Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Apologizes To Rival

Posted by kdawson on from the it's-the-software-stupid dept.

Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."

37 of 151 comments (clear)

  1. Wait.... by nizo · · Score: 4, Funny

    When I took a nap at lunch today, did I wake up in a parallel universe?

    --
    I Am My Own Worst Enemy
    1. Re:Wait.... by Atario · · Score: 4, Funny

      Yes! Here, rain falls up, and hambugers eat people!

      It's a little like your Soviet Union or Bizzarro Universe.

      --
      "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
    2. Re:Wait.... by youthoftoday · · Score: 2, Funny

      Hamburgers eat people?

      You must have woken up in Soviet Russia!

      --
      -1 not first post
    3. Re:Wait.... by GroeFaZ · · Score: 4, Funny

      Depends. Is everyone around you wearing goatees?

      --
      The grass is always greener on the other side of the light cone.
    4. Re:Wait.... by arotenbe · · Score: 4, Funny

      Is everyone around you wearing goatees? No. Goatses.
      --
      Tomato wedge sperm darts that are Republican.
    5. Re:Wait.... by Power_Pentode · · Score: 3, Funny

      When I took a nap at lunch today, did I wake up in a parallel universe?
      No kidding! This is, like, the first sign of the apocalypse. What's next, a trailer featuring real in-game action from Duke Nukem Forever?
    6. Re:Wait.... by $0.02 · · Score: 2, Funny

      And where Kucinich wins elections.

      --
      If enithin kan gow rong it whil. (Murfey)
    7. Re:Wait.... by Chris+Mattern · · Score: 4, Insightful

      Nothing parallel about this. Microsoft isn't going to stop blocking the competition's file formats by default, so you'll still need to edit your registry to be able to use them. They'll see about doing something to make it easier...Real Soon Now. Meanwhile, have this absolutely worthless apology! Nothing unusual about this...Microsoft has always been willing to talk sweet when it needs to calm things down a bit. Actually fixing the problem, particularly when the problem has been carefully orchestrated to kick the competition in the crotch? Not so much.

      Chris Mattern

    8. Re:Wait.... by Kyokushi · · Score: 3, Funny

      Conclusion: In Soviet Russia, Microsoft apologizes to YOU!

    9. Re:Wait.... by random0xff · · Score: 2, Interesting
      No:

      A file format (with some exceptions, like .hlp files) isn't insecure - it's the code that reads the format that's more or less secure. See how he switched from using the word 'insecure' in association with file formats, how uses the terms 'more or less secure' for describing the code they wrote.
  2. File Formats that ARE by krray · · Score: 2, Insightful

    File formats that ARE insecure ... the ones that come to mind are .EXE, .COM, .SCR, .PIF, .CHM, .DLL, .VB* ... the list is long.
    Oh, wait ... with Microsoft's logic these aren't insecure. It's the program (Windows) that uses them. I would agree.
    Fortunately my various flavors of un*x boxes don't understand what to do with these...

    I would love to read the letter Microsoft's legal department got over the December update.

    Too bad that won't be made public.

    1. Re:File Formats that ARE by _merlin · · Score: 2, Informative

      Well it's true of the formats - .EXE is no more or less secure than an ELF binary, .COM is no more or less secure than a.out format, .CHM is no more or less secure than a tarball, .DLL is no more or less secure than ELF .so, .VBS is no more or less secure than a Perl script. The issue is whether the environment they run in is secure or not. You could argue that the execution environment that an ELF binary runs in under Solaris is more secure than the environment that a .EXE runs in under Windows, but a malicious program could still scavenge personal data send it to the "bad guys" over HTTP (which is open in most people's firewalls). Perl is definitely a lot more secure than the VBScript runtime, but that won't stop a malicious script from deleting or overwriting a user's files.

  3. So, what changed hands between Microsoft/Corel? by defile · · Score: 2, Interesting

    Why would Microsoft enable a competitor, and, more ludicrously, apologize if there was no reason to? What's in this for Microsoft? Did Corel pay them a fee? Agree to cede a market? Threaten them with some kind of slam-dunk legal action that Microsoft was on the losing side of? We will probably never know.

    1. Re:So, what changed hands between Microsoft/Corel? by flyingfsck · · Score: 4, Insightful

      Corel and Novel both have long histories of suing Microsoft successfully to the tune of hundreds of millions of dollars (about 2 billion between the two of them). Clearly, MS was afraid of getting sued yet again.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
  4. we're sorry... by nguy · · Score: 4, Insightful

    That's like saying to a corpse, "Oh, I'm so sorry I killed you; I hope you won't feel too bad about it."

  5. Re:Boiled down by davester666 · · Score: 5, Insightful

    Yes. Rather than fixing their implementation, they just made it more difficult for users to use their implementation.

