Microsoft Apologizes To Rival

Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."

Wait....

[nizo (81281)]

When I took a nap at lunch today, did I wake up in a parallel universe?

Re:Wait....

[Atario (673917)]

Yes! Here, rain falls up, and hambugers eat people!

It's a little like your Soviet Union or Bizzarro Universe.

Re:

[youthoftoday (975074)]

Hamburgers eat people?

You must have woken up in Soviet Russia!

Re:

[Fry-kun (619632)]

It's a Simpsons reference, you insensitive clod!
The Great Continent of Rand McNally [wikipedia.org] :)

Re:

[Kyokushi (1164377)]

Conclusion: In Soviet Russia, Microsoft apologizes to YOU!

Re:

[$0.02 (618911)]

And where Kucinich wins elections.

Re:Wait....

[GroeFaZ (850443)]

Depends. Is everyone around you wearing goatees?

Re:Wait....

[arotenbe (1203922)]

Is everyone around you wearing goatees?

No. Goatses.

Breaking news

[EmbeddedJanitor (597831)]

David Leblanc admitted to hospital with chair-induced head injuries.

Re:

[Power_Pentode (1123285)]

When I took a nap at lunch today, did I wake up in a parallel universe?

No kidding! This is, like, the first sign of the apocalypse. What's next, a trailer featuring real in-game action from Duke Nukem Forever?

Re:Wait....for the red pill.

[neo (4625)]

Yes... everything you know is a lie. There is a world behind this one. One in which Microsoft is not evil.

Re:Wait....

[Chris Mattern (191822)]

Nothing parallel about this. Microsoft isn't going to stop blocking the competition's file formats by default, so you'll still need to edit your registry to be able to use them. They'll see about doing something to make it easier...Real Soon Now. Meanwhile, have this absolutely worthless apology! Nothing unusual about this...Microsoft has always been willing to talk sweet when it needs to calm things down a bit. Actually fixing the problem, particularly when the problem has been carefully orchestrated to kick the competition in the crotch? Not so much.

Chris Mattern

Boiled down

[Romancer (19668)]

So boiled down, microsoft is saying that their software is the problem? That Office has "less secure" ways of opening formats than they could have?

Re:Boiled down

[davester666 (731373)]

Yes. Rather than fixing their implementation, they just made it more difficult for users to use their implementation.

It just happens to be that some of their faulty implementations are for reading formats for competing products... You are not permitted to draw any inference from this fact.

Re:Boiled down

[joe_bruin (266648)]

It boiled down to Microsoft, instead of fixing their bad file parsing code, disabled it so customers couldn't access their older files AND blamed Corel's file format. Notice that they are still not admitting that their code is bad or fixing it, they're just re-enabling their buggy code because customers complained that they couldn't open files.

Re:

[Trolan (42526)]

If they keep this up, I can see their next OS: Microsoft Windows BoW (Block of Wood) Ultimate Edition!

But a block of wood isn't complete safe. Someone could get hurt by it. So they'd have to release SP1 which adds padding.

Re:Boiled down

[Smidge204 (605297)]

Read it carefully for the doublethink!

"A file format isn't insecure -- it's the code that reads the format that's more or less secure."

Read it again if you didn't catch it.
=Smidge=

File Formats that ARE

[krray (605395)]

File formats that ARE insecure ... the ones that come to mind are .EXE, .COM, .SCR, .PIF, .CHM, .DLL, .VB* ... the list is long.
Oh, wait ... with Microsoft's logic these aren't insecure. It's the program (Windows) that uses them. I would agree.
Fortunately my various flavors of un*x boxes don't understand what to do with these...

I would love to read the letter Microsoft's legal department got over the December update.

Too bad that won't be made public.

Re:

[_merlin (160982)]

Well it's true of the formats - .EXE is no more or less secure than an ELF binary, .COM is no more or less secure than a.out format, .CHM is no more or less secure than a tarball, .DLL is no more or less secure than ELF .so, .VBS is no more or less secure than a Perl script. The issue is whether the environment they run in is secure or not. You could argue that the execution environment that an ELF binary runs in under Solaris is more secure than the environment that a .EXE runs in under Windows, but a ma

Re:

[hangareighteen (31788)]

You missed my personal favorite: Windows Metafile [wikipedia.org]

Terrible engineering, that.

So, what changed hands between Microsoft/Corel?

[defile (1059)]

Why would Microsoft enable a competitor, and, more ludicrously, apologize if there was no reason to? What's in this for Microsoft? Did Corel pay them a fee? Agree to cede a market? Threaten them with some kind of slam-dunk legal action that Microsoft was on the losing side of? We will probably never know.

