PowerPoint ZeroDay Vulnerability Exploited

whitehatlurker writes to mention a WashingtonPost.com article about another unpatched flaw with Microsoft Office. The bug, part of the PowerPoint software, has already been used in the wild, and may be connected to an industrial espionage case. From the article: "This undocumented flaw does not appear to have been addressed in any of the 13 security updates Microsoft shipped this week to mend a variety of problems in Office software. As Security Fix and others have noted, some of the work Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows, so we may see more Office flaws under attack."

My world is crumbling!

[isecore]

No! A flaw in PowerPoint? A security issue? Say it ain't so!

Re:My world is crumbling!

No! A flaw in PowerPoint? A security issue? Say it ain't so!

Hastily written karma whoring frist prost on Slashdot? Say it ain't so!

Re:My world is crumbling!

'tis

Re:My world is crumbling!

[winwar]

Useful information found in a PowerPoint presentation?!? Say it isn't so!

The more vulnerabilities the better?

[kcbrown]

...because more vulnerabilities will cause more people to consider switching to something like OpenOffice, right?

Yeah right. The vast majority of the people who stick with Office these days are people who won't switch unless the alternative is 100% in every way, shape, and form "compatible" with (which to them means exactly the same as) Office.

Must be nice to be Microsoft, where you don't have to give a shit about your customers...

Re:The more vulnerabilities the better?

[kripkenstein]

"[...] people [...] won't switch unless the alternative is 100% in every way, shape, and form 'compatible' with [...] Office"

Exactly. This is why we need to get these security vulnerabilities in MS Office to work in OpenOffice, ASAP. It's all about compatibility, baby.

Seriously, though, I don't agree with the quote. Of course people want compatibility. But they also want security. Using MS office is a tradeoff: more compatibility, less security. When the tradeoff gets less comfortable, rational people will reconsider their options.

Re:The more vulnerabilities the better?

[rbarreira]

Using MS office is a tradeoff: more compatibility, less security.

Yeah, because OpenOffice never has security problems!!11one!!.

Re:The more vulnerabilities the better?

[kripkenstein]

Yeah, because OpenOffice never has security problems!!11one!!

A) Who said OpenOffice didn't have security problems? Of course it does.

B) As the dominant Office suite, MS Office has both security problems and actual exploits. TFA mentions one such. Of course OpenOffice is going to have fewer actual exploits, because it has less market share; all the money is in breaking into MS Office.

Therefore, in practice, MS Office is less secure.

Re:The more vulnerabilities the better?

[jonbryce]

If OpenOffice is about 95% compatible with Office 2003, then Office 2007 must be about 50% compatible with it. Does that suggest that people will switch to OpenOffice rather tha Office 2007?

Re:The more vulnerabilities the better?

[Darundal]

Then again, even if it was wholly compatable and faster, the majority of users out there don't even know that alternatives exist. They can't switch if they don't know an alternative exists. The majority of users see their computer as a mystical box that "just works" and see constant attack by spyware, adware, viruses and other malware as a price of using the computer. They think that Microsoft is required for their computer to run. They make a minimal differentiation, if any at all, between Windows, Office, IE, Outlook Express, etc. They make the differentiation only in the name of the icon they click and what types of things they can do once the window pops up. Even though they may whine, moan, bitch, and complain about something on their computer, most, even if presented with an alternative, would say no because they would honestly be scared at the prospect of their box suddenly working differently, and would see differences in such trivial things as menu placement as design flaws.

Re:The more vulnerabilities the better?

Must be nice to be ignorant ass perfectly disconnected from reality

"This is a very revenue focused company and our revenue focus is elevated." chief operating officer of Microsoft, Kevin Turner.

Re:The more vulnerabilities the better?

[ozmanjusri]

Does that suggest that people will switch to OpenOffice rather tha Office 2007?

I'm running the beta of Office 2007 now, and there's no doubt that it's the biggest change to the Office interface since the switch from DOS. The new "ribbon" interface is a little easier of novices to do normal tasks with, but is a real hindrance to power users familiar with the '95-03 style Offices.

Anyone who's already productive with the older apps will find it easier to shift to OOo than to Office 2007. There's a few new tricks under the hood of the suite, but nothing compelling enough to pay the cost of the new version. In fact, Access coders are definitely going to want to look for alternatives. The new version is pitched much more at desktop experimenters, to the serious detriment of professional developers.

Re:The more vulnerabilities the better?

The new "ribbon" interface is a little easier of novices to do normal tasks with, but is a real hindrance to power users familiar with the '95-03 style Offices.

I used to think that but you will pick up the ribbon fairly quickly and you'll be just as productive as before. Bonus: all the old keystrokes still work, e.g. you can still insert a reference in word using alt-I, N, R.

Re:The more vulnerabilities the better?

[isaacklinger]

When the tradeoff gets less comfortable, rational people will reconsider their options.

50% of rational people already use OpenOffice. The other one doesn't own a computetr.

Re:The more vulnerabilities the better?

[Bert64]

Plus with an open documented format, you can weed out a lot of things by parsing the document...

Embedded binaries, recogniseable shellcode, macros, and many other nasties embedded in an open document can be detected, and the xml data itself can be validated against the schema to further cut out a percentage of nasties...
MS on the other hand uses a binary blob, which is much harder to sort through.

Re:The more vulnerabilities the better?

[Bert64]

Unfamiliarity is what stops a majority of people from using openoffice...
Perhaps the radically different interface in msoffice 2007 will scare people away too, it's vastly different to current versions and openoffice, and just about any other app.

As for being easier for newbies, macosx and modern linux distros are easier than windows for newbies too, the only thing keeping people away from them is being familiar with a different way of doing things.

Re:The more vulnerabilities the better?

[BrokenHalo]

Therefore, in practice, MS Office is less secure.

Quod non erat demonstrandum.

Equally valid would be to say:
premise 1: 30% of all traffic accidents are caused by drunk drivers...
-> premise 2: Therefore, 70% of all accidents must be caused by sober drivers...
-> conclusion: you are safer driving while drunk than sober.

The security in OOo's case is the fact that there exists a body of developers who are more likely to fix (or accept patches for) vulnerabilities as they are found simply as a consequence of the exposure of their code to the world's scrutiny. Microsoft has no such audit process to keep them "honest".

Re:The more vulnerabilities the better?

[walstib]

Of course people want compatibility. But they also want security.
Nonsense. Most BAs couldn't ive a crap about security, and couldn't understand if you drew them a pretty picture using all 64 of their Crayolas. All they know is Power Point is what they know how to use and that is therefore the only tool for the job.

Using MS office is a tradeoff: more compatibility, less security. When the tradeoff gets less comfortable, rational people will reconsider their options.
Compatibility? With what? Other Office products? Office is one of the most closed formats I can think of.

Re:The more vulnerabilities the better?

[kripkenstein]

Good points. My post above was a bit simplistic, I admit.

Re:The more vulnerabilities the better?

[LindseyJ]

[Insert Average Joe Sixpack user vs Linux geek user debate here]

Re:The more vulnerabilities the better?

[ozmanjusri]

I used to think that but you will pick up the ribbon fairly quickly

I've been using it for a fair while now, and it still annoys me. Thing is, at the need of the beta period I'm going to have to decide whether to stick with my existing Office version (XP), switch to Open Office, or upgrade to Office 2007.

Right now, I just can't see any reason to upgrade. I've been a Office developer for more than a decade (switched from Paradox/Lotus to Office/Access 95), so this is a big decision for me. I've been a fairly vocal critic of MS since they started their customer harassment phase - I keep the install disks of my first Office XP Developer edition install nailed to the wall in front of me. It's there to remind me that I paid AU$1500 for a tool that won't activate on any computer in existence today.