    It just happens to be that some of their faulty implementations are for reading formats for competing products... You are not permitted to draw any inference from this fact.

    --
    Sleep your way to a whiter smile...date a dentist!
  6. Re:Boiled down by joe_bruin · · Score: 5, Interesting

    It boiled down to Microsoft, instead of fixing their bad file parsing code, disabled it so customers couldn't access their older files AND blamed Corel's file format. Notice that they are still not admitting that their code is bad or fixing it, they're just re-enabling their buggy code because customers complained that they couldn't open files.

  7. Re:Business as usual by mr_mischief · · Score: 5, Informative

    Nah. Just 4 months.

    The blocking of the file formats was from September's Office 2003 Service Pack 3 update. The KB article was probably issued the same time, but it was edited yesterday (and the MSKB doesn't show the original date, just the last review date and the number of times edited).

    The apology was yesterday.

  8. that's weird by SolusSD · · Score: 2, Funny

    Microsoft said something that didn't make me upset. hmm. in fact, it was the right thing to do! (i'm scared)

  9. Who neutered Microsoft? by NullProg · · Score: 4, Interesting

    'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure -- it's the code that reads the format that's more or less secure.'

    Admitting FUD is uncharacteristic of Microsoft. Speaking the plain truth means Hell just froze over.

    I'm at a loss for words....

    Enjoy,

    --
    It's just the normal noises in here.
  10. Re:Microsoft apologized?! by corsec67 · · Score: 4, Insightful

    At this point it doesn't matter if they apologized, the damage is done: opening older Corel documents in Office 2003 is a PITA. Apologizing just gains points with the CTO type people, so there really isn't a downside. Too bad it doesn't dawn on them that before MS was letting them use a "less-secure" method of opening files....

    --
    If I have nothing to hide, don't search me
  11. Breaking news by EmbeddedJanitor · · Score: 4, Funny

    David Leblanc admitted to hospital with chair-induced head injuries.

    --
    Engineering is the art of compromise.
  12. Re:Boiled down by Smidge204 · · Score: 3, Insightful

    Read it carefully for the doublethink!

    "A file format isn't insecure -- it's the code that reads the format that's more or less secure."

    Read it again if you didn't catch it.
    =Smidge=

  13. Nothing Worth Selling by WED+Fan · · Score: 5, Insightful

    Hope you didn't lose any sales.

    Uh, sparky, the assumption that Corel has anything of value to market and sell is a bit of a stretch. They have so mismanaged the brand that it is almost criminal what they did to their office products.

    I was a big time WordPerfect user. I tried to stick around through their sale to Novell and lack of effort from them. Later, sold to Corel, the company sat on it and did nothing allowing Microsoft Word to over take it and take over Office Suite dominance. This is what turned MS into the big monster it is now.

    Corel should be apologizing to the world.

    They took a great product and took a dump on it. This would be like DC turning the Superman franchise over to Alexander Salkind...oh, wait, they did.

    --
    Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
    1. Re:Nothing Worth Selling by pimpimpim · · Score: 2, Interesting
      I guess they realized it would be a lost cause fighting against Microsoft Office, throwing away developer time. Then again, if they would have endured and realized back then that the eternal reign of MS Office could be overthrown, they might be growing by now, at a time where switching from office** to office 2007 is just as hard as switching to another suite, and with a current public and political outcry for open document formats.

      The first thing I used after wordperfect 5.1 was Lotus WordPro, since it came with my Aptiva pentium 100 "multimedia" pc. This was actually a pretty good program, it had a latex-like equation editor, and came with a nicer selection of fonts than the default MSoffice. I just checked and it appears that IBM changed the whole SmartSuite to something called "symphony" now, made it free of charge and able to work with ODF.

      IBM may be on to something here, the lack of backward compatibility in MSOffice plus the high costs of obligatory contract renewals will make more and more people (better: the companies that employ these people) realize the problems MS gets them in, and look for alternatives. All these dirty tricks might end up to be MS nailing its own coffin: as soon as companies switch to another browser, to another office suite, why should they be dependent on MS at all?

      --
      molmod.com - computing tips from a molecular modeling
    2. Re:Nothing Worth Selling by gaspyy · · Score: 2, Interesting

      Unfortunately it's not just their office.

      Corel's flagship is CorelDraw, which is a actually a very capable illustration software.
      Corel Draw and Corel Photo-Paint used to be on par and sometimes above competitors' products (Adobe Illustrator, Macromedia Freehand; Photo-Paint was at least as capable as Photoshop in 2000).

      They stopped innovating. The last Corel Draw suite was released in 2005 (they issued 2 service packs). Photo-Paint remained untouched for years, now lagging behind Photoshop in many areas.

