Slashdot Mirror
Office 2003 Service Pack Disables Older File Formats
time961 writes "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives.
Is that how one interfaces with rarely-used document archives? via groping?
The theory of relativity doesn't work right in Arkansas.
If you read the knowledge base article, you'll see that the default allowed old-version goes back to before even Word 95. PowerPoint 95, but not 97, is blocked. It's very likely that few documents exist in such old formats at this point.
However, I really have to question whether the enhanced security is worth it, since those old versions didn't allow too much of embedded scripting anyway. Are we just worried about buffer overflows, because those are still a symptom of their parser, not the format itself.
The software nanny continues to keep us from hurting ourselves... gee, thanks. (Hmm, anyone smell a similar trend in government lately?)
--
Educational microcontroller kits for the digital generation.
I don't know if I'd characterize it as "mind-bogglingly complex". It's a series of registry edits. There will probably be appropriate .REG files released by various parties in the next few days, and if you're paranoid, it should take about 15 minutes to roll your own. As for users in non-managed environments, I don't know how many home users really try to access files that are over a decade old.
Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
According to TFA, you still can open and save the files (Word 95 and older, and other ancient formats), you need to edit the registry to enable the formats.
Tell the truth and you won't have so much to remember.
Hmm, usually, Microsoft stories are the foundation for countless counts of M$ bashing, but I wonder if this story will gain as much M$ bashing as the other stories. From what I could see, this is one of those circumstances that have no real "right" answer that'll make you feel good. At least there IS an official, documented workaround as opposed to the inbound TCP connection limit that came with XP SP2.
The minute a user tries to open these retired formats and cannot is the minute they start looking for another solution to open their files. This will help the install base of a lot of alternatives, which may have some staying power once installed. Programs like Abiword, OO.org and Gnumeric are all waiting in the wings.
Things like this make me glad I don't use any of their software.
I bet they'll do the same thing down the line if OOXML ever gets the ISO stamp of approval. let this be a warning to you, with MS your files are accessible for however long they decide they should be, with FOSS, they're accessible as long as anyone is alive capable of re-compiling the source.
Sigs are too short to say anything truly profound so read the above post instead.
I only use software I coded myself, of hardware I've built myself, out of metals I've mined and smelted myself, etc...
Well, thank god we're all so worried about security! Now those "unsecure" files as so secure, not even the author can read them!
Just -1, Troll talking to another.
If you have documents that old, and they don't need to be edited in the future, you should probably convert them to PDF.
If they may need to be edited in the future, perhaps LaTeX or ODF would be good choices.
Don't mind the extra X. Alex
I am the maintainer of Visicalc. This means war.
Think Visicalc 26 service pack 3 is going to import Multiplan files?
Think again, bitches.
There are no karma whores, only moderation johns
An easy work-around is to just install Open Office and then open the obsolete files using the appropriate Open Office program (Writer for Word documents, Calc for Excel spreadsheets, etc.). The user can then do a "save as" and select a newer Microsoft file format. Voila. Problem solved.
Microsoft probably won't like this work-around since a certain percentage of users may realize that they don't need to pay Microsoft for programs that don't do what they want and they can get a suite of programs that does what they want for free. Realizing this, Microsoft may decide to come up with a better internal solution but don't count on it.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Wasn't "bakward compatibility" the whole crusade they were on last year? "We must preserve support for old formats, which is why we won't make IE standards compliant, and our spec has to back-support IndentsLikeWord95" and the rest?
Their sneaky brand of evil is saying two conflicting things and making us believe they work together.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I wonder if this is the start of Microsoft finally unburdening themselves from all that awful legacy code that's been such an albatross and has contributed to such bloated apps and OS?
when asking many of them to simply save as rtf is way more than they can handle without hand-holding, even the second or third time around?
I smell the smell of a new "service" in the works -- convert your old documents to the new formats "safely".
Is this definitely just coming with SP3, or has it been around for longer? I hit this issue, or a very similar one, in our organisation several months ago. A user had some old Word 2.0 documents stored on a network drive (from the mid 1990's, before we enforced the use of a DMS), and they wouldn't open in Word 2003. The error dialog that Word displayed only mentioned the registry policy settings (without specifically saying the version was old), and I eventually found a knowledge base article that described the registry hack.
Funnily enough, the thing that finally, permanently, won me over to open document formats (I first used things like openoffice simply because they were free) was discovering I couldn't open my dissertation (written in word 5.1a for mac) on a standard install of office for windows. Yes, I know there's converters, and yes, I know current versions of word for mac can still open 5.1a documents, but I didn't have a mac at the time, and laboriously 'converting' the large numbers of transcripts, notes, papers, and all the other ephemera of writing a dissertation was a huge, timewasting PITA..
After that, the penny dropped. Using open document formats wasn't simply a way to save money, it was an actual necessity for anyone planning to have a career lasting more than 5 years where writing is a core part of your work.
Any government organization or large corporate that has a necessity to retain records has to convert their archives to a newer version. Who is paying for the conversion? Also, Office 95 is 13 years old. If someone upgraded to Office 95 by 97 (for service pack / stability etc) it is 10 years old. Given the investment in the software, if you assume someone used it and upgraded directly to office 2003, then the documents that are affected are less than 5 years old...
Just be careful with your groping. I once had a friend who went rummaging through others' dusty annals -- all he found were some leftover carets next to a few shitty colons and bloody periods.
> They did this because the old formats are 'less secure', which
> actually makes some sense, but only if you got the files from
> some untrustworthy source.
How can a *file format* be more or less secure?
Surely it is the application that is being used to parse said file that does it in a secure or insecure manner. A file format is just a means to store data in an orderly manner.
That said, why doesn't M$ adopt the Open Document format, given that it is the ISO standard?
(rhetorical question - already know the answer - "vendor lock-in" and screw the competitors again)
Bill Gates has how many billions of dollars?
(Can he fire the Ballmer?)
