Slashdot Mirror
MS Word Zero-Day Exploit Found
subbers writes "A zero-day flaw in Microsoft Word program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail and drops a backdoor with rootkit features when the document is opened and the previously unknown vulnerability is triggered. From the article: 'The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software.'"
You know how unreliable OSS is after all...
This type of spam isn't too bad given traditional spam methods, as smarter users won't open attachments from people they don't know. The dumb ones generally dont know a word doc from an EXE so hopefully they are also avoiding most attachments. However there have been a few articles on the future of spam and local data mining. Consider what would happen if the next virus your co-worker got looked through their emails, found the last word document they sent out, and then copied that but embedded this exploit. They might even say, its been revised please have another look. The chances you wouldn't open this are extremely low, and especially when you are opening a normally okay attachment. It is coming from someone you know, from their computer, through their isp, and even is styled the same way as normal. The question is how will we attempt to combat such things? It doesn't just have to do with holes in microsoft office, or any other format too. When local data mining is combined with exploits in any other common formats (give the image exploits of other os's even) you now have a delivery method that can almost promise execution.
Is there already a race on for releasing a patch? Can the anti virus companies detect it?
I guess it will be a mess if they dont start detecting it soon.Of course MS will be flamed again.
Lord of the Binges.
A recent slashdot story asked the question, "Is the internet that fragile?" When I see stories like this, it reminds me and should remind everyone of the other fragile technology(ies), Microsoft and their baggage.
Consider that many on-line applications for jobs require cover letters and resumes as WORD attachments. Now, consider the temporary suggested workaround:
This is disruptive and lose-lose, either organizations heed the advice, and now for as long as it takes to fix Microsoft's problem applicants will have their documents blocked, or some of these hackers profuse their new hack and compromise organization's infrastructure.
Microsoft has made our bed, and now we all must sleep in it (ick). It's unacceptable that such an exploit could so easily take control and wreak damage. Why can a simple e-mail get in and twiddle with what should be administration-priveleged system resources? I know the recommendation is everyone accessing their XP as non-administration users, but how do you enforce that, especially when for so long so many of the out-of-the-box configurations make administration rights the default login?
I must say I admire Microsoft's savvy more each day in their EULA -- crafted to absolve Microsoft of any responsibility for bad things happening to users because of Microsoft's software. It must be reassuring to offer a product and not have to assume responsibility. What a unique privelege
Of course, a good outcome from this would be to reconsider the global transport of exchanging documentation (e.g., resumes and cover letters, etc.) to something a little less Micrsoft, a little more open, and a little less prone to exploits. That can't happen soon enough.
How many EXTREMLY critical flaws is it already Word documents have?
How is it possible these things still keep coming up.
It's not even funny anymore...
Sony announces it will be sending an apology note to users who were infected by their rootkit DRM. The apology will be in .doc format.
Microsoft: Open source 'not reliable or dependable'
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
Finnish anti-virus vendor F-Secure said a successful exploit allows the attacker to create, read, write, delete and search for files and directories; access and modify the Registry; manipulate services; start and kill processes; take screenshots; enumerate open windows; create its own application window; and lock, restart or shut down Windows.
Yeah, but can they do any real damage? : p
This guy's the limit!
Would someone with more knowledge than me explain the term "zero day"?
I would like to point out that as a pen tester, Microsoft product really *DO* make my job easier.
Is this an exploit that somehow grants malicious code access privledges even beyond the user's access level, or does this simply allow execution of arbitrary code at the access level of the user who is running Word?
If it is the former, then it's a very serious flaw. If it's the latter, then it's a serious flaw, but one that will only really adversely affect people stupid enough to run as Administrator all the time, despite Microsoft's own warning against such idiotic practices.
If it is the latter, then I have further justification to use against the users who have complained about using their Administrator privledges.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
FTA: Symantec's DeepSight team said the exploit successfully executes shellcode when it is processed by Microsoft Word 2003. The malicious file caused Microsoft Word 2000 to crash, but shellcode execution did not occur.
