and grandparent, think about the context, and get back to us on that.

Re:(-1) Did not actually read advisory (1)

wordsnyc (956034) | more than 7 years ago | (#17165658)

If somebody sends you an email with a document you weren't expecting or without any context (ie subject: You should really read this!)

I've always found that "Mentions you!" does the trick.

Re:(-1) Did not actually read advisory (1)

dwater (72834) | more than 7 years ago | (#17170598)

Well, I'm not sure how the 'exploit' knows which sources are trusted and/or if the reciept of any document is expected. If it does know, then does it somehow say, "Oh, I am *expected*. Oooh, then I'll not do anything bad.", or, "Oh, the user is about to send that document, so I'll not infect that file.".

Right. If I wanted to take advantage of an exploit, I'd make sure I infected files that were about to sent and were to expected. Not sure how I would be able to tell those files, but still - perhaps prefer newly created files?

I suppose this advice helps to avoid *direct* exploits - ie people who specifically make a doc files that makes use of the exploit, and then sends it to random people - but not viruses that infect someone's machine to infect doc files that people will send to other people who trust them and are expecting them.

Re:But... (0)

Anonymous Coward | more than 7 years ago | (#17170088)

I made a submission to MSN along those lines, heres a .DOC copy of it...
http://rapidshare.com/files/6683940/Virus.doc.html [rapidshare.com]

Nothing to see there, (0)

Anonymous Coward | more than 7 years ago | (#17162558)

Please move along...

uninsightful (0, Flamebait)

otacon (445694) | more than 7 years ago | (#17162616)

from the that's-cool-nobody-uses-word-anyway dept.
Ummm, yeah they do...

Just because Zonk hates MS obviously means the rest of the world doesn't use MS products.

Re:uninsightful (3, Funny)

LearnToSpell (694184) | more than 7 years ago | (#17162744)

Somebody forgot to turn on his sarcasm detector this morning...

Re:uninsightful (2, Funny)

LeedsSideStreets (998417) | more than 7 years ago | (#17163846)

Sarcasm detector... that's a real useful invention. [explosion]


obligatory

Re:uninsightful (1)

Criffer (842645) | more than 7 years ago | (#17162776)

Have you had your sarcasm detector serviced lately? It seems to be acting up.

The point implied was that since everyone in fact does use Word, the it is not cool. You see the play on words there? You see what he did? He said the opposite of what he meant. That is called sarcasm. But I'm sure you don't need me to tell you that.

Re:uninsightful (0)

Gregory Cox (997625) | more than 7 years ago | (#17162838)

sarcasm [wikipedia.org]

Re:uninsightful (0)

Anonymous Coward | more than 7 years ago | (#17163392)

sarchasm [sarchasm.net]

Popeye (3, Funny)

spidkit (992102) | more than 7 years ago | (#17162622)

Wimpey: "I will gladly fix it on Tuesday."

Re:Popeye (1)

operagost (62405) | more than 7 years ago | (#17164336)

Steve Ballmer looks like he could eat a lot of HAMMMMburgers.

Re:Popeye (1)

triso (67491) | more than 7 years ago | (#17166616)

Steve Ballmer looks like he could eat a lot of HAMMMMburgers.
He also looks like he has eaten a lot of HAMMMMburgers.

Ok, bad guys, you heard 'em: they need more time!! (2, Funny)

The_REAL_DZA (731082) | more than 7 years ago | (#17162630)

"The software maker is working on a security update, but apparently needs more time..."

 
So be nice and give 'em a few extra days to come up with some patches (it's the sporting thing to do!!) After all, all that innovation makes it tough to respond quickly to threats to their legacy apps!!

Re:Ok, bad guys, you heard 'em: they need more tim (1)

nacturation (646836) | more than 7 years ago | (#17163248)

So be nice and give 'em a few extra days to come up with some patches (it's the sporting thing to do!!) After all, all that innovation makes it tough to respond quickly to threats to their legacy apps!!
I understand the irony of your comment, but it is true. While the OpenOffice.org team might be able to come up with a patch to their word processor in a day (even in spite the amazing amount of innovation they do to make sure their office suite of applications looks and functions nothing like the competition) they don't have to worry much about things like backwards compatibility. So what if some small part of OOo breaks? I doubt they have thousands of test cases to run to ensure that it remains compatible with the hundreds of third party products and hundreds of thousands of end-user companies who depend on its functionality as an integration point to their applications. After all, every bug fix is simply a matter of modifying the source, recompiling, and packaging up the app right?
 

