PowerPoint ZeroDay Vulnerability Exploited 140
whitehatlurker writes to mention a WashingtonPost.com article about another unpatched flaw with Microsoft Office. The bug, part of the PowerPoint software, has already been used in the wild, and may be connected to an industrial espionage case. From the article: "This undocumented flaw does not appear to have been addressed in any of the 13 security updates Microsoft shipped this week to mend a variety of problems in Office software. As Security Fix and others have noted, some of the work Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows, so we may see more Office flaws under attack."
The more vulnerabilities the better? (Score:4, Interesting)
Yeah right. The vast majority of the people who stick with Office these days are people who won't switch unless the alternative is 100% in every way, shape, and form "compatible" with (which to them means exactly the same as) Office.
Must be nice to be Microsoft, where you don't have to give a shit about your customers...
Do you really need MS Office? (Score:5, Interesting)
If the cost-benefit ratio is not strong enough to make the cost and insecurity worthwhile, abandon MS Office and use OOo. For most people it's a lot less painful than it sounds. I've even seen OOo spread like a fashion in some teams that were 100% Microsoft, as they discovered that OOo does actually work very nicely, and as they started using ODF as a standard in place of Microsoft's own formats. We did this a long time ago... we get a consistent set of tools on Windows and Linux, and documents that now conform to a global standard and which I know will still be readable in 20 years' time, whatever software or platform I'm using.
There are many alternative office suites and OOo has its flaws, mainly it's a bit slow, but it has a feature set that hits 100% of what we've used - for documents, spreadsheets, simple graphics, and presentations - for years. And I don't get the feeling, when I run it, that I'm running a code base that has hundreds of undocumented backdoors, caused deliberately, or accidentally.
Re:Do you really need MS Office? (Score:5, Interesting)
However, since OpenOffice has had a "create PDF" feature for ages, and since it produces really elegant PDFs, this is a solved problem.
I much prefer sending PDFs to editable documents because it prevents random modifications. When people do have to collaborate on writing a document, they can install OOo without much effort, and it is easy to learn, despite not being MS Office.
I've seen many people learn to use OpenOffice and the suggestion that its interface is hard to use is untrue. I've literally given non-technical people (office admins, sales and marketing people) a Linux box with OpenOffice and said, "go for it", and they've produced documents and spreadsheets and presentations without asking anything after, "what printer do I use".
PDFs are the answer to distributing prepared documents. PDF or HTML works fine for presentations. And if you *really* need to send someone an MS-Office format document, you use the "Save as" function to create it.
And this model has let us use OO for 4-5 years in a world where almost all of our clients use MS-Office. It works.
Spend the time making better software (Score:2, Interesting)
I have of course no idea how to change the world, or I'm sure I'd be either very rich, very famouse or both
Take it away now,
. Knut
Re:The more vulnerabilities the better? (Score:4, Interesting)
I'm running the beta of Office 2007 now, and there's no doubt that it's the biggest change to the Office interface since the switch from DOS. The new "ribbon" interface is a little easier of novices to do normal tasks with, but is a real hindrance to power users familiar with the '95-03 style Offices.
Anyone who's already productive with the older apps will find it easier to shift to OOo than to Office 2007. There's a few new tricks under the hood of the suite, but nothing compelling enough to pay the cost of the new version. In fact, Access coders are definitely going to want to look for alternatives. The new version is pitched much more at desktop experimenters, to the serious detriment of professional developers.
Re:The more vulnerabilities the better? (Score:2, Interesting)
I've been using it for a fair while now, and it still annoys me. Thing is, at the need of the beta period I'm going to have to decide whether to stick with my existing Office version (XP), switch to Open Office, or upgrade to Office 2007.
Right now, I just can't see any reason to upgrade. I've been a Office developer for more than a decade (switched from Paradox/Lotus to Office/Access 95), so this is a big decision for me. I've been a fairly vocal critic of MS since they started their customer harassment phase - I keep the install disks of my first Office XP Developer edition install nailed to the wall in front of me. It's there to remind me that I paid AU$1500 for a tool that won't activate on any computer in existence today.
I've never had an alternative until now though, and even if OOo isn't a perfect replacement, at least it's a way out of the trap. If I and others start developing for it and using it, we'll be well on the way to creating the platform OOo is going to need to hit critical mass.
Re:Word resume (Score:1, Interesting)
Both PDF and Word are the same thing in a different form: WYSIWYG PRESENTATION formats.