Wonderful! So it only affects the latest-and-greatest versions of Office. Considering that MS hasn't added anything since Office 95 (I still run '97, myself), I expect only business users on SA should ever get hit by this exploit.
Then again, I suppose this means that Microsoft has added something, at least since Office 2000... Namely, more security flaws. Woot! Way to go Billy G! "Focus more on security" indeed.
Patch available: http://www.openoffice.org/
I'll probably be modded down for this...
Guess it is a good thing that I haven't seen enough added value to justify a move from Word 2000 to 2003 in our organization.
Does this still work with hardware supported Data Execution Protection enabled I wonder? Just curious. Seems like the kind of thing it's supposed to trigger against. I know that with it enabled, I can't profile a visual studio project I'm working on, as the profiling app hooks into the memory of the app I'm working on. Not sure if this is a similar thing though. But still, seems like something that should be a clear separation between executable and data segments of memory.
All your DOCs are belong to us!
...of things to come. This is the Microsoft Windows Vista teaser trailer :p
Like this guy has been saying all along, commercial sofware are more dependable, reliable....
For Hackers..
Queen: *dong* *dong* *dong* another one bites the dust!.
assert(expired(knowldege)); core dump
I've read comments from Microsoft trolls on at least 2 other articles saying that if I have up to date virus definitions and a working firewall I'll never experience any infection from anything like this.
/flameretardant materials on. I expect the MS fanbois to be storming this article in a matter of minutes.
Over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over, and over again.
How many years have y'all been virus free, boys? 5? 50? 500? Because, after all, people never get viruses when they have all the avaliable OS updates, all the AV definitions up to date, and a working firewall. Right?
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
And this just brings us right back to the oldest antivirus solution in the book: if you don't know the sender, DON'T OPEN THE FILE. You'd think people would catch on by now...
The exploit only works properly in Office 2003 (and crashes Office 2000). Given that emailed DOC files are pretty much required for millions of people to do their jobs, the most effective short-term workaround is use something else to read DOC files.
Seeing as I don't run as an Administrator on my box when I'm not administering, the exploit is neutralized by simple lack of privielges. Still sounds nasty nonetheless.
For all we know, the Zombie Overlords live in Scranton, NJ or Brazil.
They're just using the incredibly insecure servers one can find in China and nearby countries to base the attacks from.
Now, that doesn't mean they aren't Chinese - in fact, that's quite possible - just that where an attack comes from is frequently not where the people who set it off are based in.
-- Tigger warning: This post may contain tiggers! --
As a temporary mitigation method, Symantec is recommending that Microsoft Word document e-mail attachments be blocked at the network perimeter.
How about:
- make sure your users don't work as administrator but under an unprivileged user account
- setup the system so that this unprivileged user account cannot write in %windir% and %ProgramFiles%
- build the network in such a way that programs cannot directly "connect home" but can connect to the Internet only via well-defined proxy servers
- setup mail so that incoming office documents opened from mail do not open in Office but in the free Office viewers instead
Can Openoffice.org import those special Doc ?
I have a PDA running WinCE, and I can only sync it with MS Active Sync if I am logged on as administrator. I really detest this. It would be so much better if each member of the family could sync their own PDA when logged in as themselves. However, Active Sync does not appear to support this. This machine has to be connected to the internet to update my WinCE apps. I suspect this makes Active Sync "goods not of merchandisable quality" in the terms of the UK "sale of Goods Act", and I am willing to participate in a class action against MS.
I only use the Windows computer for syncing my PDA. For everything else, I use FreeBSD.
Sent from my ASR33 using ASCII
... if they chose not to download and install and run them.
... good enough for me.
Works for me.
That way I also don't have to spend extra money on extra hardware to support buggy bloatware virus checkers. How many times have you seen complaints about systems broken by anti-virus software? More often then never? Riiight
Now is the time to tell your contacts to use an open document, which IS a standard for both ISO and OASIS (ISO/IEC 26300), and is not sensible to the threats of Microsoft Word document.