Gates could afford to build a special fork of one of the Linux or BSD distros. (Linux would require less work, but he may find the BSD licensing more palatable, as we know.) He could afford to develop several sandboxed WINE environments capable of emulating the clot of software relevant to each OS release from 3 to whatever level of support he is dropping. He could afford to put into the packages for this special fork open source converters that would convert old documents to whatever is current at Microsoft (since he is not likely to be willing to convert to the more logical option). And, as a bonus, he could even provide software to check the sandbox for damage and report and repair it. (Actually, the repairing would not really just a bonus.)
Why doesn't he do it?
Dang, and why doesn't Apple make MOL an official product? Or even MOM?
This doesn't make sense to me. A file format doesn't have buffer overflow vulnerabilities, the program that opens it has them. A file format cannot execute a virus or a trojan, the program that opens it is the one that does it. I cannot believe that a file format can have inherent vulnerabilities that cannot be circumvented by the program that reads the file.
On the other hand, considering the ODF vs. OOXML format wars, it seems to me that Microsoft's objective with this is actually to press for the standardization of OOXML. How exactly I don't understand, since the whole point of standard document formats is to avoid this same problem that they've just created.
This is exactly why proprietary formats are bad, at least for documents that need to be kept for a long time for some reason, such as archival or historical documents. Even if open source office applications do similar things and depricate support for old formats, the older application versions might at least be available. Or third party developers could more easily create conversion programs. While open source programs do also exist to read these old proprietary documents today, we don't know if future proprietary document formats will be able to be supported. The open formats will be supportable.
now we need to go OSS in diesel cars
Does that mean they'll drop the autoSpaceLikeWord95 tag from OOXML spec?
Not to mention applications like Visio or Publisher whose entire point is being able to modify and reuse the things created with them.
The *real* problem with every Microsoft file format is that it's a cheap wrapper around the data structures used internally by the application that created it. No abstraction, no official standard, and no concept of future or backward compatibility.
I've got quite a lot of stuff in old Word and CorelDraw formats. If it hadn't been for this post, I'd no doubt have found myself in exactly the situation described: utterly screwed months or years after I installed the Service Pack and with no idea what the problem was.
I can't believe Microsoft would want to piss people off on purpose, especially given the difficulty they've been having with Vista. On the other hand, I can't see how anybody running a business could be so utterly, arrogantly stupid. All it would take to treat the user properly is one simple sentence informing them about the consequences of installing SP3.
One thing's sure: I'll remember the Open Office workaround described earlier if I ever run into a similar problem.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
"They did this because the old formats are 'less secure'" should have read "They did this because Microsoft is too lazy to fix its parsers for the old formats which thus are 'less secure'"
This is a serious problem actually. Corel WordPerfect has much better archive value than MS Word, which is one reason why many lawyers still prefer WordPerfect.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
ASCII ate EBCDIC.
VHS ate Betamax.
Microsoft Word ate WordPerfect.
Conspiracies all?!
Blame Reynolds Metals shareholders -- they were the one pushing for the bull market of aluminum foil hats.
+++
So what MS is saying is that an application made just over 4 years ago is so fundamentally insecure that files from over 10 years ago can pose an enormous threat to it. By the way, the advisory includes not only MS formats but also Lotus and Quattro files. Also the the application cannot be made any safer so the file formats must be disabled unless the user manually restores the functionality. Am I the only one that is skeptical of this explanation?
Well, there's spam egg sausage and spam, that's not got much spam in it.
I see this as a new oppurtunity to market a 3rd party application that will read those older formats and convert them to the newer ones. Then M$ can see how popular the software is, buy the company up, and include it as a new feature for Office 2010!!!
this will push tons of users onto openoffice, either as a replacement or as a supplement to office.
FYI: I don't know what you guys are talking about half the time.
People who wrote stuff in TeX before you were born will have an easier time of reading and editing their documents than someone with an early version of Word for Windows.
I guess the submitter missed the link to an exe you can use to do it for you. I mean, it is buried in the KB article as "Method 1" after all...
It's official. Most of you are morons.
I hope they count these as security vulnerabilities on the next report of Microsoft vs. Linux vulnerability count. After all, Microsoft itself is claiming it's a security related problem.
And they were apparently "exploitable" for about 4 years, since they were "fixed" with SP3 in 2007 for a product from 2003.
Umm, you do know it's XML, right? Now while admittedly I don't "hate" MS as such, I'm no great fan either and this story does make me a bit disgusted. But if you're telling me you're affraid you can't get your data out of XML down the road, and out of a documented XML format at that, no offense, but I hope you're not having anything to do with programming or management.
I mean, FFS, repeat after me: it's XML. You can write an XSLT to convert it to another XML format (or to HTML or plain text.) You can pipe it through FOP to PDF/RTF/SVG/whatever. You can even do it the hardcore way: parse it through Xerces/Crimson/whatever-XML-library and get your data via a C++ or Java program out of there. Or if you're old school, you can write your own script to get the text from between the XML tags. Etc.
The reason we bash closed formats is because reverse-engineering a format that's (A) _binary_ and (B) _undocumented_ is a pain in the rear. A format that's XML and documented for an ISO standard, is trivial to get your data out of. Maybe you won't get the font just right because, as some complaints about the documentation went, it's described as "works like the Word 97 option". But you _will_ get your data out of it.
Basically, much as bashing MS is popular, and sometimes even I'll join in the chorus, methinks more people should know when to stop. If you're complaining about proprietary XML, that's documented to boot, maybe you should have hit the brakes earlier.
A polar bear is a cartesian bear after a coordinate transform.
What I'm gathering from the KB article is that a user needs to set one or more reg keys to reenable the older file formats.
So, combined with a previous story here on Slashdot, buinesses are going to be spending Gigaquads of Cash to archive their data, only to discover that by 2010, Microsoft will have wiped out their ability to OPEN any of their archived documents?
So, what are businesses archiving this data for? Can you imagine the SEC spectacle when some business gets picked for insider trading, they go to start an investigation and their copy of Vista with Office 2010 doesn't allow them to open old documents? What kind of bullshit is this?
