Office 2003 Service Pack Disables Older File Formats

time961 writes "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."

Re:Default value goes back pretty far

[LuckyLuke58]

Doubt it's really about security at all; I'm guessing it's probably more about 'nudging' the few people still using old versions of the software to upgrade: Those who currently exchange documents with users on newer versions will find suddenly they won't be able to send documents to anyone anymore without getting complaints that people can't open them. Deliberately making it too cumbersome and complex for most people to ever work around this, i.e. leaving it technically (but not really practically for almost everyone) an option, for now at least gives MS an excuse, while still taking a big step towards getting rid of support for those old formats entirely, which is not all that unreasonable I suppose for formats greater than 10 years old.

Conflicting Strategies?

[TaoPhoenix]

Wasn't "bakward compatibility" the whole crusade they were on last year? "We must preserve support for old formats, which is why we won't make IE standards compliant, and our spec has to back-support IndentsLikeWord95" and the rest?

Their sneaky brand of evil is saying two conflicting things and making us believe they work together.

Re:Default value goes back pretty far

[RickRussellTX]

It's very likely that few documents exist in such old formats at this point.

I can only speculate that you've not worked in any institutions that have persisted for more than 10 years?

I used to run a university help desk; by the time I left in late 2006 we were still getting requests to convert 5.25" floppies and DOS Wordperfect 4 documents.

The situation is complicated by many other issues:

• There is no easy way to identify the files that need conversion. Microsoft gives you no tool or flag to quickly identify old files, which share the same filename conventions as current files. Except of course to open them in Office 2K3SP3 and watch them fail :-(
• Although bulk conversion tools exist, they cost money and they won't reach files that are secured in such a way that IT support staff can't get at them (e.g., on a CD-ROM in a locked filing cabinet).
• Because a ridiculously complicated registry hack is required to enable the converters for the old documents, there's no easy way to apply it, for example as an Active Directory group policy. We're left with error-prone methods like push tools & login scripts.

Ultimately, there is nothing wrong with the "file formats". A file format is not insecure. The issue is that Microsoft is shipping insecure code in Office 2007 and 2003 which may break when these files are opened and allow malicious executable code to run in the user's security context. Rather than fix this insecure code in a shipping product, their policy is to turn off the code and tell the user, "if you want to take the risk, turn it back on, but we won't make it easy."

I work at an organization that has been grappling with this problem since SP3 came out in September 2007. We routinely work on projects that span 15 years, so it's not at all unusual to open project documentation that is 10+ years old. Companies were loyal to MS Office precisely because it promised reasonably complete forward compatibility with archived documents. Microsoft needs to provide a more robust solution to this problem, preferably by fixing the broken code (gasp!) or (less preferably) giving system administrators the tools necessary to enable and disable the functionality in a more global way.

Re:Default value goes back pretty far

[dokebi]

It's very likely that few documents exist in such old formats at this point.

Really? How about the US government? NASA anyone?

Why should anyone stop supporting old document formats? Are the files created a long ago no longer important? How about 100 year old books? Should we burn them all?

We should stop this file format insanity now, and adopt some open format. Like ODF. Good riddance.

File format is less secure?

[filbranden]

They did this because the old formats are 'less secure', which actually makes some sense,

This doesn't make sense to me. A file format doesn't have buffer overflow vulnerabilities, the program that opens it has them. A file format cannot execute a virus or a trojan, the program that opens it is the one that does it. I cannot believe that a file format can have inherent vulnerabilities that cannot be circumvented by the program that reads the file.

On the other hand, considering the ODF vs. OOXML format wars, it seems to me that Microsoft's objective with this is actually to press for the standardization of OOXML. How exactly I don't understand, since the whole point of standard document formats is to avoid this same problem that they've just created.

Thank you Microsoft...

[mwvdlee]

...for demonstrating why we need ODF.

Re:Thank you Microsoft...

[cp.tar]

Ultimately this is another nail in the coffin for MS for it proves that you can't use ANY MS Office file format for reliable long term storage - unless you are prepared to walk the MS Upgrade Treadmill.

Nope.

It's even worse.

This problem only occurs if you do walk the MS Upgrade Treadmill; should you choose to remain true to the good old Office 97, all will be fine.
OK, so the problem of opening new documents someone sends you occurs in that case, but you can't have it all.

It's a damned if you do, damned if you don't type of game: either you lose old documents or you lose new ones.
The bottom line, therefore, is: you lose anyway.

Whatever you do, if you go with Microsoft, you will lose.
Best case scenario: all you lose is lots of time. However much is necessary for converting all the old documents.
Do add that to the price of Office itself.

Mod parent up!

[foreverdisillusioned]

He's right... their excuse is a joke. It can't be that hard--especially considering the huge profit margin on Office--to figure out a way of opening these file formats securely. It's not even executable data, for pete's sake! And if they *are* talking about macros or something, well then just disable the macro part until you figure out a way to sandbox it.

The richest tech company in the world is throwing its hands up in the air and saying that can't figure out how to make its most profitable (and presumably most actively developed) products render a human readable, non-executable data format safely--PLEASE. This is nothing more than a very clumsy (but brazen) attempt to make people upgrade. I'm surprised they have the balls to do it, what with their current OOXML circus.