Maybe something like for the people who keep sending Word files:
"Please use OpenDocument for your document exchange, because it's
- open,
- a standard (ISO/IEC 26300)
- it protects you and me from security threats.
Please look for details at http://en.wikipedia.org/wiki/OpenDocument"
At the end, it may work.
Refer to a url pointing at a share within the company instead.
Have you never heard of phishing?
What he can't kill, he has sex on. Trent.
It a medium of communications, and text is the only content which can be assumed to be usable by any recipient. Sending anything other than plain old text, unless there is prior agreement between both sender and receiver, is a hinderance to communications.
http://www.efn.no/html-bad.html
"National Security is the chief cause of national insecurity." - Celine's First Law
A couple of days ago a helpful Automatic Update invalidated my Microsoft Office products (something about a license) and for today (and today only?) protected me from their own incompetence.
In other news typing a page of text can also be done in Open Office.
Note earlier Slashdot post that it only effects the Lenovo brand of PC's.
We were adolescent back then. In the 90's, we tried to make everything accept everything, put anything anywhere, spread out and see what sticks.
We're smarter now and the security risks of the Internet today are far more prevelant than they were back then. There wasn't as much invested back then.
It's time to put the toys back in the garage, clean up your room and do things in an orderly fashion.
email text.
have voice conversations over VOIP.
leave voice messages and docs on servers.
give everyone their own ip address and make them responsible for what emanates from it.
link directly to sources instead of repeating the exact same story.
You are checking your backups, aren't you?
I didn't open the Lenovo_ban.doc attachment.
> any of you so geeky you misread guitar as some graphical front end for tar? ;-)
No, but I always misread Hires rootbeer as hi-res rootbeer. Does that count?
.
Nothing is inexplicable; only unexplained -Tom Baker, Doctor Who
I think you underestimate the use of attachments in a corporate setting, and the amount of user resistance to such a scheme that would require uploading in addition to sending a link. In fact, such a scheme would probably just result in a proliferation of "one button upload" tools that would upload a file to a server and link it in the outgoing document simultaneously, which could then be used by virus writers to spread their payloads. In short, you'd have maybe given then a 6 month hiccup while the tools got written and while they learned to exploit them.
Actually, I could think of a lot of nasty ways you could use such a system to an even greater virus-spreading effect than attachments, since once you got the payload on the server you would only have to spread the link to that one file, and you're spreading the virus. So rather than having to make every user send out a 500kb "word document" to everyone in their address book, they just email everyone in the corporation a link to the file.
And of course, you'd still need to make these "attachment servers" globally accessible at some level, because otherwise there'd be no way for people outside the organization to send attachments in. Blocking all incoming attachments, while it might seem like a good idea to IT people, wouldn't go over well with most employees; there are valid business reasons for wanting to receive attachments from other people (e.g., if a client sends you a PDF, you better damn well not have to tell them "oh, I don't do attachments"). Ever heard of e-faxes? Scan to email?
The only people this would benefit are the software companies that would make the tools to run the servers that would host these "detached attachments" and sell the new versions of the email software that everyone would have to upgrade to, in order to use them.
The only "solutions" to these problems are using operating systems that are more secure, coupled with educating users on good security practices. But given that there's a general lack of common sense in the population in all things, not just limited to computers, I think the latter is probably a long shot. A trite solution like moving attachments to a server wouldn't help much.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Wouldn't this be considered more of a trojam than an exploit?
Now this is what I call an "Open Document Format"!
It is Open, as in open for hackers to drop root kits on your system.
As in grab you ankles open.
It is also Accessable, as other people now have access to your system.
Why does a document need to have the ability to contain code and execute code on your system?
I'd be happy with just formatting features and losing all "fancy garbage" that allows these holes to exist.
Maybe they should consider renaming MS Word to MS Access?
Use my userscript to add story images to Slashdot. There's no going back.
...when I tell them, that my Mac OSX laptop is the CHEAPEST form of absolute insurance against the MS EULA protected gross safety problems of MS's XP Pro & MS Office.