Then again, I'm finding it difficult to open my old Macwrite documents (from 1992) on my current iMac because the old Macwrite format isn't supported... Then again, neither is the floppy disk it's written to, but that's a different issue that I've already solved. Still, it's annoying to be able to archive all this data, but then not have access to the applications that wrote this data. It would also be nice if I could read all my C-64 and Amiga diskettes in a current computer. Ironic that I have all my data, I just can't access it either due to hardware or software that just doesn't exist anymore.
If telephones are outlawed, then only outlaws will have telephones.
In 25 years you will still able to use an open ISO standard or convert from one standard to another. Microsoft jsut proved to you they are unreliable for the goal you had (forward compatibility).
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Microsoft:
1. Develops Office 2003 Service Pack 3
2. Tests Office 2003 Service Pack 3
3. Check for existing features that were broken
4. Releases the "loss of existing features" as a new feature
5. ???
6. Profit
...for demonstrating why we need ODF.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
I don't know if I'd characterize it as "mind-bogglingly complex". It's a series of registry edits.
I would. The average slob (who could very well be someone who doesn't update their old files for long periods of time) using windows does not know what the registry is, let alone how to modify it. Also consider this: What is more dangerous and likely to cause serious damage, an old file format or a average user trying to fix their registry to read old files?
HA! I just wasted some of your bandwidth with a frivolous sig!
http://en.wikipedia.org/wiki/Planned_obsolescence
Examples:
-No DirectX 10.x API for WinXP or Win2k. (The nature of the API to be a higher-level Application Programming Interface, I'd forgive not developing for Win2k as it is no longer for sale, but there's NO good reason to deny the API in WinXP, other than to force clearly Planned Obsolescence)
-No IE7 for Win2k. (interestingly, Firefox still bests ALL versions of IE..)
-No Support on your year-old PC for Full Windows Vista use. (Again, why? Even Apple and Linux have pretty eye-candied desktops working on older hardware)
-No to the Sale of WinXP to OEM (non-Business) customers this month http://www.engadget.com/2007/04/12/microsoft-pulling-oem-windows-xp-next-january/.
-Etc... (insert your own here)
I know that in my present line of work, my colleagues and I write meticulous research reports for our multi-million dollar clients.
Our clients specifically require us to NOT use *any* MS Office 2007 file format; We are to utilize 'not newer than MS Office 2003 format'. (Typically Excel, Access, and Word formats are used).
Our clients have gone on to clarify, specifically, that the Office 2007 file formats are incompatible with the older MS Office versions and necessitate needless corporate updating for their thousands of internal users, (not to mention the client has decades of reports on file that get updated every 10 to 20 years, often utilizing the original editable report document).
I too will soon be installing in Open Office very soon. (Hopefully the Excel 2003 formulas and those dating back to Excel 2.0 all work properly in Open Office?)...
It appears that this "update" is not so much for security or even for ease of development (because it WAS previously WORKING in situ). It stragetically forces users of the older versions of MS Office to update to the new version (or rather adopt the new format) due to interoperability issues.
If MS Office 2003 did 'it' before and it does not do 'it' now, post-SP3... that is *Intentional*, not "For Your Protection".
-This would be akin to IE8 not opening 'older' web page formats at all because they used some older and (potentially) unsafe format of html, CSS, Scripting etc.. it deemed unsafe!
Their sneaky brand of evil is saying two conflicting things and making us believe they work together.
Ok, I love to MS bash as much as the next guy, but I cannot fault them for what you are mentioning. The thing that a lot of MS haters forget is that it is a HUGE company, and the right hand often really doesnt know what the left hand is doing, and often seperate teams have their own agendas.
Modern MS is like the government: There might be a few people that are trying to pull shit, but for the most part it is just a big, slow, beauracracy.
HA! I just wasted some of your bandwidth with a frivolous sig!
It's not like you'll be able to open your newer office documents either.
He's right... their excuse is a joke. It can't be that hard--especially considering the huge profit margin on Office--to figure out a way of opening these file formats securely. It's not even executable data, for pete's sake! And if they *are* talking about macros or something, well then just disable the macro part until you figure out a way to sandbox it.
The richest tech company in the world is throwing its hands up in the air and saying that can't figure out how to make its most profitable (and presumably most actively developed) products render a human readable, non-executable data format safely--PLEASE. This is nothing more than a very clumsy (but brazen) attempt to make people upgrade. I'm surprised they have the balls to do it, what with their current OOXML circus.
I know this is /. but come on. You read the summary and take it for face-value.
The KB article plainly states that Word and Excel 2003 can still open the documents, but they are blocked by default. And if you want to open them, you'll need a registry change to do so. Or, you click on the link in the KB article and a script does it for you.
You can bash Microsoft all you want, but for this? They found a security issue with a product that was released four years ago. They made it lightly more secure. Users who have issues can run the KB script or not.
Or they can upgrade to Office 2007 which doesn't have the vulnerability or the issues opening the older formats.
So, what exactly is the problem here?
-David
You can still open the files in Open Office :)
I wish I could mod you up and still reply to your post because your basic point is sound (vendors frequently stop supporting old software). However I just quickly want to say that RHEL is currently supported 7 years so yes, I can name a vendor that will support you using a 7 year old version of their product - Red Hat. (You can argue that we're talking about formats rather than programs though)
.doc extension which meant that Word 2003 still refused to open it after the addon was in place. Changing the extension on the file to .docx solved the problem but it was annoying because I didn't already know that was all that was needed especially given that Windows doesn't show extensions by default. Once the file was renamed it worked fine.
Now as to that compatiblity pack for Office 2003... Earlier last year I had reason to ask someone to install the file format the addon. The problem was that the 2007 document in question was sent with a
This is why we simply need to move all our documents from MS proprietary formats into some kind of Open format. Then, with the right plug-ins, we'll no longer be affected when MS decides to drop support for something. Or at the very least we'll have a good and convenient workaround.