I've never had an alternative until now though, and even if OOo isn't a perfect replacement, at least it's a way out of the trap. If I and others start developing for it and using it, we'll be well on the way to creating the platform OOo is going to need to hit critical mass.

Re:The more vulnerabilities the better?

[mad_minstrel]

The problem is that the users of MS Office are Jenny the florist and Bob the teaspoon manufacturer. For these people computer security means putting more locks on the office door. They aren't even aware there's an alternative. They will not choose a new and unfamiliar office suite because of some obscure technical detail like software security.

Re:The more vulnerabilities the better?

[anothy]

first, for most people security just isn't worth very much. they want to be able to check it off on a list, but that's about it. MS Office says it's secure? ? done. compatibility - not just the ability to read, but the ability to look 100% visually the same - is a much, much bigger deal for most corporate folks outside of engineering.
second, you're assuming a rational consumer. that is an invalid assumption that leads to the undoing of loads of business models. "consumers" should under no circumstances be understood to be, as a class, rational beings. they are primarily emotional beings. you don't have to watch much television or read many mainstream magazines to realize that the advertising industry generally understands this. in the role of "consumer", people are driven by flash, by fear, by mob thinking.

when a given tradeoff becomes too painful, rational people reconsider their options; consumers go shopping.

Re:The more vulnerabilities the better?

[mysticgoat]

Since you bring up the economic issues...

Microsoft's marketing department has even less incentive than usual to repair this PowerPoint bug, or for that matter, other bugs in MS Office. Not with sales of the new version of Office just over the horizon. Since Marketing has always been the dominant department of Microsoft, I expect that the compahy will exhibit even more footdragging than usual in getting these bugs fixed.

But OpenOffice.org is not driven by the same motivations. It appears that pride of workmanship, rather than sales revenue, is the dominant driver of OOo.

How well does Impress run existing PowerPoint presentations?

Re:The more vulnerabilities the better?

[DigitAl56K]

Everytime I read a /. article about Office there is a huge Open Office vs. MS Office debate. Why does nobody mention Ability Office? http://www.ability.com/ $74.99 for the entire suite, or $59.99 if you don't want the paint application. It doesn't have 100% of Office's features, but it is pretty nice and a good alternative. Are the only choices we consider here MS or open source?

Re:The more vulnerabilities the better?

[slocan]

So would they (the vast majority) upgrade to the next version of Office (with ribbons(?), etc), which isn't exactly the same as Office, the current version (or whatever version they use)?

Maybe security as well as other factors (open formats support) may weigh in when users consider phasing out an inadequately supported product.

Microsoft seems to ben in a comfortable position. That has been so for some years. But there are risks in being presumptuous and ignoring the world around oneself (competitors, governments, current users etc) and their needs and trends (e.g. open formats). Competition has got them moving in some arenas (virtualization, clustering, browser). Maybe its time for them to get moving regarding Office security too.

I for one already use Linux and OpenOffice.org. Because it is free and beacause I don't need to, can't and wouldn't pay for neither MS Office or Windows.

Re:The more vulnerabilities the better?

[John+Nowak]

They only need compatibility with the features they're using, not every last feature.

Re:The more vulnerabilities the better?

[drsmithy]

The security in OOo's case is the fact that there exists a body of developers who are more likely to fix (or accept patches for) vulnerabilities as they are found simply as a consequence of the exposure of their code to the world's scrutiny.

Your basis for the assumption OO developers are more likely to fix bugs ?

Microsoft has no such audit process to keep them "honest".

Your basis for this assumption ?

Re:The more vulnerabilities the better?

[drsmithy]

As the dominant Office suite, MS Office has both security problems and actual exploits. TFA mentions one such. Of course OpenOffice is going to have fewer actual exploits, because it has less market share; all the money is in breaking into MS Office.

Marketshare has no relation to security problems. I know this, because everyone on Slashdot keeps telling me it's true.

Re:The more vulnerabilities the better?

Most people are using Office because most if not all of it came with their computers, and they've been using it at work for years. Most businesses use it because they have fewer support calls for office document related issues; and when there is something significantly wrong they can pick up a phone and get an answer; not spend an afternoon scanning message boards only to eventually be called an 'effing noob' and told to RT[incomplete or nonexistent]FM. My employer's 'linux engineers' are losing bonuses and training, in *non* Microsoft technologies, because of this prima-donna attitude pervasive among the open-source 'zealots'. I use the stuff, but I use the Windows and the Mac and the Solaris just as often. Come back and visit when you can use the *nix recreationally and games are made for more than XBox, PS2 (or their sucessors) and PCs.

Re:The more vulnerabilities the better?

[Bert64]

Then, your ISP/Company/ETC can more easily parse it to remove malware

Do you really need MS Office?

[pieterh]

The question people need to ask is not, "why should I switch to OpenOffice", but "what is the killer feature in MS Office that I absolutely need?" Do you really need to be able to run Word on a PDA? Do you need a smooth integration between Office and Exchange? Perhaps, but it's worth reevaluating.

If the cost-benefit ratio is not strong enough to make the cost and insecurity worthwhile, abandon MS Office and use OOo. For most people it's a lot less painful than it sounds. I've even seen OOo spread like a fashion in some teams that were 100% Microsoft, as they discovered that OOo does actually work very nicely, and as they started using ODF as a standard in place of Microsoft's own formats. We did this a long time ago... we get a consistent set of tools on Windows and Linux, and documents that now conform to a global standard and which I know will still be readable in 20 years' time, whatever software or platform I'm using.

There are many alternative office suites and OOo has its flaws, mainly it's a bit slow, but it has a feature set that hits 100% of what we've used - for documents, spreadsheets, simple graphics, and presentations - for years. And I don't get the feeling, when I run it, that I'm running a code base that has hundreds of undocumented backdoors, caused deliberately, or accidentally.

Re:Do you really need MS Office?

There are many alternative office suites and OOo has its flaws,...

Try sending a doc to someone outside of your organziation.

If "they" can't just click on the doc (in Windows or Mac, for that matter) and open it, you'll hear "I got your doc but I can't open it. How about sending it to in askee (ASCII)"

No, shit, I actually got that.

It was (still is?) a problem with MS Office on the Mac (OS 9). If you forget to add the extension to your office doc (.XLS, .DOC, etc...) before sending it to someone who's on Windows, I'd hear the same thing. Yeah, yeah, explain to them to add the extension. HA! They would just repear over and over, like a retarded parot, "I don't know, I can't open it, you need to send me another one."

I learned to just shutup, add the extension, and then send another one.

No sir, if I have to deal with folks that work in different organizations, MS Office is the universal office doc.

If I just had to worry about my own organization, then you bet, OO all the way!! I like it!!

Re:Do you really need MS Office?

[cabjoe]

For a lot of people the killer feature is compatibility with the software everyone else is using. I run OO, and recently my wife updated her resume using it. Which was fine until she needed to email it in Word format to an recruitment agency (why they wouldn't accept PDF is beyond me). We used the export feature but the result just wouldn't render properly in Word. Luckily, we still had an old version of MSOffice lying around and that came to our rescue, but the fact that we needed it shows that using Open Office can cause problems when interacting with the software the majority of the world uses.

Re:Do you really need MS Office?

[pieterh]

Yes, the problem of "send this document to random people" is a real issue.

However, since OpenOffice has had a "create PDF" feature for ages, and since it produces really elegant PDFs, this is a solved problem.