      Such a shame. The products used to be really good in terms of features and UI. Now they've buried everything.

  14. Re:Seriously... by RuBLed · · Score: 2, Informative
    It seems that the extension in question was the .cdr extension used by Corel Draw.

    But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update.


    If you ask me, Corel Draw is one good drawing tool, a good partner for Adobe Photoshop. (I'm not a pro at these tools, I just stumble upon them when I rarely need it...)
  15. Re:File formats can't be insecure? by MrNaz · · Score: 2, Insightful

    Yes, the file format wouldn't be insecure. Your handling of it would be.

    --
    I hate printers.
  16. We don't abuse our monopoly... by Locklin · · Score: 4, Funny

    See! we apologized! Now leave us alone!

    --
    "Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
  17. Amazing. by Scottoest · · Score: 5, Insightful

    I remember the /. posting about this topic last week, where everyone rightfully corrected them about file formats not inherently being insecure. There was the usually geejawing about "M$" being brutal thugs, and idiots, etc. etc. etc. Y'know, par for the course on this website.

    However, the most entertaining posts on this website, are in cases where Microsoft admits error, or does something "good". We then get to see these same people do logical contortionist routines about how they must have been threatened legally, or baseless conjecturing about what must have been in it for them.

    A lot of people here talk a lot about how Microsoft should listen more to the "geek" community. Places like this remind me of precisely why they don't bother.

    Slashdot is generally pretty great for my daily fill of tech news. But man oh man, when it comes to Microsoft, any front of being unbiased is quickly cast off.

    "kdawson" is probably the worst of the bunch, too.

    - Scott

  18. Re:The strategy isn't bad... by Trolan · · Score: 3, Funny

    If they keep this up, I can see their next OS: Microsoft Windows BoW (Block of Wood) Ultimate Edition!

    But a block of wood isn't complete safe. Someone could get hurt by it. So they'd have to release SP1 which adds padding.

  19. It's about time.... by Rival · · Score: 2, Interesting

    [After reading just the story title] It's about time! They laid me off back in '99 five minutes after we RTM'd Win2k, and they're only just now getting around to apologizing? Well, better late than never, I suppose.

    [After reading TFA] It is refreshing to see such a direct and honest explanation and rationale. Even if it isn't exactly front page news, it's much better than the typical PR-filtered triple-speak that tends to get the press. A good reminder that the developers != the company.

    Thanks, David. If more decision makers at Microsoft were to take a similar approach to problems, even if just internally, I think the corporate image could be improved. Whether there's time to turn the ship around before it hits the iceberg*, I don't know, but it would be an interesting thing to watch.

    *Yes, I know the engine reversal and attempt to turn was what doomed the Titanic. It's a complex analogy, with layers of irony and humor.

  20. We're apologizing... by Chris+Mattern · · Score: 4, Informative

    ...but we're going to continue to block your file formats by default on our systems. Those who want to use your file formats will need to go through the MicroSoft KB and find our designated fix for it, but we'll try to make that easier to use. Have a nice day!

    Chris Mattern

  21. Peace at last! Whew! Celebrate! by theendlessnow · · Score: 2, Funny

    Microsoft also announced a new head of sales and marketing for Office. Little is know if this new hire... however, people believe his name to be Davrus or Debross, something like that. We'll let you know after the press conference. The new president wants to make sure the everyone attends. Supposedly the name of the Corel plugin engine will be Lorec... a natural evolution of the original plugin.

  22. Heh by hyfe · · Score: 4, Funny

    A file format isn't insecure it's the code that reads the format that's more or less secure.'
    Secret Passwords.txt

    My father has that in his My Documents-folder. It contains secret passwords.

    --
    "" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
  23. Next up by Plutonite · · Score: 4, Funny

    Chuck Norris gets beaten up by the leave-britney-alone kid, and Bruce Schnier gets r00ted.... by Martha Stewart! Social engineering.

    Because in Soviet Redmond, the chairs fear YOU!

    Seriously, MS has apologized. To a competitor. On a technical subject. Holy friggin WOW. Since god now obviously exists, here's what I'm going to be praying for over the course of the next few years:

    -Physics grant gets awarded to grad student who does not have lips wrapped tightly around String Theory schlong

    -Dell admits that their computer cases are uglier than your face.

    -Apple fanbois shut up. For good. (and I'm typing this on a macbook pro)

    -America elects a Good president.

    -Myspace creators realize the magnitude of their crime against human civilization and turn themselves in to local authorities.

    -I stop wasting my time on slashdot.

  24. Notice the wording by Svenne · · Score: 4, Insightful

    When he's talking about Corel's file format it's ok to say "insecure," but when it comes to MS Office it's suddenly called "less secure." Wouldn't want to give the wrong impression now, would we?

    --

    Slagborr