BasiliskII http://basilisk.cebix.net/
Emulate an old mac running Clarisworks, MacWrite, whatever. open old MacWrite file, print to file (as postscript), copy back to host OS.
http://www.tug.org/
Use a front end of choice if you want. E.G.:-
http://www.latex-project.org/
http://www.lyx.org/
http://kile.sourceforge.net/
http://www.gnu.org/software/auctex
A Google search on "tex frontend" will yield many more.
Honest, before all the Deities, it's that simple.
Your sig is out of date!
"mind-bogglingly complex workaround"? As per the KB, you can download an MMC snap in and adjust the settings within group policy. I dont think thats extremely complex?
So they ought to be supporting it because nobody else CAN.
Can purchasers have their money back? After all, MS have had 10 years to make money off the investment.
Or is that argument only good for MS?
File formats are merely blocks of data.
sounds like it's office 2003 which is insecure if they can't implement a way to read that data without offering chunnel sized holes to exploit.
Sounds to me like a supreme example of laziness. Their old implementation had some fundamental flaw, or a hole they never tracked down, and they didn't feel like rewriting it, so they tried to pull a fast one and act innocent when hundreds of corps demanded an answer.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Handling a plain text file or a raw binary data file without internal structure 100% securely is perhaps practially possible (but certainly not automatic, all it takes is one tiny bug at one suble branch of code...). A binary executable is almost impossible to handle securely. Everything else falls somewhere in between.
The problem is what is the question and who is the questioner.
This kind of compatibility issues would not arise if formats were open and fully documented. The answer to problems with file accessibility is open standards, but the question comes from the users, not the companies, for the companies the answer is closed formats since they are interested in revenue, not their users anymore (specially true when it comes to companies in monopolistic positions).
The idiocy is that if file formats were open, MS would not have to necessarily worry about backwards compatibility, since the market out there would see to that. Oh wait, that would enhance competition. My bad Uncle Ballmer.
IANAL but write like a drunk one.
I just assumed that, since Office is their second most important product and OOXML is obviously a carefully constructed weapon to counter the looming threat of ODF and OSS in general, they'd have enough sense to act with some sense of... subtlety or something.
For now, they may still be king but Microsoft's market share isn't the impenetrable fortress it was in the late 90s/early 00s. OS X, Linux (Ubuntu especially), Google, Firefox (and now ODF) have made a significant, measurable impact these last few years. it seemed like they were going to take the smart route and at least FEIGN an interest in open standards/open formats (kind of like Vista feigns having *nix-type security)... instead, they're now flailing around with the ole' triple-E gauntlet (Embrace/Extend/Extinguish), and this time... it's with their own proprietary standards!? Haven't they seen enough backlash to realize this is only going to hurt them in the long run? Is ANYONE at all looking beyond their next quarterly earnings report?
I guess I simply overestimated the overall sanity and intelligence of those in charge. Cue the Ballmer-chair jokes... they're juvenile, but really, what else is there to say?
There is the example proponents of open formats have been talking about all along, brought to you live from the company we love to hate because they pull this nonsense every time a new product comes along.
/.ers and people in the computing world defending MS's pseudo "open" format that they are trying to spoon fed into us by means less than palatable (and here I look at you Miguel de Icaza, who should know better, alleged technical brilliance should not be enough to endorse a technical specification of any kind).
MS has decided to screw people (whatever the reason I don't care, this is an unilateral decision that suits this company but not necessarily the public that they are supposed to serve, how many I don't care, if the person affected is you it will be a cold comfort to know you are the only one affected) and there still be clueless
IANAL but write like a drunk one.
What I'm hoping is that they release the standard, and everyone becomes reliant on the standard. Then when they release a new standard, there is a great body of work that relies on their standard (flawed as it is) and this prevents them from creating any more proprietary formats.
XML is like violence. If it doesn't solve the problem, use more.
"less secure"
Ms preaching security? What a joke.
any foo knows this is forced obsolescence in a BS wrapper
I'm a confirmed member of the the resistance myself.
.rtf format unless someone demands .doc and I can't think of the last time that happened
.xls format, well that's more of a "SOL"
I always use
now in the
Where's Borland's Quattro Pro when we need it?
There's something seriously wrong with MS Office if it cannot open old file formats in a secure manner. It should be simple, especially for a project with such a huge profit margin, to disable macros, strip out anything that might be executable, and just display the text of an old document. Insecurity is in the software code, not the file format. I'm sure OpenOffice and KOffice and the like can open these securely, or can be made to at least. Maybe next Microsoft will disable support for .txt files and remove notepad from the OS?
Having a smoking section in a public restaurant is like having a peeing section in a public swimming pool.
" you can download an MMC snap in and adjust the settings within group policy. I dont think thats extremely complex?"
What's a 'snap in', is it just another name for a patch or bits left out of the original PRODUC~1 ?
"Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system"
How can a file format be 'less secure', does that mean 'Office 2003' is only secure with the newest format. Less secure refers to 'Office 2003' and not the data files. What happens if someone deliberatly sends me a corrupted file using one of the old bugs. Does that mean that 'Office 2003' is rife with old bugs ready to be exploited? was: Re:"mind-bogglingly complex workaround"
davecb5620@gmail.com
uuuuuuh, not so fast, Pard Ms IS a monopoly -- and we all know this, even though the gov't whimped out ( how much did that round of golf with Bubba cost ? ) on the trust busting case now is Ms is a gov't monopoly we need gov't regulations that alone ought to scare the Fear of the Blue Screen of Death into them softies
No, the basis for complaint is valid.
You paid real cash money for something to work a certain way, and it did, until your proprietary-vendor overlord makes up some crappy reason for removing the functionality.
While the specific instance of removing support for ancient formats isn't likely to have too much catestrophic effect, the precedent is well worth bitching about.