I much prefer sending PDFs to editable documents because it prevents random modifications. When people do have to collaborate on writing a document, they can install OOo without much effort, and it is easy to learn, despite not being MS Office.

I've seen many people learn to use OpenOffice and the suggestion that its interface is hard to use is untrue. I've literally given non-technical people (office admins, sales and marketing people) a Linux box with OpenOffice and said, "go for it", and they've produced documents and spreadsheets and presentations without asking anything after, "what printer do I use".

PDFs are the answer to distributing prepared documents. PDF or HTML works fine for presentations. And if you *really* need to send someone an MS-Office format document, you use the "Save as" function to create it.

And this model has let us use OO for 4-5 years in a world where almost all of our clients use MS-Office. It works.

Re:Do you really need MS Office?

This "open office's export does not create usable documents" is crap. Office deliberately screws them up. That's why the world needs standard formats so there's none of this "cripple the competitor by refusing to read files they make" shit that Microsoft does.

Remember "DOS ain't done till Lotus won't run?" It's just the same.

ODF fixes this for once and for all. And if you don't realise why it's bad for you to hand control over your documents to a monopolist then you probably deserve to get shafted.

Re:Do you really need MS Office?

[tomstdenis]

you've got machines with RAM to spare,

What? Office ain't light on ram either boy.

you're not going to need support,

I've never known Microsoft to allow any arbitrary Office user to phone them up...

You're not going to need the pre-written macro code which is everywhere for Office,

If I wanted to script my documents, I'd use LaTeX and do it properly.

you don't need the excellent VBA IDE,

??? What is that?

you don't need the excellent documentation,

I've found that most of their documentation doesn't cover odd corner cases, that "clippy" is useless and trial and error is usually the best way to go with either suite.

As to the rest ... the fact that others don't use it is self-serving. That's not a feature of Office, it's a result of the monopoly MSFT tries to establish. As for not matching the GUI, speak for yourself. It fits in just fine on my Gnome desktop.

And again for the Macros. Dude, go teach yourself LaTeX. That's how you script a proper document.

Tom

Re:Do you really need MS Office?

[tdvaughan]

And I don't get the feeling, when I run it, that I'm running a code base that has hundreds of undocumented backdoors, caused deliberately, or accidentally.

I, too, have become so much safer since I turned off my antivirus software and instead relied on good old, tried-and-tested intuition to detect malicious software and vulnerabilities.

Re:Do you really need MS Office?

[Ash-Fox]

you've got machines with RAM to spare

I've used Openoffice on systems that have 96MB of RAM -- Other than it being a bit slow. I have not noticed any usability issues.

you're not going to need support,

I don't actually know anyone who has ever used Microsoft support in my life for microsoft office. They always asked the person with most computer knowledge for help (even in large companies).

you're not going to need the pre-written macro code which is everywhere for Office,

OpenOffice.org macros.

you don't need the excellent VBA IDE,

That a joke?

you don't need the excellent documentation,

Okay, now I *KNOW* you've not use Microsoft Office's help files before if you claim this. Compared to OpenOffice's, they're really crap.

you're not going to use the entire systems implemented in Office (Excel and Access systems are commonplace where I work, they're commercial and not in-house software),

Well, we can reverse is. What about using entire systems implemented in OpenOffice.org? Will Microsoft Office work with that? Even more incompatible.

you don't mind not being able to properly use the documents everyone outside your organisation will be using, and the documents your employees will be bringing from home,

The company I work for can use the documents just fine (they get mostly Microsoft documents and PDF files)

you don't mind the GUI not matching the rest of your system,

I think it matches more under windows than Microsoft Office's does actually...

you don't mind using a piece of software which no-one will have audited,

What does audit mean in this case?

you can't wait for Office 2007 for ODF,

This was actually a big reason why we use OpenOffice in the workplace.

and you don't need a rich macro API.

We haven't found anything we couldn't do in OpenOffice yet.

Re:Do you really need MS Office?

[killjoe]

"you've got machines with RAM to spare, "

If you have enough RAM for access you have enough ram for office.

"you're not going to need support,"

If you need support you can buy it from Sun. You may have heard about Sun. I think they are a pretty large company.

"you're not going to need the pre-written macro code which is everywhere for Office,"

Office by default will not let you execute macros. Most organizations turn off the macro execution as a group policy in AD. Having said that if you have willingly chosen to open up your desktop to macro exploits and have willingly chosen to lock yourself to a vendor then you can't switch. Vendor lock sucks for an organization though. From now on you are no longer allowed to use any non MS office software ever. Good for them, sucks for you.

"you don't need the excellent VBA IDE,"

See above. You can script OO in python though, much better then VBA as far as I am concerned. There are several python IDEs around too last I checked.

"you don't need the excellent documentation,"

Wait let me check my office manual to see if it's better then the OO manual. Ooops looks like I didn't get an office manual. Seriously... There is excellent OO documentation. There are also several books which are cheaper then office.

"you're not going to use the entire systems implemented in Office (Excel and Access systems are commonplace where I work, they're commercial and not in-house software)"

If you are buying commercial apps they can (and should) use the office developer toolkit to deliver you a runtime. If they are forcing you to buy office just to run their apps then you are getting screwed. Also see the above remark about vendor lock.

"you don't mind not being able to properly use the documents everyone outside your organisation will be using, and the documents your employees will be bringing from home,"

Keep a copy of office around for those rare documents that don't translate properly. Tell your employees to use OO at home if they want to work from home. All companies have document standards.

"you don't mind the GUI not matching the rest of your system,"

When office 2007 comes out the GUI of OO will more closely match your XP box then office will.

"you don't mind using a piece of software which no-one will have audited,"

What makes you think office was audited? Who audited that commercial software package you got from that commercial vendor (you know the one that requires office to run). Who audited that messenger program half of your staff is using? I have news for you. 100% of the corporations in the world are running at least one piece of un-audited software.

"you can't wait for Office 2007 for ODF,"

The ODF support in 2007 will be read only. It will also be crippled from the looks of it.

"and you don't need a rich macro API."

You have no idea what you are talking about. None at all. Every part of OO is scriptable.

"Disclaimer: I'm not an MS fanboy, "

Yes you are. If you weren't you would not have lied so much.

Re:Do you really need MS Office?

Office ain't light on ram either boy.

Create a sheet full of strings: Excel uses under 300 megabytes of memory, Open Office - oops, sorry, it died after hitting 2 gigabyte address space limit. Same with Word vs Writer, PowerPoint vs Impress: OOo applications gobble memory both on load and during operation like there is no tomorrow.

If I wanted to script my documents, I'd use LaTeX and do it properly.

TeX macros (of which LaTeX is one) run before the document is rendered. VBA macros can run both before and after. Big difference, in case you missed that.

Re:Do you really need MS Office?

[tomstdenis]

I have yet to crash OpenOffice [and I'm talking v1 days] with a sufficiently large document [more than 200 pages].

I have crashed OpenOffice though. I've also crashed Office. But not due to document size. Usually I hit a formatting bug or something.

As for macros rendered live ... I have yet to encounter a place where that is useful. If you want an interactive pretty presentation use XHTML and a CGI script. That's at least portable and doesn't require running things on the client computer.

Tom

Re:Do you really need MS Office?

[kestasjk]

I've never known Microsoft to allow any arbitrary Office user to phone them up...
I've never known anyone in an IT department who knows how to sort out an OOo problem either.

If I wanted to script my documents, I'd use LaTeX and do it properly.
That's text documents covered (let's ignore the massive API, thorough documentation, events, key combos, community support, pre-written example code, friends/coworkers who know it too, IDE, and easy to master language). Now what about spreadsheets and databases?