They do critical MSWord docs back and for with clients and the FDA in Wash. D.C. all day long, and I really don't think they accept how risky this is today, particularly if a document comes in forwarded from a reliable source that has had the malicious RootKit somehow patched onto an other wise legitimate document that they need to file with the FDA.
Of course that makes me wonder how the FDA handles a malicious MS Word document. They are no different than anyone else in receiving zero day exploits.
Each time a zero day or other serious problem hits, I remind them, but they are literally afraid of having to learn something new, & so stick with the MS offerings.
does it run on Linux?
Well, once I was hit from Comcast in NJ. After I blocked the range, he had to proxy & the attacks came much slower.
starting with attachments from peple they dont't know. Host based security is the way to go - a product that doesn't depend on definitions that may or may not be updated. CSA will stop this attack now. Cost justification is easy once you have had your network and/or servers brought to thier knees by malicious code.
I guess then that the translation of text in the virus/trojan *FROM* Chinese to English means that these evil overlords in N.J. or Brazil speak and write Chinese??
Check your facts first....
Logically, nothing you've said contradicts the original poster. He said "If you don't know the sender, then don't open the attachment." You are arguing against the converse of what he said, which is "If you do know the sender, then do open the attachment." So you may be right that this latter is not true, but it in no ways implies that what the OP said is not true.
But of course, everyone knows that Word is full of holes because no-one has really attempted to use it as an attack vector yet since there are many easier ways.
I'm not sure if you're being sarcastic or not, so allow me to say one word: Melissa.
Sure I'm paranoid, but am I paranoid enough?
1. That I just not use my computer. (If I can't open files that appear to be from business clients, um what files can I open?)
2. That Word 97 is better than Word 200whatever?
Thanks to eating disorders most chicks are reasonably good looking these days.
Since all these factors can be spoofed, insist that anyone who is sending you an attachment first send you a plain text e-mail advising you that he/she is about to send the attachment. This message should include your name in the body in the text, a brief description of what is being sent, and maybe even a worded statement of the date and time to confirm the time stamp. You could even establish a code word or phrase with regular correspondents and ask that they include that in both subject line and text body. Conversely, if you do receive an unexpected attachment, but it appears to be from a known correspondent, e-mail them and ask if they sent you a message with attachment with subject line XXX at such and such a date and time.
Seem like a lot of trouble to go through? Compare the momentary annoyance to the time and cost of ridding your machine of a nasty virus. I've known people who are well aware of the ticks and trades of virus sending assholes who get infected simply because they get careless or lazy and don't take steps such as the above.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
link directly to sources instead of repeating the exact same story.
Done correctly, this difference would be transparant to the user. Which means the trojan still works. How is leaving the attachment on the sender's machine different from a smart mail server with single-instance storage? Oh yeah, the difference is that when the sender disconnects his laptop, the recipient can't open the attachment. Nice.
There's no need for an email server to have more than one copy of any attachement. How would it be easier to block virus attachemts your way? If done at the email server, blocking an attachment blocks any copies sent from anywhere. Done your way, the attachment needs to be blocked at each location where it's independently brought into the system.
Socialism: a lie told by totalitarians and believed by fools.
How is this a 0-day exploit? we've known ms-word was a security hole for somehting like a decade.
Were there some people out there who thought that it was safe to open a word doc before today?
I'm mean heck, you can hardly blame MS, it must be really hard to come up with a secure way of storing formatted text... i mean, what with it's inherent ability to carry viruses and all.... (head asplodes)
my guess is, if they're using a large-scale assault, they're probably trying to cover their tracks more, but yeah, many Comcast systems are pretty open - I've got mine on 128-bit encryption, password-locked (random non-dictionary plus symbols with a virus/etc blocked set of PCs and Mac behind it.
...
So, having it come from the more easily compromised China side is probably more a matter of convenience than location.