The least Redmond could do is turn the converter code over to the public domain, so that, when the unforseen requirement to, say, compare ancient versions of Uncle Hezekiah's will suddenly crops up, people don't have to spend a ton of money to open a simple file.
Of course, there is the business model of having a stable of ancient computers with creaky Windows versions and applications, just for these moments, but that business is so boring as to be hideously expensive.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
It's is executable actually, at least with the help of the built in interpreter, designed to allow easy exchange of data between the various MS applications. Unfortunatly it's only as secure as Windows. That's how someone can email you a msWord attachment, which, on opening, installs a keylogger and emails itself to everyone in your address book.
was: Re:Mod parent up!
davecb5620@gmail.com
>> http://www.openoffice.org/security/cves/CVE-2006-2199.html
>> A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. The offending Applets may be constructed to destroy/replace files, read or send private data, and/or cause additional security issues.
Cool... Sure this bug is from 2006. BUT, look at the workaround. Disable the software, and in the future?
>> With the updated versions for OpenOffice.org, support for Java applets in OpenOffice.org will be disabled.
I am not saying the OpenOffice is worse than Microsoft Office. What I am saying is that the problems Microsoft has, OpenOffice has as well. The big difference is that people shut their eyes to the problems outside the Microsoft world.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
It seems that just because it is Microsoft you're whining about people objecting to losing functionality , I hope people object regardless of whether it is Microsoft or Apple or Linux if functionality is removed without consent or choice (I do appreciate it is not as easy to have that happen with the open source model, one of it's strengths - and yes, it does have weaknesses too).
BM3
I just pulled the documents from my old Commodore 64 floppies. I bought an XA1541 cable, and used "opencbm" to transfer the disk images to my hard drive. Then I used "vice" to run the programs I used to use to create them (GEOS and WordWriter, for the curious). Then I could either print the output to a virtual printer or save the file to a virtual floppy, and then run `petcat' on the results to clean them up a bit. Then I concatenated the various little files into a single file, and used vim to sanitize the mess. Finally, I brought the text files into OpenOffice and formatted them. I saved all the interesting programs I wrote, a 37-page treatise on a new, sci-fi role playing game I invented (just the skeleton), and a 53-page high-level AD&D module I wrote (mostly done).
These things will obviously mean nothing to anyone but me, but the exercise was fun, mentally-stimulating, and ultimately rewarding to see what I had been doing with "my computer" 15-20 years ago. I could have lived without any of it, but I'm really glad I did it, even though getting all of this done took several days of work.
I think everyone can understand the situation I'm in here, because, hey, the old Commodore company went out of business, and the world standardized on PC's. I can accept that. What I can't accept is that one of the world's most profitable companies unilaterally decides that they'll stop supporting old document formats with no warning and no friendly workaround. I suspect the only people that this will affect will find themselves in the same situation I was in, and their only recourse will be to find an old PC, load it up with old versions of Windows and Office, and make the transition.
You would be tempted to think that there wouldn't be too many people in this situation, and you're probably right, but I think my father-in-law, who is an attorney, still has his secretaries creating their documents in Word Perfect, simply because they have a lot of templates created with it. If, down the road, they decide to "upgrade" to Office, I wonder if they'll suddenly find themselves in a pinch...
Acts 17:28, "For in Him we live, and move, and have our being."
On a progressive note, the City of Chesapeake, VA may consider OO.o or Star Office as a replacement for MS Office. While ostensibly a money-saving measure, this allows them continued access to all their old documents as well as easy access to ODF going forward. What's not to like? Seems like a no-brainer decision to me.
Since microsoft make format going obsolescent, it certainly point to it that people wanting to use electronic documentation for anything not ephemeral (aka: for years) need to be prepared to use an open document format (or simple text without formating). In other word decoupling the format from the software.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
...unless you do it professionnaly on acid and bleach free paper, with real ink. Laser toner won't stick to paper for more than 10 ~ 15 years, after that it begings to turn back to powder. Thermal (old fax) paper is worse, inkjet printers are marginaly better but don't expect anything to last over 30 years with home and office printing technologies.
It seems to me that parsers to older file formats are done once developed. Unless one wants to improve them, support that last unmapped table format, there is no reason not to keep them as they are. The parser code needn't necessarily change because new formats came up. It can just cascade. If you had a parser to move from Word 5.0 to Word 97 and you then introduce Word XP, just chain them:
Since most modern formats are (generally) supersets of the older formats, this will not cause excessive trouble.
Quem a paca cara compra, paca cara pagará.
These are files that people probably aren't dealing with on a daily basis, or they would be in a newer format. My thought would be to install a copy of Office 2000 on something and use it to access legacy formats and/or start converting them. And Office 2000 didn't even require product activation, so the screwing can go both ways on this deal, really.
Usurper_ii
Ron Paul
Copy the stuff between -------- into a plain text file, name it something ending in .reg, double-click and type OK.
.reg file without checking the contents, tight?)
Nothing magic: it just enters all the stuff from their KB article for you.
I believe this is correct, but I might have made a typo, who knows? MS might have made a mistake too, but it seems to work here, though I don't have the new update to try with. (You wouldn't run a
Anonymous because I can't afford to tick MS off.
----------------------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"LotusandQuattroFiles"=dword:00000000
"DifandSylkFiles"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\PowerPoint\Security\FileOpenBlock]
"FilesBeforePowerPoint97"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security\FileSaveBlock]
"Converters"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]
"FilesBeforeVersion"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Shared Tools\Graphics Filters\Import\CDR]
"Enabled"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"LotusandQuattroFiles"=dword:00000000
"DifandSylkFiles"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\PowerPoint\Security\FileOpenBlock]
"FilesBeforePowerPoint97"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\PowerPoint\Security\FileSaveBlock]
"Converters"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]
"FilesBeforeVersion"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Graphics Filters\Import\CDR]
"Enabled"=dword:00000001
----------------------
If you still have one of your old Commodore 64 disk drives then you can cable the drive to your PC and create images of the C-64 disks and use them in an emulator.
http://sta.c64.org/xcables.html
There are options for your Amiga floppies as well:
http://www.amigaforever.com/kb/3-118.html
Comment removed based on user account deletion
Does anyone recall all the moaning about how old data was hard to keep around. What do we do with reel to reel tape and old cds etc. So you need to keep old files on current media With this typical microsoft improvement even if you can access the media you have to have a machine running the program that was used to write it - for simple office documents!!!!!!!!!!!
