Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Handle New MS Word Vulnerabilities?

Posted by Cliff on from the it-maybe-time-to-look-into-a-new-word-processor dept.

chipperdog asks: "With yet another zero-day exploit of MS-Word document files, what are fellow system admins doing to protect themselves against these threats? I have been blocking all .doc and .dot at the mail and proxy servers until malware scanners have signatures to detect and block the malicious files. Of course, this caused a uproar with the users, as there were continuous calls like: 'When can I send and receive Word files again' and 'I can't get anything done if I can't send/receive Word files'. Any suggestion of sending documents in different formats (like rtf, html, txt, or pdf) results in even more creative user 'feedback'. Has anyone done anything creative in their handling of word files — like having qmail-scanner pipe all .doc attachments through something such as wv to convert them to a less exploitable format?"

14 of 157 comments (clear)

  1. You can't... by Otter · · Score: 5, Insightful

    You can't suddenly cut off the exchange of Word documents in any modern business. Unless you can justify bringing your company to a halt over some vulnerabilities with no real-world risk, you just can't do it.

    --
    What I'm listening to now on Pandora...
    1. Re:You can't... by StupidMBA · · Score: 1, Insightful
      No. Have you ever had to send a document to some business contact?

      If it's MS Word, there's no problem.

      I've actually had some biz associate tell me to send the doc in 'askee'. When I sent an ASCII doc to him, he said that he couldn't open it. After many rounds of back and forth over this, I sent him a Word Doc - no problem.

      --
      Don't mod me down: I was joking!
    2. Re:You can't... by Todd+Knarr · · Score: 2, Insightful

      Why would banning Word documents bring your company to a halt? Word will open RTF files (for example) just as automatically as it will it's native format. It can save as RTF almost as easily as it's native format, it's at most 2-3 extra keystrokes once in the entire lifetime of the document. RTF handles all the text formatting, images and such that Word's native format does. The only things it doesn't support are the active content and such that malware uses, and I don't see that as a problem. So why should a block of Word documents have any effect whatsoever on a business?

    3. Re:You can't... by dwater · · Score: 2, Insightful

      "better"? Not from the point of view of the vulnerability, it isn't. Sure, it's better practice to do as you describe (saves on bandwidth), but it doesn't make any difference how they get an infected file - email, copy, http, ftp - all the same from the virus's point of view.

      --
      Max.
  2. Wow... glad you don't work for me. by everphilski · · Score: 4, Insightful

    Killing your company's productivity by not allowing the exchange of information? A big no-no. Plus it is all-to-easy to get around (rename the extention, zip the file, etc).

    A better solution is to educate the users - send out a mass email explaining the vulnurability, that you shouldn't be opening and doc's you aren't expecting. If you do it is your own damn fault and the timeliness of the fixing of your machine can not be guaranteed. There is no reason to choke business as you have and quite frankly the users have every reason to be upset.

    1. Re:Wow... glad you don't work for me. by Joe+The+Dragon · · Score: 3, Insightful

      So what to tell the people in HR that are expecting resumes?

  3. Re:Rename the files by Rob+T+Firefly · · Score: 4, Insightful

    I don't presume to know your job, but if your users need to subvert the protection scheme in order to use the system for its intended purpose and do their jobs, the protection scheme needs some serious work.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  4. The simplest way. by revxul · · Score: 4, Insightful

    OpenOffice.org.

    --
    Truth, Just Us, And Hatred For All Mankind!
  5. Quarantine by Knara · · Score: 2, Insightful

    When we have viruses exploiting Word files, part of our security team sends out a notice that says we're temporarily quarantining the files until we can have them cleared. But really, you can't indefinitely stop word files from coming in.

    I'll admit I'm too lazy to read the exact detail of the exploit, but shouldn't this whole situation be alleviated by good, layered network security anyway?

  6. Re:I don't by Praedon · · Score: 2, Insightful

    Being an ex-network administrator, I have come to the conclusion that it is us who save the company tons of money by keeping it safe from exploits. By practicing good security measures, anti-virus installations, ad-ware remover, etc, it usually cuts down considerably on the amount of work it takes to keep the network infrastructure free of viruses and spyware, allowing time to focus on other important factors, such as Word exploits, migration from windows to a linux OS if all it requires is word processing, etc.

    Here's hoping Vista lives up to the hype that under good security measures, it will be somewhat secure. Otherwise, there are alternatives such as migration to linux and OpenOffice and such, which does not suffer from as many exploits that Windows and Office does.

    --
    Just me
  7. Re:Rename the files by bb5ch39t · · Score: 2, Insightful
    What amazes me is that companies continue to hire people like this that need to use computers constantly as part of their job, yet don't have even the most basic computer skills.

    The reason is simple. Such people can be hired for less money per hour. This increases profitability and thus directly affects management's bonuses. That is what matters to management. Any problems caused by this are obviously the technicians' fault .

  8. Re:For all Office users, there is a patch here! by nanarchy · · Score: 1, Insightful

    So what your saying is remove a buggy crappy piece of software and put in a bloated slow buggy piece of software. hmmmmmm I can see your thinking here. Users will be so pissed off and frustrated with OO that they will no longer open documents as it will be simply to frustrating. Seriously though dude this exploit crashes OO too. OO is not a solution just more of a problem.

  9. Remove the root cause by 6031769 · · Score: 2, Insightful

    We do not use Microsoft Word at my place of business. This is therefore no longer a concern. If any sysadmin thinks this is a problem, it's clearly time to approach the PHB with it in terms that they will understand. Something along the lines of, "Yes, I'd love to tackle that super-urgent issue of yours, but I'm too busy fighting these n MS Word vulnerabilities" where n is greater than zero. That ought to do it.

    --
    Burns: We're building a casino!
    McAllister: Arrr. Give me 5 minutes.
  10. Just use OpenOffice rather than cutting them off by leonbrooks · · Score: 2, Insightful

    OpenOffice allows you to read & write MS-Word docs without having MS-Word. This has worked well for many of my customers, & they enjoy the PDF document production & the ability to recover many broken MS-Office documents simply by opening them in OpenOffice.

    OpenOffice also runs on more platforms & is developing faster, & the docs are much easier to externally process (they’re basically ZIPped XHTML in a moderately sane format).

    Oh, yes, and it’s much cheaper ($0 per seat) & you don’t have to watch out for time-bombs in the registration or anything like them.

    And finally, I like it more. It’s not perfect, but things are generally arranged more sensibly, plus a lot more odd little corner cases are correctly (consistently) implemented.

    --
    Got time? Spend some of it coding or testing