Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Apologizes To Rival

Posted by kdawson on from the it's-the-software-stupid dept.

Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."

4 of 151 comments (clear)

  1. Re:Business as usual by mr_mischief · · Score: 5, Informative

    Nah. Just 4 months.

    The blocking of the file formats was from September's Office 2003 Service Pack 3 update. The KB article was probably issued the same time, but it was edited yesterday (and the MSKB doesn't show the original date, just the last review date and the number of times edited).

    The apology was yesterday.

  2. Re:Seriously... by RuBLed · · Score: 2, Informative
    It seems that the extension in question was the .cdr extension used by Corel Draw.

    But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update.


    If you ask me, Corel Draw is one good drawing tool, a good partner for Adobe Photoshop. (I'm not a pro at these tools, I just stumble upon them when I rarely need it...)
  3. Re:File Formats that ARE by _merlin · · Score: 2, Informative

    Well it's true of the formats - .EXE is no more or less secure than an ELF binary, .COM is no more or less secure than a.out format, .CHM is no more or less secure than a tarball, .DLL is no more or less secure than ELF .so, .VBS is no more or less secure than a Perl script. The issue is whether the environment they run in is secure or not. You could argue that the execution environment that an ELF binary runs in under Solaris is more secure than the environment that a .EXE runs in under Windows, but a malicious program could still scavenge personal data send it to the "bad guys" over HTTP (which is open in most people's firewalls). Perl is definitely a lot more secure than the VBScript runtime, but that won't stop a malicious script from deleting or overwriting a user's files.

  4. We're apologizing... by Chris+Mattern · · Score: 4, Informative

    ...but we're going to continue to block your file formats by default on our systems. Those who want to use your file formats will need to go through the MicroSoft KB and find our designated fix for it, but we'll try to make that easier to use. Have a nice day!

    Chris Mattern