Hey, they just want to give Windows users a taste of life on Linux!
It's Extend, Embrace, Extinguish; not Extend, Embrace, Expand. You've either got your three 'E's wrong or you're confusing MS with Google.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Data obsolescence is a huge problem. MS doesn't give a damn, their business model is to sit between you and your data. (OOXML versus ODF.)
Apple also did something like this (or worse) when they EOL'd Classic in Leopard. Millions of files become inaccessible overnight because the applications to read them simply cannot be run. It's thoughtless and cynical and extremely destructive.
The summary is not alarmist. Data obsolescence happens every day. It's a fatal flaw in the proprietary software model that RMS correctly identified decades ago.
you had me at #!
People with more intelligence than you have tried to accuse me of being a shill.
Care to answer my point are you content to just name-call?
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
So, let me get this straight. They are now forcing us to use OpenOffice to read their formats. I guess that Balmer just got tired of using their own crappy software.
Does anyone know how Office 2007 handles these disabled file formats? Is this "feature" already built into it from the start and, if so, does this workaround work for it as well?
So, I swallowed the losses. Such is life. But I did envy MS's self-compatibility. I remember helping a friend's business modernise their systems, and they had Lotus123 files on an old 386. We were able to get these files from 1983 into his Win2k machine, and use them. It wasn't exactly straightforward, but we didn't have to dick with the registry, fer chrissakes... This really is a low blow, and it is an example of MS cutting the limb its sitting on.
IT's like MS and the RIAA - they're giving us fewer and fewer reasons to bother with them.
RS
Shoes for Industry. Shoes for the Dead.
At first, I read this as a simple mistake and this little bug would be fixed quickly. Then I read that Microsoft did this intentionally. Why am I not surprised? I'm all for security, but not at the expense of not being able to access my documents. Besides, why should accessing my document and security be mutually exclusive? I try to give them the benefit of the doubt, but at every turn, they let me down.
that suggest there aren't many of those documents left, or that there are tools to do it - I call BS.
I've worked on projects that span more than a semester, sometimes over a decade. Older versions of documentation, requirements, specifications, etc are required to be readable. This arbitratry crippling of functionality is not going to go over well.
If I bought MS Word to read/write/print those documents, and now they are breaking it - you should demand a refund. That's not what you bought.
And for those that suggest the solution is to "convert" the document - then I would suggest that you go ahead and convert to Open Document now. Most Open Document capable software can still read these abandoned MS types (i.e. hasn't been crippled for security reasons), and your investment will be protected by a cross-platform, ISO Standard, multiple-vendor supported documentation format - that will still be readable for years into the future.
All my documentation is done in Open Office, and there's no reason to go back to any proprietary format.
Adobe is much worse than MS when it comes to upgrading. Just look at Photoshop and their camera raw converters, as soon as a new version of Photoshop is out, the older ones don't get the converters for new cameras that come out, they force you to upgrade to the latest version of Photoshop if you want support for your new camera.
Tell me that isn't trying to force peoples hands to upgrade.
Dave
They EOLed Classic with the switch to Intel, actually.
Because Classic requires a Power PC (or a 68000). I guess they decided two layers of emulation (CPU and OS) was too much to keep synchronized.
There are PPC emulators that will boot Mac OS 9 to keep access to those older files alive.
Open source software is not a universal preventative against data obsolescence, either. What keeps formats alive is continued support. Open source makes that easier, or at least makes it independent of a single company so you can take over if you need it, but there's plenty of old open source software that's basically rotted or been lost, where emulation of the old hardware is still by far the easiest way to access data files.
This is as stupid as the decision of Microsoft to not include support for the "Text With Layout" in Word 2003. There are, as with most Microsoft products, registry hacks that may or may not let you get away using the text with layout converter that came with Word 2000 - I have had mixed success depending on the installation. There are other workarounds that involve printing from the Generic Text Printer (but you are on your own to remove unwanted intra-page blank lines from margins) and other such contortions.
IMHO, it seems that after Word 2000 (some would argue 97) that Microsoft forgot that Word was supposed to be more of a word processor than a desktop publishing application or a showcase for the latest GUI "innovations" their labs came up with.
As far as security goes, there is no argument being made that the file conversions themselves are insecure - only that Microsoft has chosen not to sign the conversion libraries (something that isn't hard to do at all). Publishing a bunch of registry hacks because your deployment team can't take the 30 minutes to sign these libraries is stupid. If Microsoft really was worried about security, all they would need to do is to add on option, enabled by default, to remove all OLE/ActiveX context from all documents in a non-supported legacy format.
This is about bad architecture decisions and laziness - it has nothing to do with security.
Clearly, we are expected to apply the simplest available workaround: Open Office will continue to operate with the disabled file formats, just fine. Anyone that still needs to work with files that old, is just an encumbrance to Bill and Steve's Brave New World anyway, and not the kind of customer that the marketing department wants to keep.
The meaning of your Life is up to you. Mean well. -- Me, 9/11/2001
The infection is everywhere. Note the utterly pointless finger breaking exercise in the Nautilus file manager: If a file extension does not match the file content exactly, no amount of user configuration will make Nautilus open it without manually selecting the program every time. That adds a step every time any Nautilus user opens a .jpg or .mp3 file. For no reason. It's just "security theater".
Last time I checked, this malfeature was rated as a medium severity "bug", but it is not: Things were set up that way on purpose, maybe by someone who needed something to point to and say, "See, Linux just doesn't work on the desktop."
ZIP has not been reverse engineered, for the simple reason that from day 1 it ZIP has been an open format.