??? What is that?
You write your scripts in it; it has syntax checking, debugging, auto completion, variable watching, a massive library of help and sample code, etc.

I've found that most of their documentation doesn't cover odd corner cases, that "clippy" is useless and trial and error is usually the best way to go with either suite.
Clippy may be useless but MS Office Online isn't. Most Office users need to learn to use the F1 key; you can't expect an animated paperclip to guess what you're trying to do.
If you think trial and error is the best way to get what you want it's no wonder you don't appreciate what MS Office has over OOo.

As to the rest ... the fact that others don't use it is self-serving. That's not a feature of Office, it's a result of the monopoly MSFT tries to establish.
Most of the reasons are problems with OOo which have nothing to do with user base. There are some problems caused only by the fact that everyone uses MS Office and no-one uses OOo, but businesses and home users don't care about the reason for these problems. We're trying to make good documents quickly and easily, not tip the scale against the evil MS.

As for not matching the GUI, speak for yourself. It fits in just fine on my Gnome desktop.
Really? It doesn't fit in well on mine: http://img153.imagevenue.com/img.php?image=38652_S creenshot_364lo.jpg They're both brown, but all the controls behave and look differently..

Re:Do you really need MS Office?

[Runagate+Rampant]

"Luke, you switched off your targeting computer. What's wrong?"
"Nothing. I'm all right."

Re:Do you really need MS Office?

[Wellington+Grey]

The question people need to ask is not, "why should I switch to OpenOffice", but "what is the killer feature in MS Office that I absolutely need?"

A presentation program that doesn't look like complete shit.

-Grey

Re:Do you really need MS Office?

[kestasjk]

Most of what you wrote I answered in another response, but as to these:

"you don't mind using a piece of software which no-one will have audited,"

What makes you think office was audited?
Gee, I don't know, maybe the fact that is a discussion on a vulnerability which was found in PowerPoint? That vulnerability didn't find itself.

"you can't wait for Office 2007 for ODF,"

The ODF support in 2007 will be read only. It will also be crippled from the looks of it.
https://www.microsoft.com/presspass/press/2006/jul 06/07-06OpenSourceProjectPR.mspx "bidirectional translation support"

"and you don't need a rich macro API."

You have no idea what you are talking about. None at all. Every part of OO is scriptable.
Even if OOo was as richly scriptable as Office (which it simply isn't), it's multiplatform and thus can't have the same integration with other parts of the OS.

"Disclaimer: I'm not an MS fanboy, "

Yes you are. If you weren't you would not have lied so much.
"Yes you are."? I hate replying to a post only to realise I'm responding to someone with a mental age of a schoolboy.. You have yet to point out where I have said something which isn't true, but you have said Office isn't audited and will only have read only support for ODF; both false.

Re:Do you really need MS Office?

[kestasjk]

"I've used Openoffice on systems that have 96MB of RAM -- Other than it being a bit slow. I have not noticed any usability issues."
New rule: If you don't know what a page file/swap partition is, you don't get the rest of your post read.

Re:Do you really need MS Office?

[Lennie]

> That vulnerability didn't find itself.

Your right, it was found by people outside the company that created the software.

This vulnerability wasn't found through auditing or the original programmers. Did you read the article ? Do you understand what a zeroday-exploint means ? Did you even read the title of this slashdot-article ?

Re:Do you really need MS Office?

[MonsoonDawn]

"I've never known Microsoft to allow any arbitrary Office user to phone them up..."

Then you've never tried. Microsoft does have call center support and the phone number is public. Whether or not you will be charged depends on your license and the problem.

Re:Do you really need MS Office?

[kestasjk]

Audits don't have to be done by the people who wrote the code..

Re:Do you really need MS Office?

[Bert64]

If you need support, you can buy it from sun (either in the form of staroffice, or seperately buy support), what support do you get from ms after you've paid $400 for the software?
How do you know it's not been audited? the source is out there, many people could have...

Since when has the msoffice gui matched the rest of the system either? If you want a consistent interface then koffice is for you.

Openoffice has a rich macro API too, and supports writing of macros in multiple languages.

In terms of home users, you can have home users using different versions of msoffice to you, which also causes incompatibilities, or you can give them a copy of openoffice for free and ensure consistency. I doubt many companies would foot the bill to buy the same version of msoffice for all their employees to use at home, even if it did save them a lot of version mismatch problems.

As for people outside your organisation, with openoffice you *can* open msoffice documents, in some cases better than different versions of ms can open them. However with ms, you can't open documents in the opendocument format, which is seeing increasing use especially in government.

Re:Do you really need MS Office?

[Bert64]

Your forced to use the built in IDE with msoffice and VBA...
On the other hand Openoffice lets you write macros in java, javascript, python or it's own built in starbasic language, for all but the latter many IDE's exist for you to use, and plenty of people can already program in these languages, no need to learn a new language with such a limited scope for use.

Re:Do you really need MS Office?

[Bert64]

Can't speak for the spreadsheet component, but i've had the opposite experience with the word processing components...
Open up a large textfile (how large depends on your available ram, i used about 12000 pages) in word and openoffice writer.
This is plain text, no formatting or anything, the results:

Word appears to load it and lets you read the first few pages, meanwhile the application is chugging away in the background... it informs you it won't be able to spell check as you type, and then hangs for a few minutes before completely crashing.

Writer takes ages to load it, but once loaded lets you work with it with no slowdown, and even spell checks it properly.

Re:Do you really need MS Office?

[Bert64]

Incase you haven't noticed, msoffice is multi platform too, infact it started out on the mac.

Besides, cross platform is a good thing, it reduces platform lock-in and increases competition, which drives prices down and quality up.

Re:Do you really need MS Office?

[JPribe]

#you're not going to need the pre-written macro code which is everywhere for Office, # you don't need the excellent VBA IDE, # you don't need the excellent documentation, # you're not going to use the entire systems implemented in Office (Excel and Access systems are commonplace where I work, they're commercial and not in-house software), # you don't mind not being able to properly use the documents everyone outside your organisation will be using, and the documents your employees will be bringing from home, # you don't mind the GUI not matching the rest of your system, # you don't mind using a piece of software which no-one will have audited

I find it sad, appalling even, that you spend more time *programming* office documents as opposed to filling them with content. FFS, just type the doc up and be done with it. If you have to put that much effort into your docs and spreadsheets, you must be doing something wrong. I'm seriously interested in seeing a sample of one of these documents as I am already questioning the efficacy of the files. DBs aside, of course, but why would you use access with all the silly limitations? I might even let that one slide if Joe User could manage to create an access db and make it useful...oh wait, that won't work...

Re:Do you really need MS Office?

What? Office ain't light on ram either boy.

I don't have OO.o to test, but here's the RAM usage from some MS Office 2003 apps, started fresh:

Excel: 6.100 KB
PowerPoint: 6.696 KB
Word: 13.204 KB

And here's something with documents loaded:

Excel with 14 200-row sheets and 14 graphs: 10.844 KB
PowerPoint with 20 slides, each of them containing graphics and effects: 11.200 KB
Word with a 176-page, 14 MB document: 34.208 KB

I'd call that "light on RAM". Anyone care to provide OO.o memory usage under similar scenarios?

Re:Do you really need MS Office?

[drspliff]

Oh really? I'm going through the whole recruitment process again at the moment and it's a pain in the ass.

I make a specific point to send my documents as .pdf rather than whatever editor-specific file format I created it in for some of the reasons the parent outlined, only to have 60-70% of the companies e-mail me back asking for a .doc version.