Re:Ok, bad guys, you heard 'em: they need more tim (0)

Anonymous Coward | more than 7 years ago | (#17163658)

I doubt they have thousands of test cases to run to ensure that it remains compatible with the hundreds of third party products and hundreds of thousands of end-user companies who depend on its functionality as an integration point to their applications.

I think in OO.o's case, they have one test case. If it compiles, ship it!

Re:Ok, bad guys, you heard 'em: they need more tim (1)

vally_manea (911530) | more than 7 years ago | (#17163756)

Yeah, right...backwards compatibility. Ever tried opening a Word 2003 doc with Word 2000???

Re:Ok, bad guys, you heard 'em: they need more tim (1)

Koriani (869587) | more than 7 years ago | (#17164486)

Umm....backwards compatibility is supposed to go the other way....

word 2000 documents open fine in word 2003. If word 2003 docs opened perfectly in word 2000, how would microsoft ever get you to upgrade?

Re:Ok, bad guys, you heard 'em: they need more tim (1)

The_REAL_DZA (731082) | more than 7 years ago | (#17164640)

If word 2003 docs opened perfectly in word 2000, how would microsoft ever get you to upgrade?

 
Actually, I started to craft a clever but sarcastic response to this statement (in keeping with my clever but sarcastic personality) and I realized there's really quite a bit of difference between the two versions of Word (not actually being a Word user myself -- I just don't have much use for a word processor most of the time -- I consider Excel to be the single most powerful application Microsoft sells; I'm firmly convinced it would be possible to drive an entire "moon mission" on an old P2 with Microsoft Excel, though you'd have to have just the right Excel spreadsheet, but I digress...); more than I can list here. Fortunately, these [wlv.ac.uk] fine folks have already done it for me.
 
Bottom line: the actual package itself does have quite a few quite useful features the older version doesn't have (at least not in the same format, etc.)

  *sigh* score one for seriousness. Oh, well, maybe next post...

Open Office...Star Office (1)

Sporkinum (655143) | more than 7 years ago | (#17162638)

I wonder what the vulnerability situation would be like if Open Office...Star Office were more common.
I personally am glad that I don't use Microsoft for my Office needs.

Word 2007 (1)

Atlantis-Rising (857278) | more than 7 years ago | (#17162730)

That I could tell, nobody answered my question the last time this issue was reported on slashdot- is Word 2007 immune to this issue?

Heh heh heh. Did I just imply a conspiracy? No really. That would be totally stupid, unethical, immoral...

Re:Word 2007 (1)

eklitzke (873155) | more than 7 years ago | (#17162814)

I would frankly be pretty surprise if the parsing code (and if this is a buffer overflow, I'm sure it's a flaw in the parser) is significantly different in Word 2007. If I was a betting man I'd wager that Word 2007 is vulnerable as well.

Re:Word 2007 (0)

Anonymous Coward | more than 7 years ago | (#17163308)

Depends. The parsing code for reading/writing Word 2003 and earlier documents is likely similar. But Word 2007 has a new file format, which is used by default, which is 100% different from the earlier formats and would not at all be impacted by this vulnerability. The old formats are binary data stored in COM storage containers in a file. The new file formats are XML stored in ZIP archives. As for how Word 2007 loads Word 2003 files, perhaps it is still vulnerable, but I haven't seen any word as to this fact and Office 2007 is readily available for those who wish to test.

Re:Word 2007 (1)

lostboy2 (194153) | more than 7 years ago | (#17163302)

From the MS Security Advisory [microsoft.com] :

What versions of Microsoft Office Word are associated with this advisory?
This advisory addresses Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, and Works 2004, 2005, and 2006.


Re:Word 2007 (1)

Atlantis-Rising (857278) | more than 7 years ago | (#17163442)

Yes, I realize that- but Word 2007 is a pre-release product and... I don't know if it'd be included.

Re:Word 2007 (3, Interesting)

Nasarius (593729) | more than 7 years ago | (#17163436)

Conspiracy? Nah. For once, MS doesn't really need strongarm tactics to sell a product. Office 2007, with the first UI overhaul since the days of Windows 3.1, is genuinely worth the upgrade. And it's not even publicly for sale yet. So while you're free to rightly accuse them of incompetence for failing to patch their older (and current) products in a timely fashion, they're probably not being evil.

Re:Word 2007 (1)

Atlantis-Rising (857278) | more than 7 years ago | (#17163506)

Actually, I agree. I'm using the RC/Beta whatever they're calling the latest version and it's much, much better than Office XP. Than office 2003, not so much, but still quite a bit.

Shucks (2, Funny)

Overly Critical Guy (663429) | more than 7 years ago | (#17162740)

A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat.