I still have some floppy laying around with early version of the software which included a complete documentation of the format. Documentation of the containers, and the various compression algorithme that where available back then up to Shrink/Expand (The modern Deflate/Inflate weren't introduced yet back then).
Anyone wishing could back then re-implement ZIP support into his/her own code.
Which in itself is one additional argument showing why trusting Microsoft formats is bad.
Today, they just removed support for archaeologically-old formats. How long until someone in a marketing department in Redmond decides it would be a brilliant idea to remove support in current DOC/PPT/XLS format in order to force people to move to OOXML formats ?
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
It's like giving a zombie vaccine to the people in a little town surrounded by cities... without the vaccine.
What use is disabling use of old formats supposedly vulnerable to viruses, if most of the botnets are in countries where machines run older copies of Windows and will NEVER be updated?
Not to be an MS fanboy, I use whatever works, but I do not see what all the ruckus is about. First of, since Open Office is so much better, why does this even apply to people posting comments? It baffles me how many people waste so much time and energy posting anti-MS comments and filling up the front page with Anti-MS rhetoric. If you don't like the company don't but their products and STFU! I hate IE, so I use Firefox. End of story. This doesn't mean I'm not on some crusade to force Firefox on everyone else, and submit anti IE stories on news sites. I'm not going to post the same old tired comments over and over and over again. About the article, if you are using such old versions of documents, install an older version of Office, problem solved. If you want to use newer versions of office, convert those very old documents to a newer version. Any company with a decent IT department can get their people to script the whole deal and have the documents converted in a days time. Think that solution is garbage? Install Open Office! No nevermind, lets just all post "fight The Man" comments on slashdot.
What about my Sierra On Line Home Word Documents?
Not the current Sierra On-line, the old Sierra On Line
As far as I can tell, this patch only stops MS Office from opening these files, not anything else.
Who is RTFM and when will he help me with Unix?
Haven't they made some ridiculously insecure file formats in the past? I seem to recall that the WMF hole happened because the files contain executable code for some ridiculous reason...
Mind you, I don't know that I'm buying their story, but whatever. If it drives more people to OO.o, so much the better.
Typical bullshit article for slashdot, exactly the correct kind to get all "anti-microsoft" zealots out and whine about something that is not true in any case. This gentlemen is FUD.
That isn't trying to force peoples hands to upgrade.
You're talking about the complete opposite thing here. It actually makes sense that you have to upgrade your software for new hardware support. Your complaint seems to be that the upgrades are not free?
It would be more analogous if new versions of Photoshop didn't support older cameras that previous Photoshop versions supported. I don't know if that's the case. I doubt it is.
to change the registry for 20+ users.
S'funny, I do that with virtual machines. It's essentially "free", except for a few gigs of disk per instance. When you work in any sort of development or hosting environment, legacy apps and documents need to be a part of your workflow - there's just no way to avoid them.
-Billco, Fnarg.com
We (engineering) have (fruitlessly) argued with our IT department over the wisdom of archiving documentation as required by FAA regulations in proprietary formats.
The company already ran afoul of this reg many years ago. Fortunately (for the IT folks), the finding was that the violation was unintentional and as a result, the company was only assessed civil penalties and required to take corrective action. The IT department solution was to convert this documentation _up_to_ Office 2K formats. This despite the warnings that we were going to get bit by the retirement of compatible s/w again.
Now, in the face of documented warnings, this violation may found to be willful and as such it may be found to be a felony. I hope the IT guys don't get Internet access in their cells.
Have gnu, will travel.
I guess we have to forgive them a bit. After all, 99.9999% of Slashdotters have never held actual IT jobs, and are thus totally unaware of how IT already routinely deals with legacy application issues. The world outside mom & dad's basement or garage is a whole lot different.
There's no "upgrade treadmill"... since we can probably assume that organization which allegedly has thousands of Word docs archived also owns a licensed copy of MS Word. So the solution is simply to have the application installed somewhere, and when a person needs to access the doc, they can open it up in that version of Word... and even save it in a newer format if needed.
See? Problem solved, no shrill puling FOSSie whine necessary. Just another day in the life of a real IT support staff. This which tie Slashdotters in a knot of tears and pulled out hair are things real IT support people can accomplish without even thinking about it.
I wonder if anybody has ever assembled a list of "updates" like this - ones where the recommended solution from Microsoft is to buy more Microsoft product - and compared it to major releases that have been financially disappointing.
In other words, I can't help but notice this comes very shortly after Vista bombed.
And people wonder why there are so many people that use KDE even though Gnome is the "standard" on so many desktops.
My blog. Good stuff (when I remember to update it). Read it.
> ... the precedent is well worth bitching about.
...
I have an original WIN98 disk, and everything that came with it, including the original PC it came own. Several years ago I had to reformat the HD and reinstall WIN98. It was not the first time I did it. After instalation the usual thing to do is to install all the available security updates. The way they designed WIN98 is that there was an "automatic update" feature that did it. It was advertised as an important element in the OS. However when MS stopped supporting this OS they not only stopped providing new updates, security or no. They also removed all the old ones from the automatic updates site, replacing the functionality with a message that says they no longer support this product. So you're stuck with the original 1998 that cannot be updated with all the security updates that were produced until they dropped support. Well... it's not that you cannot get the updates: you can download all the hundreds of updates produced over the years as individual files, then manually install them one by one, if you know what you're doing. So I thought there must be a way to get all of them bundled in one file. I called M$. I was identified as their customer (I did send in the registration card: the one that said "Do you want to know who the most important person is at microsoft? (flip page) It you! The customer!") Well, I was on file, they know I have WIN98, they don't have any other way to provide the udates to WIN98 except by hundreds of individual files, but they offered to sell me an upgrade to WinXP for the full price.
