Slashdot Mirror
Office 2003 Service Pack Disables Older File Formats
time961 writes "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
Doubt it's really about security at all; I'm guessing it's probably more about 'nudging' the few people still using old versions of the software to upgrade: Those who currently exchange documents with users on newer versions will find suddenly they won't be able to send documents to anyone anymore without getting complaints that people can't open them. Deliberately making it too cumbersome and complex for most people to ever work around this, i.e. leaving it technically (but not really practically for almost everyone) an option, for now at least gives MS an excuse, while still taking a big step towards getting rid of support for those old formats entirely, which is not all that unreasonable I suppose for formats greater than 10 years old.
I am the maintainer of Visicalc. This means war.
Think Visicalc 26 service pack 3 is going to import Multiplan files?
Think again, bitches.
There are no karma whores, only moderation johns
An easy work-around is to just install Open Office and then open the obsolete files using the appropriate Open Office program (Writer for Word documents, Calc for Excel spreadsheets, etc.). The user can then do a "save as" and select a newer Microsoft file format. Voila. Problem solved.
Microsoft probably won't like this work-around since a certain percentage of users may realize that they don't need to pay Microsoft for programs that don't do what they want and they can get a suite of programs that does what they want for free. Realizing this, Microsoft may decide to come up with a better internal solution but don't count on it.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Wasn't "bakward compatibility" the whole crusade they were on last year? "We must preserve support for old formats, which is why we won't make IE standards compliant, and our spec has to back-support IndentsLikeWord95" and the rest?
Their sneaky brand of evil is saying two conflicting things and making us believe they work together.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I can only speculate that you've not worked in any institutions that have persisted for more than 10 years?
I used to run a university help desk; by the time I left in late 2006 we were still getting requests to convert 5.25" floppies and DOS Wordperfect 4 documents.
The situation is complicated by many other issues:
Ultimately, there is nothing wrong with the "file formats". A file format is not insecure. The issue is that Microsoft is shipping insecure code in Office 2007 and 2003 which may break when these files are opened and allow malicious executable code to run in the user's security context. Rather than fix this insecure code in a shipping product, their policy is to turn off the code and tell the user, "if you want to take the risk, turn it back on, but we won't make it easy."
I work at an organization that has been grappling with this problem since SP3 came out in September 2007. We routinely work on projects that span 15 years, so it's not at all unusual to open project documentation that is 10+ years old. Companies were loyal to MS Office precisely because it promised reasonably complete forward compatibility with archived documents. Microsoft needs to provide a more robust solution to this problem, preferably by fixing the broken code (gasp!) or (less preferably) giving system administrators the tools necessary to enable and disable the functionality in a more global way.
It's very likely that few documents exist in such old formats at this point.
Really? How about the US government? NASA anyone?
Why should anyone stop supporting old document formats? Are the files created a long ago no longer important? How about 100 year old books? Should we burn them all?
We should stop this file format insanity now, and adopt some open format. Like ODF. Good riddance.
In Soviet Russia, articles before post read *you*!
Bender: If by "interface" you mean "have sex with" and if by "rarely-used document archive" you mean "your girlfriend", then yes, "groping" is the correct term. As follows:
It must have been something you assimilated. . . .
This doesn't make sense to me. A file format doesn't have buffer overflow vulnerabilities, the program that opens it has them. A file format cannot execute a virus or a trojan, the program that opens it is the one that does it. I cannot believe that a file format can have inherent vulnerabilities that cannot be circumvented by the program that reads the file.
On the other hand, considering the ODF vs. OOXML format wars, it seems to me that Microsoft's objective with this is actually to press for the standardization of OOXML. How exactly I don't understand, since the whole point of standard document formats is to avoid this same problem that they've just created.
I guess the submitter missed the link to an exe you can use to do it for you. I mean, it is buried in the KB article as "Method 1" after all...
It's official. Most of you are morons.
Thank you!!! Sanest comment I've seen in a long time.
XML is like violence. If it doesn't solve the problem, use more.
...for demonstrating why we need ODF.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
http://en.wikipedia.org/wiki/Planned_obsolescence
Examples:
-No DirectX 10.x API for WinXP or Win2k. (The nature of the API to be a higher-level Application Programming Interface, I'd forgive not developing for Win2k as it is no longer for sale, but there's NO good reason to deny the API in WinXP, other than to force clearly Planned Obsolescence)
-No IE7 for Win2k. (interestingly, Firefox still bests ALL versions of IE..)
-No Support on your year-old PC for Full Windows Vista use. (Again, why? Even Apple and Linux have pretty eye-candied desktops working on older hardware)
-No to the Sale of WinXP to OEM (non-Business) customers this month http://www.engadget.com/2007/04/12/microsoft-pulling-oem-windows-xp-next-january/.
-Etc... (insert your own here)
I know that in my present line of work, my colleagues and I write meticulous research reports for our multi-million dollar clients.
Our clients specifically require us to NOT use *any* MS Office 2007 file format; We are to utilize 'not newer than MS Office 2003 format'. (Typically Excel, Access, and Word formats are used).
Our clients have gone on to clarify, specifically, that the Office 2007 file formats are incompatible with the older MS Office versions and necessitate needless corporate updating for their thousands of internal users, (not to mention the client has decades of reports on file that get updated every 10 to 20 years, often utilizing the original editable report document).
I too will soon be installing in Open Office very soon. (Hopefully the Excel 2003 formulas and those dating back to Excel 2.0 all work properly in Open Office?)...
It appears that this "update" is not so much for security or even for ease of development (because it WAS previously WORKING in situ). It stragetically forces users of the older versions of MS Office to update to the new version (or rather adopt the new format) due to interoperability issues.
If MS Office 2003 did 'it' before and it does not do 'it' now, post-SP3... that is *Intentional*, not "For Your Protection".
-This would be akin to IE8 not opening 'older' web page formats at all because they used some older and (potentially) unsafe format of html, CSS, Scripting etc.. it deemed unsafe!
He's right... their excuse is a joke. It can't be that hard--especially considering the huge profit margin on Office--to figure out a way of opening these file formats securely. It's not even executable data, for pete's sake! And if they *are* talking about macros or something, well then just disable the macro part until you figure out a way to sandbox it.
The richest tech company in the world is throwing its hands up in the air and saying that can't figure out how to make its most profitable (and presumably most actively developed) products render a human readable, non-executable data format safely--PLEASE. This is nothing more than a very clumsy (but brazen) attempt to make people upgrade. I'm surprised they have the balls to do it, what with their current OOXML circus.