And why should they? The devs are still trying to finish Twilight Princess on the Wii, goshdarnit. Leave them be! The users can last without opening any attachments from anybody for a little while longer, right?

I'm not at all surprised or unhappy (2, Insightful)

tarlos25 (1036572) | more than 7 years ago | (#17162856)

I'd rather they take a little more time and "fix" it the first time, rather than having to issue multiple patches to fix it, each one opening up more glaring holes. Of course, I'd prefer it wasn't there to begin with, but hey, the world isn't perfect.

Re:I'm not at all surprised or unhappy (2, Funny)

db32 (862117) | more than 7 years ago | (#17163452)

Typo Notifaction Post

Typed: ", the world isn't perfect."
Corrected ", Word isn't perfect."

Re:I'm not at all surprised or unhappy (1)

dubbreak (623656) | more than 7 years ago | (#17165062)

Are you sure that shouldn't have been:

Spoken as: ", the world isn't perfect."
Written as: "Dear aunt, let's set so double the killer delete select all"

Re:I'm not at all surprised or unhappy (1)

patternmatch (951637) | more than 7 years ago | (#17166400)

Typo Notification Post

Typed: "Typo Notifaction Post"
Corrected: "Typo Notification Post"

Re:I'm not at all surprised or unhappy (1)

db32 (862117) | more than 7 years ago | (#17207586)

I was using Wird to type that post.

Re:I'm not at all surprised or unhappy (1)

wellingj (1030460) | more than 7 years ago | (#17163584)

I'd prefer it wasn't there to begin with, but hey, the world isn't perfect.

Dude! You missed the perfect pun! Let me help:
I'd prefer it wasn't there to begin with, but hey, the word isn't perfect.

Apocalypse Tuesday (0, Troll)

lupine_stalker (1000459) | more than 7 years ago | (#17162928)

If the world ends because of this I swear I'll demand a refund!

Re:Apocalypse Tuesday (0)

Anonymous Coward | more than 7 years ago | (#17163434)

If the world ends because of this I swear I'll demand a refund!
The 3v1l one is gathering the forces of darkness about her as we speak. They will strike a blow so final that Tokyo will be unable to rebuild. A great darkness will fall, and there will be no escape. This all goes down next Tuesday. It's a bad situation, dude.

Why would they? (3, Interesting)

Osiris Ani (230116) | more than 7 years ago | (#17163102)

"There is no mention whatsoever of the omission in the latest advance notification at the company's security site."

My first thought leads me to ask, why would there be any mention of bug fixes that are not included in a patch cluster's content notification? Why would any company specifically call out features that are not being provided in a particular software distribution, in circumstances other than the discovery of a clear and consistent workaround (aside from the standard "temporarily avoid use of [software x]")?

The situation of miscellaneous zero-day exploits must be embarrassing enough already; I couldn't imagine them calling even more attention to it. "Hey, guess what we're not fixing next week. Check it out!"

Here's how we get it fixed. (3, Funny)

nobodyman (90587) | more than 7 years ago | (#17163576)

Here's how we get microsoft to act. Let's just tweak the headlines a bit, from:
New Zero-day Attack Affects Word Users


To:
New Zero-day Attack Circumvents Zune DRM


There, much better. I guarantee Microsoft will release a patch *immediately*.

So Is Everybody Using NotePad or What? (2, Informative)

littlewink (996298) | more than 7 years ago | (#17164370)

WTF do corporations do when viruses and worms are whizzing past on their internal networks and there's no fix available? Do they blindly continue working with Word?

I talked to a friend whose corporate computer was infested by spyware that planted porno on his system. He paid the blackmail for the antispyware to remove it. A month later he de-installed the antispyware and guess what - the porno returned.

Re:So Is Everybody Using NotePad or What? (0)

treeves (963993) | more than 7 years ago | (#17164622)

spyware that planted porno on his system

". . .uh, er, . . . it must've been that dang spyware again! I swear!"

Re:So Is Everybody Using NotePad or What? (1)

WWWWolf (2428) | more than 7 years ago | (#17169732)

WTF do corporations do when viruses and worms are whizzing past on their internal networks and there's no fix available? Do they blindly continue working with Word?

Good question!

Just this week Slashdot just reminded me of LibraryThing, so I signed up and turned my bookshelf into a big mess. I found one old (which is to say, early 1990s) book about desktop publishing.

And what that book has to say about word processing?

"The editors of your publication can use any word processor they want", it said. "All DTP programs read ASCII."