What the fuck! It's created using managed XML, XSL and html2ps/ps2pdf, somebody show me a magic 'Convert to useless Microsoft format' program and I'll use it, but for now I'm going to use technology that's key to the industry I work in to show off my resume.

Not just that, but only a few people have actually been slapped by a bit of intuition and asked for a HTML copy, or just copied and pasted text from the PDF into their recruiting application.. the rest just send e-mails back and forth until they give up and say I cant use their company out of frustration.

We really _do_ need Microsoft Office, because that's all those office monkeys know, I thought we standardized on PS (and later PDF) a long time ago, and now their trying to tell me different just because the completed their 'Touch Typing for Beginners' course with flying colours.

Give me a break, use your keyboard to type it in, do your bloody job, and stop bitching when you realize your workflow is too inflexible to handle non-microsoft junkies.

Re:Do you really need MS Office?

[BrokenHalo]

Really? It doesn't fit in well on mine

Brown doesn't look good on any desktop. If I want a crap, I know where to perform the function, and it isn't at my desk. ;-)

In any case, there's nothing stopping you from using a build of OOo that uses your native gtk2 widgets. The builds for Dropline Gnome (a Gnome distribution for Slackware) are a good case in point here.

Re:Do you really need MS Office?

[Zebai]

I have office installed on one of my alternate less important systems, and I still have to switch over to it for a few things that I've grown accustomed to that I cant find in Open office, at least not thats privided with the install package. One thing I've grown to enjoy out of MS Office is the evnelope and letters wizards, while OO has a very simple version of these the one in MS Office is much more developed and easier to use and setup, and I find myself switching computers and pulling up those wizards to get some quick work done rather than toy with the OO version. OO in fact has no templates to speak of, I tried to look for some of the more common ones I use often but after expirimenting with templates in general in OO I find the whole design implmentation to be ..weak. For composing long documents and things that I need to plan into I always of course use OO but for quick memos and letterheads, and of course printing envelopes things that I use templates for I find myself moving to the other room to finish them.

Re:Do you really need MS Office?

[miro+f]

Audits don't have to be done by the people who wrote the code..

no but they're generally done by people who can at least look at the code. Not to mention they usually don't use the knowledge gained from their audit to maliciously attack other systems.

you're calling the many hackers willing to "audit" MS Office for vulnerabilities a benifit now? I find it difficult to comprehend your argument here...

Re:Do you really need MS Office?

[anothy]

unfortunately, in our company (and in many others, from folks i've talked to), that "killer feature" is the ability to create something which looks 100% "correct" on what the majority of people you communicate with use. we don't get MS Office for our engineers, and instead issue them OpenOffice (really NeoOffice, since we're a largely Mac shop); they don't prepare Office docs for consumption outside the company, only rarely for inside the company (outside System Engineering, which i'm embarrassed to say produces their requirements in Word), and it's not important that what they see or produce be rendered 100% visually correct, as long as it's close enough to efficiently and correctly communicate the content. OO (and NeoOffice) fit that bill just fine. but for the more customer-facing types - sales, marketing, business development - the "look" is important. it needs to be slick. so all those folks, as well as the top management across the board, get MS Office (about 2/3 on Mac, the rest on Windows).

this problem is certainly not specific to OO; MS Office is frequently not compatible with MS Office. as i said, we're mainly a Mac shop and the only thing that occasionally jumps up and bites us about that is version incompatibilities between MS Office files. we've seen MS Office (on Mac) create files that various versions of MS Office (on Windows) simply can't open, and vice versa; that's rare, but rendering errors are common. this is even true between various versions of MS Office on Windows, but the frequency of the cases seem to increase geometrically the farther you get from using the same version.

one of the business development guys i work with finally got fed up with the situation last week and said "we should just be PDFing these things anyway." i wanted to hug him.

Re:Do you really need MS Office?

[CastrTroy]

I find this to be a pretty moot point. Depending of which version of word you are using, things can start to look very different. I've often saved docs in one version of word, only to open them up in another version, and have all the formatting messed up. This is especially true for things like Resumes which contain more than just basic formatting. Also it looks like crap when opened in word, because there's tons of words that aren't recognized, and they are all underlined in red. By far the biggest problem is with page breaks where you'll either use manual page breaks, and the first page will spill one line onto the second page, and then your second page will end up on the third page, or you'll choose not to use manual page breaks, and the header at the top of the second page will show up on the bottom of the first page, or the last line from the first page will show above the header from the second page. Then you get HR people who end up looking at your resume, and then maybe some changes get made because they accidentally pressed the wrong key, and then the changes get sent along to next person in the loop. As far as i'm concerned PDF is the only acceptable format for Resumes, and often many employers tend to be pretty picky about the formatting and will think that you didn't take the time to make it look right if it doesn't show up properly on their version of word.

Re:Do you really need MS Office?

[asuffield]

I, too, have become so much safer since I turned off my antivirus software and instead relied on good old, tried-and-tested intuition to detect malicious software and vulnerabilities.

You too? I got rid of mine when I realised that I was spending far more time cleaning up after the crashy and slow antivirus software than I would have spent reinstalling windows after the (rare) virus infections. One of those cures that's worse than the disease.

Re:Do you really need MS Office?

lol.... and you wonder why you can't get hired! lol!

Re:Do you really need MS Office?

[CastrTroy]

Yeah.. In this case we were thankful enough to have the auditing done by haxors. Thank God they are auditing it finding all the bugs so they can be exploited, before MS even knows about them. Then some security firm, not MS, finds out that the is already being hole is actually being exploited. Lastly, MS, who is the only entity with access to the code, and who can actually fix the problem is the last one to hear about it. Yeah. Sounds like this system works really great.

Re:Do you really need MS Office?

Or how about not switching to Open Office, because it sucks. I'm all for free software, but Open Office is not there yet. It's bloated and big, and clunky. I hate Office, but Office is vastly superior.

Re:Do you really need MS Office?

[TheSkyIsPurple]

>Yes, the problem of "send this document to random people" is a real issue.
>However, since OpenOffice has had a "create PDF" feature for ages, and since it produces really elegant PDFs, this is a solved problem.

Except when you explicitly want that person to make changes and send it back...

Re:Do you really need MS Office?

[killjoe]

"Gee, I don't know, maybe the fact that is a discussion on a vulnerability which was found in PowerPoint? That vulnerability didn't find itself."

Lying again I see. The vulnaribility was not found by MS doing an audit. Most windows and office vulnarilibilities are not found by MS doing an audit.

RE:ODF. You provide a press release by MS to prove that it will be read/write and will not be crippled?

"Even if OOo was as richly scriptable as Office (which it simply isn't), it's multiplatform and thus can't have the same integration with other parts of the OS."

Why not?

""Yes you are."? I hate replying to a post only to realise I'm responding to someone with a mental age of a schoolboy.."

YEs you are. I can tell because you lie so much. Lying is intervowen to the MS culture and the fanbois are no exception. Keep shilling though my boy. The world needs more MS shills that's for sure.

Re:Do you really need MS Office?

What makes you think that OO.o has no security problems?

Re:Do you really need MS Office?

[WhiteWolf666]

I feel the same way about PowerPoint.

PowerPoint is fugly. It is only very, very slightly better (aesthetically) than OpenOffice.org Impress. Either use Keynote (which is usuable by people with very limited computing knowledge, and can generate easy to distribute QuickTime presentations), or put together a moderate budget and create an honest-to-god animation/video.

PowerPoint is overused, and is totally inadequate for most situations. Keynote outperforms it by a huge margin; and you can get Keynote+a Mac Mini for not much more than the price of Office Professional.