Re:So, what changed hands between Microsoft/Corel?

[flyingfsck (986395)]

Corel and Novel both have long histories of suing Microsoft successfully to the tune of hundreds of millions of dollars (about 2 billion between the two of them). Clearly, MS was afraid of getting sued yet again.

Stop them from getting sued?

[EmbeddedJanitor (597831)]

If you tell lies that hurt someone's business you can appear in court which would cause all kinds of mess (particularly if intertwined with the anti-trust rulings).

Likely the apology was a condition of some out of court agreement.

we're sorry...

[nguy (1207026)]

That's like saying to a corpse, "Oh, I'm so sorry I killed you; I hope you won't feel too bad about it."

Re:

[Catnapster (531547)]

Darwin Tremor [imdb.com]: [manipulating Dupree's mouth so Jack seems to be speaking to him] Oh hell yeah, we was just at the wrong place at the wrong time, so don't feel so bad, chief.

that's weird

[SolusSD (680489)]

Microsoft said something that didn't make me upset. hmm. in fact, it was the right thing to do! (i'm scared)

Who neutered Microsoft?

[NullProg (70833)]

'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure -- it's the code that reads the format that's more or less secure.'

Admitting FUD is uncharacteristic of Microsoft. Speaking the plain truth means Hell just froze over.

I'm at a loss for words....

Enjoy,

File formats can't be insecure?

[martin-boundary (547041)]

Whoa! I'm going to put all my passwords and bank account numbers online in the clear in a single plain ASCII text file from now on. Who needs encryption? Take that crackers! You thought you could steal my stuff, eh? Just you download that file from my blog and weep, bitches!

Re:

[WK2 (1072560)]

The ASCII file format is not insecure. However, the behavior you suggest is dangerous.

Re:

[martin-boundary (547041)]

The ASCII file format is not insecure. However, the behavior you suggest is dangerous.

The crucial question you're not asking is what is the intended use of the file format. Every file format is intended to be used for something, and once it is stated what that use is, one can ask if the format is secure for its intended purpose.

In my example, the intended purpose makes the format insecure. If I had used plain ASCII to list a bunch of recipes I found online, the format wouldn't be insecure if my purp

Re:

[Penguinisto (415985)]

...that's funny, becuase Microsoft's argument was more along the lines that Office would be more secure if only those files couldn't be opened.

And yet for some odd reason NeoOffice on my Mac can open them just fine with no adverse reaction.

/P

Re:

[totally bogus dude (1040246)]

If we go ahead and assume that "ASCII file format" means a file containing only the printable ASCII characters, then that's pretty open ended. You can store encrypted data in it just fine by encoding that data as "plain text" (e.g. gpg --armor). The same as how binary files can be sent over SMTP, which traditionally only supports 7-bit ASCII. Or you could come up with your own "cypher", known only to you, so an attacker reading the file would see "mybank.com password: foozball" but you'd know that it's a li

Re:

[MrNaz (730548)]

Yes, the file format wouldn't be insecure. Your handling of it would be.

Re:

[martin-boundary (547041)]

If the file format is *intended* to keep my information safe from others, then I think if it easily fails that task, it must be called insecure by definition.

If I specified the format to be freeform text, encrypted with a suitably hidden, suitably complex one time pad, then the resulting file format would have to be called secure, no?

How about old Mike?

[rastoboy29 (807168)]

They must have meant Mike Rosoff.

No shit.

[peipas (809350)]

n/t

We don't abuse our monopoly...

[Locklin (1074657)]

See! we apologized! Now leave us alone!

Amazing.

[Scottoest (1081663)]

I remember the /. posting about this topic last week, where everyone rightfully corrected them about file formats not inherently being insecure. There was the usually geejawing about "M$" being brutal thugs, and idiots, etc. etc. etc. Y'know, par for the course on this website.

However, the most entertaining posts on this website, are in cases where Microsoft admits error, or does something "good". We then get to see these same people do logical contortionist routines about how they must have been threatened legally, or baseless conjecturing about what must have been in it for them.

A lot of people here talk a lot about how Microsoft should listen more to the "geek" community. Places like this remind me of precisely why they don't bother.

Slashdot is generally pretty great for my daily fill of tech news. But man oh man, when it comes to Microsoft, any front of being unbiased is quickly cast off.

"kdawson" is probably the worst of the bunch, too.

- Scott

We're apologizing...

