Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Finders Lay Seige to Microsoft Office

Posted by ryuzaki0 on from the flaw-finders-tarred-and-feathered dept.

An anonymous reader writes "The Register is reporting that bug reports on the latest iteration of Microsoft Office are certainly keeping the Redmond firm's programmers busy. So far this year 24 flaws have been found by outside researchers, more than six times the number found in all of 2005. From the article: 'The deluge of vulnerabilities for the Office programs - Word, Excel, PowerPoint, Outlook, and, for professional users, Access -signals a shift in the focus of vulnerability research and underscores the impact of flaw-finding tools known as fuzzers. The vulnerabilities in Office also highlight the threat that such files, if remained unchecked, can pose to a corporate network. Not since the days of macro viruses and Melissa have Office files posed such a danger to computer security.'"

4 of 149 comments (clear)

  1. Help stomp out "more than" abuse! by aiken_d · · Score: 5, Insightful

    The worst form of "more than" abuse is, of course, when people use it with flagrantly non-round numbers. "More than 274 parts", "More than 6831 batteries", etc.

    The second worst form -- which this OP engages in -- is nonsensical math. If 24 faults is "more than six times" the number of faults in the previous year, then the number of faults in the previous year was 1, 2, or 3 (if there were 4 in the previous year, 24 would be exactly six times as many). Yeah, the previous year could have been zero, but 1) I know office better than that, and 2) let's give the OP at least a tiny bit of credit.

    So, ok, we're up from between 1 and 3 to 24. "More than six times"? Well, if the previous year was 3, "more than seven times" would be more accurate. If the previous year were 2, "twelve times" would suffice. And, god help us, if there were only one in the previous year, "compared to only one last year" is probably better than "24 faults, which is 24 times more than last year."

    Please, join me in the crusade against "more than" abuse. It does give extra punch to a sentence, but only if used properly.
    -b

    --
    If I wanted a sig I would have filled in that stupid box.
  2. Re:OpenOffice by vux984 · · Score: 5, Interesting

    If the business case for switching to OO were that clearcut, you think MS Office would still be around?

    Yes. Absolutely. "Nobody ever got fired for recommending Microsoft Office."

    I know several business where 90% of the users don't need much more than WordPad who are running MS Office Pro. They only use spreadsheets at all because the "table" layout makes doing certain types of form easier -- they have timesheets, expense sheets, etc that don't even use calculations. They don't use powerpoint or access or even outlook. (they on a corporate webmail)

    They DO NOT need a several hundred licenses of MS Office.

    But the IT director authorizes Office Pro on every new desktop. There is no business case for it. When I suggested they cut costs and standardise on OO on at least the machines that are being used by low level staff to fill out their time sheet and read office memos I just get a blank stare.

    They've never heard of it, don't beleive that it could possibly meet their needs (which they've clearly never actually assessed), and they have ZERO intention of even looking into it. Worse they've been gradually growing, and new machines come with new office the old machines have "old office".. so they are supporting users with every version office since 95.

    Its sad.

    FWIW I *have* converted a couple companies to OO, and the most recent was done as part of a general upgrade. We pulled out boxes with Win98 and Office 98 and dropped in new XP Pro boxes with OO. We set the defaults to use office formats so there would be minimal transition issues. Most staff aren't even really aware they aren't using Microsoft Office anymore -- which is unfortunate really, because its not doing OO much good if people don't even know they are using it.

    I've also recommended OO to a many Home users. For the most part they are happy with it, and it works well enough that they actually prefer the "legality" of it even if its not 100% what they are used to.

  3. Re:OpenOffice needs this too by umkhhh · · Score: 5, Interesting

    I would not worry - if OpenOffice gets more popular it will get its share of abuse and fixes too.

    Having said that - part of MS problem is systematic: its closed (as oposed to open) design nature is slowing down debugging and more importantly its close relationship with OS is proving fatal to security. OO does not have that.

  4. Re:Access ? by Gli7ch · · Score: 5, Funny

    I believe by "professional user" our anonymous friend means "person who for some reason purchased the Professional Edition of Microsoft Office, possibly because it sounded cooler". I use it for phone numbers!