All other tasks that you wouldn't use Keynote for can be handled by OpenOffice.org Impress (i.e. the absolute most basic slideshows that don't matter if they are fugly).

Re:Do you really need MS Office?

[kestasjk]

"Under enough eyeballs all bugs are shallow". I'd rather use software which has been checked for security holes, by the company, hackers, anyone, than software which hasn't.

Re:Do you really need MS Office?

OOo is a very good alternative to Office that does most if not all things Office can. Though one thing that bothers me about using OO is the fact that it runs on Java. I don't hate Java (I use it quite often), but an issue I have with Java applications is that when they have sat idle for awhile, Windows will write the program to swap. This of course isn't a problem if you keep it active, but if you multitask it becomes annoying when you finally have to switch back to OO and have to wait 10-30 seconds (maybe more depending on document size) for the memory to be swaped back into RAM.

This is of course, not OO's fault but Java's and Window's.

Re:Do you really need MS Office?

[kestasjk]

You're the one getting angry and name-calling about some true statements I made about an Office suite. If you get angry when someone speaks ill of a piece of software which isn't your own, you're a fanboy idiot. "Nooo, OpenOffice is holy! You lie, you lie! It's not true!! *sniff*"

Re:Do you really need MS Office?

[WhiteWolf666]

Suggestion: PDF everything (as you noted), and for Presentations, use Quicktime.

A presentation created in Keynote using the Quicktime format is easy to distribute, plays everywhere, and is vastly more "visually" appealing than a PowerPoint.

Re:Do you really need MS Office?

[WhiteWolf666]

As for not matching the GUI, speak for yourself. It fits in just fine on my Gnome desktop.
  Really? It doesn't fit in well on mine: http://img153.imagevenue.com/img.php?image=38652_S creenshot_364lo.jpg They're both brown, but all the controls behave and look differently..

Yet another reason to use SuSE. Take a look at mine:
http://www.energy-chicago.com/oowidget.jpg

Everything matches up beautifully.

The only visual "difference" that I can see is that Tabs on OpenOffice.org fade out the text on non-active tab items, while they remain black on KDE/QT/GTK2. For me, this is a minor enough issue that I don't notice it unless I'm looking for it. It's certainly no where near as bad as the issues on your screenshot.

Re:Do you really need MS Office?

[WhiteWolf666]

I think he means "audit", the same way Scientologists "audit" your body for thetans. The leet WhiteHat HaXors "audit" the bugs right out of the software using an e-meter.

Or something like that.

Re:Do you really need MS Office?

[killjoe]

"You're the one getting angry and name-calling about some true statements I made about an Office suite. "

Why do you think I am angy? I am simply pointing out your lies. Why would I get angry about that?

"If you get angry when someone speaks ill of a piece of software which isn't your own, you're a fanboy idiot. "Nooo, OpenOffice is holy! You lie, you lie! It's not true!! *sniff*""

Since I destroyed your straw man I guess this sentence is moot.

Keep shilling though, god knows MS needs help from the likes of you!.

Re:Do you really need MS Office?

[miro+f]

then you should be using open source software such as OpenOffice...

Re:Do you really need MS Office?

Ah, the irony of such a response. Sounds like a sixteen-year-old McDonald's employee using AIM on his mom's computer laughing at a conversation he doesn't understand.

Office Vulnerabilities

[the.metric]

I must say, I think Office vulnerabilities, especially in Powerpoint (the purveyor of all e-mail presentations), have the potential to be a lot more persistent. By that I mean, I know people who religiously update Windows, but don't give a second thought to updating Office. So it means that these vulnerabilities can hang around as unpatched for a lot longer.

Re:Office Vulnerabilities

[blowdart]

It depends how they update windows. If they've switched from windowsupdate to microsoftupdate then Office updates will be included (as well as updates for some server software like SQL 2005). The switch also changes the automatic update software.

Features are meaningless.

Interface is everything.

MS Office is hardly the best example of a good interface. However, it blows OpenOffice out of the water.

Why do you think the popular glorified windowmanagers of Linux try to emulate Windows as much as possible? (Though in that case, it's really a moot point. At that level, familiarity of the interface is a far second to applications that are already and must continue to be in use.)

MSFT Sell ! Sell !! Sell !!!

MSFT If you've got it, now is your last chance to sell before it falls like a rock. It just happens I write this in a PPT exploit article, but this has nothing to do with it.

Won't affect me

[DrXym]

Even if I open a ppt attachment by mistake, it will launch into OpenOffice. The law of diminishing returns makes far less likely that an exploit intended for one office suite used by the masses is going to work on another. That's no reason to be complacent or less vigilant, but it's just one extra layer of security between me and the attacker.

Re:Won't affect me

[rbarreira]

I'm sorry but what does the law of diminishing returns have to do with exploits??

Re:Won't affect me

[DrXym]

Put yourself in the shoes of a hacker. Do you waste a disproportionate amount of time writing an exploit that snags 0.01% of users who might a ppt association but it loads into another presentation app and who may not even be running Windows, or do you write one which targets the 99.9% of recipients who are running Windows and PowerPoint?

i.e. do you waste a lot of time for a minimal gain or go for the lowest hanging fruit?

Re:Won't affect me

[rbarreira]

OK, I got what you said, it was the wrong way you wrote it that confused me:

The law of diminishing returns makes far less likely that an exploit intended for one office suite used by the masses is going to work on another.

Re:Won't affect me

[theshibboleth]

Are you suggesting that the number of people who do not use Office to open PPT documents is small? I think targeting Office is in fact highly effective.

Re:Won't affect me

[DrXym]

Yes, the number of people opening a ppt with something other than Powerpoint is diminishingly small. It would be a waste of time writing an exploit for that scenario. Hence the reason that machines with a heterogenuous mix of software are far less vulnerable as a rule than those running purely Microsoft stuff.

It doesn't mean they are immune and common sense security still applies, but they are far less likely to be infected in the first place. Secondly, even if you caught a dose, the payload might not work properly. For example, a ppt file exploit is likely to want to mass mail everyone in your address book to spread itself. But if you're not using Outlook, then the virus / trojan can't spread via your machine because it can't propogate itself.

Re:Won't affect me

[whitehatlurker]

Just remember to keep OpenOffice.org up to date as well. Current version is 2.0.3 - updated to patch 3 security holes.

It was posted on 14th, its not zero day

[LiquidCoooled]

We should have a class of vulns for the slashdot crowd, third day flaws ;)

there will always be more flaws.

[z4pp4]

... why does there have to be a news story about every one?
if you are really concerned, rather try these rss feeds:
http://www.us-cert.gov/channels/techalerts.rdf
http://secunia.com/information_partner/anonymous/o .rss

/sigh

[r4d1x]

I think its great that /. gives me all the news that I care about, but I'm really starting to second guess it. IE: this article is a weekend killer knowing that I will now have to push over 1000 IAVA's sometime in the near future......

Good

[tomstdenis]

Now I have an excuse for all those stupid sales presentations I've skipped. :-)

Tom

Re:Good

[MichaelSmith]

Now I have an excuse for all those stupid sales presentations I've skipped. :-)

Its got so bad now where I work that we have a powerpoint presentation (with a big screen and projector) at the annual christmas function.

Its not about work or anything its just that ppt seems embedded in the thought processes of our managers.

Spend the time making better software

[Knutsi]

It appears to me that it is hard to find software that cannot be exploted somehow, given enough time to dig into every possible way of doing so. Isn't this an indication that there is simply something wrong in the way software is put togeather and executed? Maybe the people who design API's, compilers and whatever is used to make software needs to rethink the way the stuff works... or maybe software is quite simply such a complex task of engineering that to keep it possible, it must also be possible to exploit.