So this is certainly not the first time they remove functionality from their products. They could leave the WIN98 update site in the state it was on the last day they still supported the product. Or they could pack all the updated so one could get them in one installer file if one needed to reinstall the OS. They chose to remove the automatic update functionality and push anyone who needs to reinstall to original 1998 version with no updates (except for a few made manually if one really needs them).
I didn't get XP for that machine. It was not strong enough for XP, and I saw no reason to pay for an OS that would eventually be made dysfunctional by the vendor who believes that end of support means also removal of all past updates. I have WIN98 partially installed on that PC. "partially" means the OS is installed, but no drivers and no apps are. Like all Windows installations several hours of shoving various vendor CDs in and out are needed to make it useful, and puting in a lightweight liveCDE Linux distro takes much less time
When I was young, I had a lemonaide stand. I sold everybody two glasses. The first glass for $.50 and the second glass for $5.00.
The second glass contained the antidote.
I can imagine M$ selling an Office Add-On that will be able to recognize "any" file format and translate said file to the format used current version of the M$ program that does "the same thing".
Quattro files converted to Money, Visicalc and Multiplan to Excel, Wordstar and PFS:Write to Word, Q&A to Access, and Autocad to Paint. If you don't already have the M$ program, it will still convert the file for you, delete the original, and print you a $5.00 coupon for the purchase of the previous version of the program.
Sure, everyone will be happy, and in Soviet Russia, programs will run you.
So, it appears that in order to re-enable Office to open older formats, you need to do nothing more than make a single registry change for each product? Is there anyone on this entire site that honestly find making a registry change to be mind-bogglingly complex?
When I first read the summary, I thought to myself "oh no.. this may be something I need to alert the IT dept to". However, now I see it as just a non-issue. If/When this does become an issue, pushing out a script that changes a mind-bogglingly 5 registry keys will take all of 30 seconds.
However, I will considering going to my boss and saying "Sir... we have two options. We can either change 5 registry keys... or deploy open office across the firm and retrain everyone accordingly.". I'll let you know what he says.
Yes, I do believe MS should make the option to enable older formats something you could enable/disable via the 'options' menu, yet I do not believe it's worth all the hype it's getting here. Typical Slashdot unfortunately.
On a side note, I find it interesting that this limitation was put into Office 2003 and not 2007 (to my knowledge). It makes me wonder as to if the same change will be put into 2007, or if 2007 may not be as vulnerable as 2003 (hence the limitation isn't needed). Does anyone have any ideas about this?
According to the Knowledgebase article:(Emphasis added by me.) Now, if you look at the provided handy table of values, you see that the two versions of MS Word for Mac that are directly compatible with OS X, registry values 195 and 268 (for Word X for Mac, and Word 2004 for Mac, respectively) are below the default cut-off on the table. In fact, even Word 98 for the Mac (which can only run on OS X in Classic) falls below the cut-off on the table. Only products with corresponding values from the table numerically below 101 (those appearing above the cut-off line in the table) will be blocked.
Since Office 2004 for Mac is still a supported product, it would be insane for Microsoft to block its files from being loaded in the Windows version of Office. I admit these instructions are confusing, but the KBase article clearly does not say what you claim it is saying.
Incidentally, according to the table and the above quoted text, the only Mac Word document formats that are blocked by default in this service pack are the following:
- Word 4.x for Macintosh
- Word 5.x for Macintosh
And that's it. Even Word 6 for Mac isn't blocked, because it falls after the magic cut-off.You're absolutely right, it is NOT reasonable for MS to break these formats - I don't know what I was thinking when I wrote that, it was late, I was tired etc., had a beer or two in me, and hadn't thought it through properly.
This is unbelievable. If Microsoft didn't have the office monopoly, I doubt they would have made it default. Does anyone here use any online office solutions?? listen_to_slashdot
I came across one of these files today at work. After looking at the lengthy Microsoft KB I tried Open Office and the file opened fine... I know this makes sense because OO didn't sabotage legacy files. Just wanted to let folks know.
under the list of formats that you can selectively unblock by setting windows registry keys (yes, this will be VERY administratively friendly, don't let the user do this, don't let the IT dept be able to write an easy 'howto' :S ) it quietly says "Word 2004 for Macintosh".
what the fuck? office 2008 for mac isn't even RELEASED yet, it will be in a couple of days. Shock horror, mac users getting the shaft again.
there goes the productivity between PC/Mac integrated networks.
why do I have the feeling admins are just going to nullify this for ease of use and set the registry key to 0?
how many attack vectors are there for ancient formats? and even if there are loads, wouldn't they be well documented by now, and any decent admin would be running a virus scanner if they use windows?
gahhh.
So, MS is blocking you from reading your own data. Nice.
One of Microsofts problems is that, for most users, there is no reason to upgrade from Office 2000 and WIndows XP. It is understandable that they would want to provide a reason. This, however, is exactly NOT it.
Given record retention laws, and the recency of documents in earlier formats, I think Microsoft has now made it ILLEGAL to upgrade, since the records will be effectively lost if they are unreadable.
More importantly, many third party providers of documents, for example, small businesses, only HAVE the earlier formats. Is Microsoft really expecting large companies to cut off tens of thousands of thier suppliers and millions of thier customers in order to upgrade?
And, of course, Adobe has this golden opportunity. Microsoft and Adobe are at war as much as Microsoft and Google, if not more. Google is just a threat to expansion, with one move, Adobe threatens to turn Microsofts cash cow into hamburger patties.
Here is what they should do. Adobe should help openoffice.org come up with a true, full PDF importer so businesses can then replace Microsoft Word with PDF as the storage format of choice.
This will strike at the heart of Microsoft in a way anything Google could do would not. It will also give an enormous boost to their Acrobat family of backend servers, and, with the proper tie ins, their Creative Studio line, as well.
More importantly, it will hit Microsoft share prices like an atomic bomb, as analysts start worrying about Microsoft's cash flow with limited new sales of Office. Added to the Vista woes, and something more than chairs will thrown in the Microsoft executive offices.
It seems Microsoft has admitted the mistake. Sadly, the reaction is not security update.