Of course, you never know
-- Tigger warning: This post may contain tiggers! --
you're mixing up ideas. Sorry if I wasn't clear, but this is a broad list of all ideas on the Internet. The quote you have refers to people who cut and past from AP or leave out real data from research. Nothing to do with email.
You are checking your backups, aren't you?
Receiving Word attachments is bad for you because they can carry viruses (see http://en.wikipedia.org/wiki/Macro_virus). Sending Word attachments is bad for you, because a Word document normally includes hidden information about the author, enabling those in the know to pry into the author's activities (maybe yours). Text that you think you deleted may still be embarrassingly present. See http://news.bbc.co.uk/2/hi/technology/3154479.stm for more info. But above all, sending people Word documents puts pressure on them to use Microsoft software and helps to deny them any other choice. In effect, you become a buttress of the Microsoft monopoly. This pressure is a major obstacle to the broader adoption of free software. Would you please reconsider the use of Word format for communication with other people?
Email is supposed to be collaborative. It sucks when people force others to chose between working with them and their software freedom.
Friends don't help friends install M$ junk.
Open your .doc documents in WordPad. The nice thing about it, aside from it being free and included in all flavors of Windows, is that it's too stupid to do any of the fancy stuff. It has long been a favorite to avoid macro viruses for the same reason.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
No way. Microsoft products are reliable and dependable. Read a few more articles before posting such a nonsense.
Use something like AntiWord if you just need to read. Here
To: Jon Smith, Department of Defense
Here is the Word document containing the notes from our discussion last Tuesday, along with a couple images of the product mockups I mentioned. Let's discuss pricing at our next meeting.
Attached: AcmeRockets.doc (2.3MB)
----
Unbeknownst to our government guy, the customized rootkit sends out copies of emails and documents to AcmeRockets so that they can be assured of getting the lowest bid, or maybe even catch the goverment guy surfing Russian pr0n for old-fashioned blackmail.
Everyone is entitled to his own opinions, but not his own facts.
And how does this new and amazing file download work when your sitting 40k feet up in an airplane. Some of us do get work done when we are not attached to the corporate intranet. Sometimes we even work when we are not attached to the internet.
I know, I know.... Blasphamy!
running linux and MS office with wine So don't worry about it, Microsoft has a security fix for Levono computers that has government support!
We can all take advantage of this - from now on if a vendor sends you a Word document insist that for security reasons they cannot open it and should send you a PDF or OpenOffice document instead.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If you ever decide to work at a map company, let me know so that I can avoid it at all cost. In all seriosness though, there are many things that 'rich media' can help to improve. No matter how good you are at writting, some times an idea that can be easily and quickly expressed with one small image would take paragraphs of text to explain. Given that huge portions of the population get confused if more than two sentences are used to explain an idea, we must resort to pictures, colors, text format, and fonts.
Because most users have the ability to log in as root/admin due to management oversight/ignorance.
This is a secondary problem. Keeping users from having Administrator rights would be a good thing, but the local desktop security on Windows isn't really that great, and even if it was solid there's just so many ways a worm can propogate among a pool of computers without ever saving itself to persistent storage, let alone hiding in a system rather than user executable, that the problems caused by Microsoft's "Security Zones" model makes this one pale into insignificance.
Concentrate on reducing the surface area for attacks, it's a much bigger win than improving local security or antivirus software or whatever...
LOL! I'm glad someone ELSE has that mental issue. Comes from too much Apple ][ BASIC programming.
Granted, it is their software, however, it could be (and occasionally is) software created by other companies.
...) or embedded objects (ActiveX, COM objects, ...) to execute outside a sandbox at all.
Very few companies, and almost none since the '80s, provide a mechanism for scripts or other embedded code in an untrusted document to run with local user privileges. It's not even that they do a better job of restricting active content to trusted documents... rather, they simply don't provide a mechanism for macros (Javascript, VBscript, Word macros,
Microsoft's spent an enormous amount of effort on schemes to try and make it safe to install and run, or run directly, unrestricted applets and scripts embedded in web pages, word documents, and so on. And has utterly failed in coming up with a safe way to do this inherently unsafe thing.