I have of course no idea how to change the world, or I'm sure I'd be either very rich, very famouse or both ;)

Take it away now,
. Knut

Re:Spend the time making better software

[tomstdenis]

The problem is many fold but two such problems are

1. Lack of proper design, often caused by

a. Addition of new team members during product cycle who don't have a clue
b. Retention of old team members [yet to be promoted] that don't have a clue
c. Features added mid cycle

and

2. Poor implementation

a. Not all developers use the same coding style
b. Most developers are not thorough enough to verify their code

Basically you have a poorly maintained product design being implemented by people who often don't have a lot of software experience. The result is code that "works" but isn't proper. It's not uncommon in large products to have scores of warnings in the compiled code that go unnoticed so long as the code passes the CURRENT regression testing suite.

It isn't something wrong with the C or C++ compilers or for the most part with OSes in general. It's just that you mix trying to profit as much as possible with trying to make software and this is what you get as a result.

It's the same with all greedy engineering where you get sloppy work that ends up costing more in the long run. Only difference is in the physical world if you poorly engineer a building or bridge or plane or ... you can get imprisoned for it. If you put together shit software you just release a patchset and pretend it never happened.

Tom

Re:Spend the time making better software

[Knutsi]

I see your points. I'm not a professional software developer, but end up doing some coding every now and then to achieve things nessesary for my work, quite simply since my company doesn't have resorces to hire a professional for all such things. None of this code gets any lasting importance however, which I consider important.

I am however noticing that the developer world here in Norway(which I encounter from time to time) seems to be professionalising allot. Maybe its a sign of better things to come, when combined with more security features being engineered in Windows Vista etc. At least this applies to big products like PowerPoint (:

But you know, as long as there are hobbyist programmers around, and development tools are so easily available, people who doesn't have a degree in how to engineere software for security will keep making the stuff.

If you build a house in a city, allot of people have to approve it for quality, so maybe the same thing should apply to the major software market? (: Guess that would only add one or two more annoying popup in Visat ;P

Cheers,
. Knut

(P.s.: have to you ever wondered when the first "popup-blocker" to block Vista security messages wil larive? ;P)

Re:Spend the time making better software

[eth1]

I think it's just a matter of cost. As a piece of (commercial) software approaches absolute security, the cost of development approaches infinity. (maybe not quite THAT extreme, but you get the idea :) For OSS, as it approaches absoulute security, you get version 0.5, 0.9, 0.99, 0.999, etc. So what we end up with is 'good enough'.

Word resume

[lastberserker]

email it in Word format to an recruitment agency (why they wouldn't accept PDF is beyond me)

Why? Because before the first living soul casts a glance on your resume it will be sifted for keywords, dragged through filters and rendered in some uniform way. And guess what, PDF is a presentation format, not a data storage format - there is no guarantee that you get the original textual data back from an arbitrary PDF document. So they don't accept any PDFs.

Re:Word resume

[newt0311]

you have mentioned a very good point here and that is the difference between a data storage format and a presentation format. the problem with your argument is that word format is still NOT really a data storage format either. SGML, TeX (LaTeX), XML, etc are actual data storage format. these formats store conceptual info (like this text is supposed to be emphasized or this is a chapter heading) and then something like an interpretter along with style sheets are used to interpretthe data present and render the data into a presentation format like PDF. That is not the case with word format. Word just contains data like this text is bolded, there are newlines here, this text box goes here. That is exactly what PDF is like, just not as good. so in effect, both word and PDF could have been accepted and the PDF would have been easier to parse through since the PDF standard is openly publisized by Adobe and IMHO very easy to use (PDFs are inherently text files with the occasional binary blob and are neately divided into descrete objects, word format is who knows what). The ideal solution for the rearrangement you have indicated would be something that was designed for it like the aforementioned SGML, TeX, XML etc. In these languages, it is possible to explicitely mark data by what it actually IS and then leave the job of interprettation to outside libraries and programs.

Both PDF and Word are the same thing in a different form: WYSIWYG PRESENTATION formats.

Re:Word resume

PDF is a presentation format, not a data storage format -

What crack are you smoking? You can tag PDFs as much as you like. Just because you, as an average end user, don't know how doesn't mean it can't be done.

PDF is more like an envelope than a word document anyway.

Do you really need powerpoint or similar?

[dbIII]

The question people need to ask is not, "why should I switch to OpenOffice"

The question people should have been asking since 1992 is "why should I be doing a powerpoint or clone of it when a web presentation of some form can be used later and will work on something that is available if my laptop does not like the projector, gets dropped or other problems." Going out to buy the latest version of MS Office a few minutes before the presentation because some guy has a powerpoint presentation with embedded avi files that won't work with anything else is somewhat annoying.

There are web content tools designed to work well even for your average aging office typist who is scared of computers.

Re:Do you really need powerpoint or similar?

[fermion]

There are a couple different variable here. First, powerpoint allows people to do computer based presentations that otherwise couldn't. Powerpoint also automates the bells and whistles so people feel powerful. I personally feel that powerpoint allows us to produce the whiz bang presentations that are useful when we have no useful content, which could be a good or bad thing. I think many people are addicted to it, in the same way they are to the style control in Outlook.

This leads to the second variable, that the web does not give you the control of the presentation. In fact one big problem we had with the web, pre-css, was that the people who wanted to exactly control the presentation of the content developed all these hacks that did real harm to the medium. A lot of people will freak if te presentation is even slightly changed, mostly because the content does not support the presentation. Even with web design tools, the effects are not as interesting or rendered as predictably. The lack of control can make people feel weak.

As a side problem, if the presentation is not public, then putting it on a web server might not be the brightest thing to do.

Just to be clear, I know that there were useless presentation prior to powerpoint. I had to sit though many. OTOH, there was no delusion that somehow a few animations made a boring presentation more intersing.

Re:Do you really need powerpoint or similar?

[pedalman]

Powerpoint is evil and should be a controlled item; like alcohol, tobacco, and firearms.

Re:Do you really need powerpoint or similar?

[whitehatlurker]

Powerpoint really doesn't do anything extra for the presentation. It helps the lazy presenter, for which I am grateful, but I don't believe it helps the audience.

One of the lesser used features of Opera is the Opera Show Presentation format which is a nifty (albeit non-standard) way of presenting a slide show (power point like) presentation which is also represented in CSS and HTML. This could be the basis for the "web based" presentation.

As far as the point about web-based presentations goes, your comment "if the presentation is not public, then putting it on a web server might not be the brightest thing to do" can be applied to the PPT file as well. The web-based presentation doesn't have to be on a network server - simply a collection of local files would work as well.

Faulty logic

Therefore, in practice, MS Office is less secure.

Bzzzzt! That's the sound of BS alarm - the above does not immediately follow from your A and B. You must also assume C: MSO and OOo are products of comparable quality. They are not. Amuse yourself by checking the number of OOo crashes and hangs in very basic scenarios. And that's 2.0.3 that was around for days. Do you say it is the same quality as MSO 2003? Didn't thisnk so...

Re:Faulty logic

You seem to be confusing security and stability. Granted, they can be somewhat related, but they aren't the same.

Hmmm...

[TheSeer2]

I wonder how you address a ZeroDay flaw [unless it means something else] in previous patches. One could argue that they should've found it first, but most *true* anti-ms sentiment is that they don't fix known bugs.

"Office!" [Snorts]

[ettlz]

He he, "PowerPoint"! When will you people give up and use LaTeX/Beamer like everyone else?!

Re:"Office!" [Snorts]

What's Latex?