[Chris Mattern (191822)]

...but we're going to continue to block your file formats by default on our systems. Those who want to use your file formats will need to go through the MicroSoft KB and find our designated fix for it, but we'll try to make that easier to use. Have a nice day!

Chris Mattern

Heh

[hyfe (641811)]

A file format isn't insecure it's the code that reads the format that's more or less secure.'

Secret Passwords.txt

My father has that in his My Documents-folder. It contains secret passwords.

Next up

[Plutonite (999141)]

Chuck Norris gets beaten up by the leave-britney-alone kid, and Bruce Schnier gets r00ted.... by Martha Stewart! Social engineering.

Because in Soviet Redmond, the chairs fear YOU!

Seriously, MS has apologized. To a competitor. On a technical subject. Holy friggin WOW. Since god now obviously exists, here's what I'm going to be praying for over the course of the next few years:

-Physics grant gets awarded to grad student who does not have lips wrapped tightly around String Theory schlong

-Dell admits that their computer cases are uglier than your face.

-Apple fanbois shut up. For good. (and I'm typing this on a macbook pro)

-America elects a Good president.

-Myspace creators realize the magnitude of their crime against human civilization and turn themselves in to local authorities.

-I stop wasting my time on slashdot.

Notice the wording

[Svenne (117693)]

When he's talking about Corel's file format it's ok to say "insecure," but when it comes to MS Office it's suddenly called "less secure." Wouldn't want to give the wrong impression now, would we?

Re:Business as usual

[mr_mischief (456295)]

Nah. Just 4 months.

The blocking of the file formats was from September's Office 2003 Service Pack 3 update. The KB article was probably issued the same time, but it was edited yesterday (and the MSKB doesn't show the original date, just the last review date and the number of times edited).

The apology was yesterday.

Re:

[flyingfsck (986395)]

Not many people use WP, but I use both and WP is still better than MS Word.

Re:

[RuBLed (995686)]

It seems that the extension in question was the .cdr extension used by Corel Draw.

But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update.

If you ask me, Corel Draw is one good drawing tool, a good partner for Adobe Photoshop. (I'm not a pro at these tools, I just stumble upon them when I rarely need it...)

Re:Microsoft apologized?!

[corsec67 (627446)]

At this point it doesn't matter if they apologized, the damage is done: opening older Corel documents in Office 2003 is a PITA. Apologizing just gains points with the CTO type people, so there really isn't a downside. Too bad it doesn't dawn on them that before MS was letting them use a "less-secure" method of opening files....

Re:

[mqduck (232646)]

I suspect it's simply that Corel's lawyers sent MS a friendly letter threatening a lawsuit for the claim, and MS realized that 1) it's not worth fighting over, and 2) they would look like idiots if they tried to defend their statement, and they don't need that right now. Further, I doubt they framed it as an "apology". That's Slashdot's doing. More likely they just quietly issued a little statement saying they erred in a previous claim.

Nothing Worth Selling

[WED Fan (911325)]

Hope you didn't lose any sales.

Uh, sparky, the assumption that Corel has anything of value to market and sell is a bit of a stretch. They have so mismanaged the brand that it is almost criminal what they did to their office products.

I was a big time WordPerfect user. I tried to stick around through their sale to Novell and lack of effort from them. Later, sold to Corel, the company sat on it and did nothing allowing Microsoft Word to over take it and take over Office Suite dominance. This is what turned MS into the big monster it is now.

Corel should be apologizing to the world.

They took a great product and took a dump on it. This would be like DC turning the Superman franchise over to Alexander Salkind...oh, wait, they did.

Re:

[pimpimpim (811140)]

I guess they realized it would be a lost cause fighting against Microsoft Office, throwing away developer time. Then again, if they would have endured and realized back then that the eternal reign of MS Office could be overthrown, they might be growing by now, at a time where switching from office** to office 2007 is just as hard as switching to another suite, and with a current public and political outcry for open document formats.

The first thing I used after wordperfect 5.1 was Lotus WordPro, since it c

Re:

[gaspyy (514539)]

Unfortunately it's not just their office.

Corel's flagship is CorelDraw, which is a actually a very capable illustration software.
Corel Draw and Corel Photo-Paint used to be on par and sometimes above competitors' products (Adobe Illustrator, Macromedia Freehand; Photo-Paint was at least as capable as Photoshop in 2000).

They stopped innovating. The last Corel Draw suite was released in 2005 (they issued 2 service packs). Photo-Paint remained untouched for years, now lagging behind Photoshop in many areas.

Suc