I don't know anyone else who's done anything even close to this in the past decade, let alone kept it in place and intact against an agreement they made with the US Department of Justice. Microsoft's arrogant naivete really is unique in the IT world.
... is WHY the hell is it possible for a WORD PROCESSOR DOCUMENT to do this? I find it hard to beleive that any individual programmer can be incompetent enough or loyal enough to implement such a pile of shite. Last time I checked, most programmers take pride in what they create...
I swear we should be allowed to give mod points to sigs... "-1, Offtopic"
This statement is incorrect, and I suppose it was meant to be sarcasm of some sort, however my sarcasm detector is having a glitch. The exploit does not care what make or model the computer is, only that it is running MS Office.
HTH, HANDA
Is there heaven? Is there Hell? Is that a Tuna Melt I smell?-Primus
Were there some people out there who thought that it was safe to open a word doc before today?
Ha ha hahahaha! Hee hee! What a joke... are there people who trust Word documents? Hell yes!
If users have to fear opening a word processing document, something is terribly wrong with the word processor. Okay, I'll give you a break that you can't stop all buffer overflows and the such, but when the software is on the level of Microsoft Word (in terms of exploits, bugs) there needs to be some serious rethinking done inside the developers' minds.
NO
Well, now I know I made the right decision when I started using LaTeX for all my presentation documents and flat textfiles w/i postgres databases for all my data storage needs.
Perhaps clicking on the link would have given more information to you.
I'm getting sick of this bullshit.
It's growing increasingly obvious with every slanderous remark about the 'evil' Chinese that the West is trying to create a new 'Evil Empire' to scare us all with. Probably, (among other things), to fuel the endless weapons industry and keep the public too distracted to get down to the much-needed task of hanging all the president's men.
If the Chinese media weren't busy doing the same thing to their own populace, I'd be slightly less worried, but the fact of the matter is that 'somebody' wants us all fearing and hating one another. What a load of crap!
When you can watch unfolding such a deliberate effort to herd the world's population into specific (stupid and self-destructive) thought patterns, it seems very obvious that there's already a One World Government nestled in place, pulling all the strings, and generally being vile and nasty in their total disregard for compassion and decency.
Every time you see a story about the 'Evil Chinese' remember this: You are being manipulated.
But also remember, it is your choice as to whether or not you go along with it. I very much hope there is somebody saying the same things in Mandarin.
-FL
Yes, it provided much info. Unfortunatly, the story you linked has nothing to do with this zero-day exploit, nor are there any references that I can find to it in any thread on your link. So do you mind enlightening me as to what you are talking about? Otherwise I shall ignore you and call you Troll.
Is there heaven? Is there Hell? Is that a Tuna Melt I smell?-Primus
Groupwise has a nice feature for dealing with attachments that can be set in the preferences: to use the built-in viewer, which is independent of Office. You can see the contents but it doesn't execute any code. IIRC, it's under Tools > Options > General -- look for the radio buttons marked "Default Attachment Behavior" (or something) and set it to View, not Open.
This was such a useful setting that I made it one of the first things I demonstrated to users during the open monthy training sessions. They loved it, and nobody ever suspected it was there or what it was good for.
I have no idea if Outlook has anything similar that's not so tied into the Office renderer that it would be indistinguishable. I forget the name of the technology, but it's awesome. It has just about every document type filter known to man. I've opened CAD schematics with it. No joke.
Say what you like about GroupWise, but I remember during my helpdesk years that every day a new email virus exploit was announced, I felt a little better about things. I also knew who I was going to get calls from that day: the five people on campus who simply would not give up Outlook.
per subject
kthxbye
I shall ignore you instead.
It appears that this incident was not spam, but a targeted attack against one company, for the purpose of getting information. Mac and Linux boxes are better protected against attacks that attempt to own the box by getting root privilege than Windows is. But in this case, it seems that the attacker wanted to search the exploited system for information and send it to China. This can be done as an ordinary user. Ordinary users are perfectly capable of mailing the stored account and password information from their local copy of Firefox or IE to China; if there are any exploitable buffer overflows in OpenOffice, then OpenOffice users on all platforms are vulnerable.