Re:"Office!" [Snorts]

[ettlz]

Latex is a rubbery material formed from the sap of certain trees. LaTeX, on the other hand, is a set of macros written by Leslie Lamport for Donald E. Knuth's TeX typesetting system, with the aim of moving the focus of the source to content rather than form. Beamer is a package for creating presentations that runs atop LaTeX.

Re:"Office!" [Snorts]

[newt0311]

indeed. LaTeX + Beamer >>>>> M$ powerpoint. especially the whole code reusability really helps wih style sheets.

PowerPoint ZeroDay?

[achurch]

Is this a new Office extension or something? "Share your important confidential presentations with everyone, instantly! Only with PowerPoint ZeroDay!"

Re:PowerPoint ZeroDay?

[ettlz]

I mis-read it at first and thought the cranks were out celebrating "Zero-Point Power Day".

Someone will explain it to me

[6Yankee]

Couldn't understand TFA - so I'm waiting for some nice helpful spammer to send me a PowerPoint presentation on this vulnerability.

Cause and effect.

[Victor+Fors]

Microsoft hardening Windows? Hardly. This latest wave of office exploits is rather a result of the excel exploits found some weeks ago. If one application in a suite is found to contain exploitable bugs then the other ones are likely to exhibit the same behaviour. It's all about return on investment.

PowerPoint vulnerability FAQ document released

[jjMick]

There is related Frequently Asked Questions document published too, it was mentioned at CVE entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2006-3590 of this PowerPoint vulnerability:
http://blogs.securiteam.com/?p=508

"lower hanging fruit"?

[slartibart]

"Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows"

Um. Isn't "lower hanging fruit" the easier fruit to get? I think you mean just the opposite, Mr. Editor.

Re:"lower hanging fruit"?

[melstav]

No... The analogy fits.

OS vulnerabilities are the BETTER fruit, because they directly lead to being able to crash or pwn the system, which is why they've been focused on.

All of the easier OS vulnerabilities have been patched, and OS vulnerabilities are becoming harder and harder to find. So now, the bad guys are going back to looking at application vulnerabilities that they've been ignoring to see if they can use them to do what they want.

A revenue focused company?

[ClosedSource]

Wow, MS must be on the fringe of standard business practices.

Security through instability?

[ClosedSource]

Perhaps that's OO's security strategy: crash before any exploits can do any harm.

No second monitor == No OpenOffice Impress

I'd prefer to use OpenOffice wherever possible. I'd prefer to use OpenOffice on our church's laptop, to replace PowerPoint, but we can't do this without HUGE hacks that are really hard to train others. Powerpoint can be displayed on the second monitor just fine. OO's Impress can't.
See http://www.openoffice.org/issues/show_bug.cgi?id=1 2719 or http://wiki.services.openoffice.org/wiki/Impress_s imple_multiple_display_specification for more details.

Honestly, you can't say that OO is "really close" when glaring holes like this exist. This isn't some obscure option hidden behind 3 levels of menus. It's a "we can't do something we've been doing every time we used Powerpoint."

We're now using MediaShout instead.

they did Access right then

[r00t]

Access "coders" need professional help. I mean of the psychiatric variety.

Tools like Access are useful for desktop experimenters. Any "professional" developers using Access to write apps are failing to grow up and use a real database. Use msql, mysql, postress, DB2, Oracle, Sybase...

If a heavy-duty database is not required, use Berkeley db. Do not be scripting a toy app for serious business use.

Re:they did Access right then

Absolutely right. And for us developers, maybe that means that there won't be any more heinous Access apps written by the company's owner's-cousin's-brother in law (who is a real computer wiz) to maintain.

Re:they did Access right then

[laughing+rabbit]

Hear! Hear!

wrong answer

[r00t]

I got one recruiter to admit it to me, and I've seen the results from the other side:

They edit your resume.

They take your name off, or at least your contact info. They add their own banner across the top. Lord only knows what else they might do to "enhance" your resume.

Really, I don't want that kind of "help".

Re:wrong answer

[mpe]

They take your name off, or at least your contact info. They add their own banner across the top. Lord only knows what else they might do to "enhance" your resume.
Really, I don't want that kind of "help".

That applies regardless of if you are a looking for a job or looking for workers...

shouldn't have done that

[r00t]

The resume probably ended up with a recruiting agency banner over the top, all of your wife's contact info deleted, and various odd "improvements" that could cause an awkward situation in the interview.

They really do this. Nice, huh?

It's not "ZeroDay", it's "zero-day" or "0-day"

[LocalH]

"ZeroDay" is too buzzwordish. Plus, bicapitalization is lame.

Maybe everyone shouldn't use .doc

[GregNorc]

After moving to openoffice, I've found that in writer at least, you can get by fine with rich text format or just plain old .txt, and anything that's too complex to save in anything but Open Document format can be exported as a PDF.

It's not just the code, it's the design

[argent]

One of the things that has bitten Microsoft again and again is this common tendency among multiple groups to embed powerful tools in document handling applications. ActiveX in Internet Explorer and the MS HTML control, the myriad scripting tools in Microsoft Office, and of course the very design of .NET is based on the idea that you can "trust" certain documents and allow them to run effectively native code components.

This is fundamentally different from the way just about everyone else does things, but Microsoft has so long argued that the performance impact of a secure sandbox is unacceptable that it would be inconceivable for them to back down on this design philosophy. If they refused to back out of the ActiveX/HTML IE/Desktop integration in the face of having the company broken up, I can't imagine what wouldpossibly lead them to see the light everywhere else.

Link about the actual virus

[DavidD_CA]

The summary really should have linked to this page which describes the virus in a bit more technical nature. Not "reporter speak".

http://www.symantec.com/enterprise/security_respon se/writeup.jsp?docid=2006-071212-4413-99&tabid=2

Apparently the victim launches the PowerPoint slide show (probably spread via email like every other virus) and it uses PowerPoint to drop the virus and infect the machine. Although the link doesn't say, my guess is that it does this without prompting the user if it's okay to run a macro.

The virus also displays a slide full of Chinese (?) characters. Anyone know what that translates to? "All your slide are belong to us"?

Re:Link about the actual virus

[tsu+doh+nimh]

Gee. Wonder why it's not written for the techie/slashdot crowd. Huh. Oh yeah, it's The Washington Post. It has to be understandable to people who aren't complete geeks.

According to a writeup at the SANS Internet Storm Center, the message generated by the virus reads: "What is love? Sending her 999 roses knowing she doesn't love him. What is waste? Sending her 999 roses know she loves him." That SANS advisory also notes that 3 (count 'em THREE) proof of concept exploits have been published for this vulnerability.

Re:Do you really need OOo?

[gatzke]

doc is broken, why keep using that format?

If you are in a technical field, consider LaTeX. I personally love LyX, a frontend for LaTeX that lets you see what you are doing (instead of just use a text editor to hack tex code).

Great output, great control, great everything but rough learning curve, unless you use LyX.

I still have tex files from over a decade ago that work fine. How many Word files from 1995 work fine for you?

And the new 1.4.2 PC LyX installer is 10x better than the old one, it automatically installs all you need (ghostscript, latex, dictionary, others).

There are even tex2word and word2tex converters (non free) in case you do need to convert a few files.

I keep Office / OOo / Crossover for reading email attachments and rarely use them in the real world.

Web CEO

[babul.paul]

Is Web ceo is banned from google? i don't know really about it but when i saw the site I found that the pr of the webceo.com is 0. when i saw it before i found that it's pr is above 5. then checking the link of the site, it's also 0. If it's banned then i how about it. regards http://www.netprophetsglobal.com/ India software development