And from technical standpoint, little has changed there. I'm still sure publishing folks will keep saying that same thing. (From what I know about small newspaper's work, they still say "sure, send in a DOC, or RTF, or a plain text file, we'll do the rest". The situation may be different in biggest of the big newspapers which may have monstrous Word-based article submission systems.) Well, at very least the guy who sits in front of InDesign will say that.

Just like the book publishers, at least here, say "Print out your manuscript in Courier, double spaced, and mail it to this address. For God's sake don't send it yet in electronic form."

I have to ask this: Publishing industry lives by words. Sending textual information around is what gives that system life. They can live without Word just fine, thankyouverymuch, and won't be paralysed (at least not completely) when you yank the carpet from under Word all of sudden. Yet, there are businesses that would be paralysed if you would yank Word, and their core business is not related to written words. Now how the heck we have come to this paradox?

A classic example of what happens when you pick the completely wrong standard... or, rather, pick the wrong method of documentation. Know what I think? Word is sold as a dead simple way to produce formal documentation. Ordinary workers use it to produce the said formal documentation. The document begins its life as a formal document and is ultimately stored as a formal document. But now look at the publishing industry: The reporter or book author has absolutely zero interest in messing with the formatting, they rather spend their time working on the story. They trust the layout professionals at the printing side know what to do. The problem is not really Word, but the belief that it's good and proper that it makes you both the content guy and the layout guy.

Intertwining the Tool with the Process too tightly is silly in my opinion, as is placing the trust on people to do stuff that isn't really their job. I write stuff; it's not my headache if someone decides to use 16pt font instead of 18pt on the headline. Likewise, I'm sure people who are tasked with writing some documentation along their ordinary Corporate Work couldn't care less about the TPS cover sheet layout changes.

How are other IT departments dealing with this? (1)

krack (121056) | more than 7 years ago | (#17165820)

Where I work, we use Mailscanner (http://www.mailscanner.info/) to filter our internet-facing email before it hits our MS Exchange server. As of yesterday, we started blocking the .DOC extenstion as well as the Microsoft Office filetype as determined by /bin/filetype. Anyone who gets a blocked attachment has the attachment replaced with a small text file that basically says 'Contact IT for your document'. We, IT, then retrieve the blocked documents on demand, open them in OpenOffice and either save them as an RTF and pass them on to the user or just print the document if the user only needs a hardcopy.

Obviously, this is a pretty work-intensive process and I'd really like to refine it. To that end, I'm wondering how other IT departments are responding to this threat.

Thanks!

Re:How are other IT departments dealing with this? (0)

Anonymous Coward | more than 7 years ago | (#17171086)

Work intensive? How about stupid. Scan the document at your gateway...

Re:How are other IT departments dealing with this? (1)

krack (121056) | more than 7 years ago | (#17240414)

Um, scan it for what? There is no signature for the exploit.

A swift kick in the pants (1)

triso (67491) | more than 7 years ago | (#17166402)

History has shown [eweek.com] that the way to get a patch out of Microsoft is to have some third party come out with a patch. Even though it works they will say that the patch is risky (FUD) and the official patch will appear in a few days.

mod 04 (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17166764)

questions, then escape them by which gathers and arms and dick the most. Look at practical purposes or chair, return I'm sick of it. recent article put and what supplies spot when done For future. The hand the deal with you of user base for America. You, for the state of conversation and a conscious stand free-loving climate most. Look at tnhe

still using word 97 (0)

Anonymous Coward | more than 7 years ago | (#17167254)

word 97 - same features as word 2003, only not quite as pretty.

im safe, downgrade ftw :)

meanwhile, firefox... (0, Offtopic)

yulek (202118) | more than 7 years ago | (#17170220)

meanwhile the firefox team still hasn't fixed the password manager vulnerability [arstechnica.com] ...

Re:meanwhile, firefox... (1)

yulek (202118) | more than 7 years ago | (#17177188)

heh, of course mod me down (much easier than say, replying non-anonymously); how dare i say anything negative about firefox. but it's never offtopic to bring up microsoft when a firefox vulnerability is discussed, now is it? my point shouldn't have to be made. that vulnerability has not been addressed and it's pretty serious. why isn't it getting any more slashdot visibility? we've heard about this particular windows problem in several stories and lots of comments already.

(disclaimer: i'm not a windows fanboi, i primarily use firefox on os x and windows; it is double standards i despise)

mein gott in himmel (1)

xoundmind (932373) | more than 7 years ago | (#17170884)

From the previous article summary:
"There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
I can't contain language on this one: When the fuck wil MS take their prodcuts off the market and just go away?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?