I always used to just stick mine in an envelope with a stamp and two addresses on it. I did that for longer than most people here have been alive. Never sent nor got a virus from it either.
I just checked, YOU CAN STILL DO THAT, too. Man, the way some people talked, I thought they had shut down that service...glad I looked.
This is like the DVD whines, oh me oh my I can't get my distro and DVD player to play a movie without hoop jumping and installing off shore plugins and tweaking my framis valves or something.
I just use a 29.95$ DVD player and watch the movie on the old big screen TV, seems to work OK.
Anyway, if gramaw really wants to send it electronically, just show her how to get a flickr account, or use her ISP little freebie ten meg homepage, they all have point and barf pic upload buttons, then she can just email the link. If the recipient wants a copy, well, duh, download, save or save and print. Done. If she can't find where the pics are on her own hard drive,she should go back to the snail mail method, ALL gramaws still grok that way and it still works just fine.
There is usually an older tried and true mostly biodrive method for most computerized bullsnot out there, you really don't have to go out of your way to make things complicated for people, especially ones who don't need geek cred.
I'm not at liberty to mention what the bug is specifically, but all these people suggesting absurd fixes (i.e. links and not attachments [what will this accomplish? If a user will click an attachment do you think they won't click a link??] or switching to OO [sorry its gimpy at best]), all of these people will find themselves feeling silly when they find out the source of the bug and realize that they can just disable that functionality.
Yes, doing an abrupt switch will cause disruption. The amount varying depending on the number of .doc files that need to be converted and the amount of resistance to change from the users. As well the
network effects of dealing with external organizations/customers and remembering to convert the .odt file to a .doc file before sending out a copy.
There are a number of tools available to help with the mass conversion from .doc to .odf file formats.
If your organization uses Lotus Notes then the next version with ODF support can help reduce some of the support issues if you decide to use alternative file formats than MS Word.
Transmitting energy without a license.
Somehow, I think it could be safer to have the receiving mail server detach all attachments and link them to some kind of "attachments server" in the source of the email. It could be transparent or even slightly faster to the user that does not wish to download that funny 2MB video. That way, a few rules on the mail server could analyse the attachments to find patterns to similar files and check if a new virus is running in the wild. Another benefit would be that it would save a huge part of bandwidth.
Server: Hey, I got a few thousand similar files, and... What do you know, they're all password-protected zip files! I should send an alarm to my admin so he checks that out.
Client: I got email! And fast! Oh, a 15MB attachment, and I *still* haven't upgraded my 14.4kbps dial-up modem. I know who it's from, I don't need to see that person's "silly movies" and "jokes". Oh well, at least I can keep my bandwith for something useful, like slashdot.
Please note that this is only an overview of how I think email could be safe AND fancy-pants at the same time. Yes, Brightmail analyses attachments, but after that puts them back into the email as attachments. Also, I am aware it might not be the safest way, but at least it could be automatic. I do end-user support, and sometimes the way they are technically-challenged makes me wonder how these people can keep breathing, use domestic appliances, or worse, drive a car around.
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
A senior Microsoft executive told a BBC documentary that people should use commercial software if they're looking for stability. Read all about it here: http://news.zdnet.com/2100-3513_22-6074237.html?ta g=nl.e589
Great plan, but why not just stop using Microsoft Word instead?
Also, the delivery seems to me to be consistent with confucianism.
The virus seems to be modelled on access rather than destruction
"
We're having a look at the word document ourselves. So far we found it has aparently embedded excel and powerpoint components and we found a string in Chinese that translates to: "report test file structure information write into stack"
Attack is tranmitted from China, not necessarily originating from China
We now return to your regular slashdot flamewar....
Sorry, I can't seem to locate a copy for you, but I'm sending this word file over that will tell you all about it!
nt