On CHOW: How to brine your holiday turkey
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 11 of 23:
Next »
« Previous
Why bother with "office productivity" software?
If users were told that they should not open files from other sources in Microsoft Office, the package would be dead in a month.

Unlike some game or utility or screensaver, "office productivity" software is supposed to be used to distribute files and to open files from other users.

It is completely unworkable to require that users *know* the state of the system security at the point where the document originated. Most companies won't tell you if you did ask!

Likewise, it is unreasonable to expect that users of office software packages will be up-to-date on the latest state of software security.

If Microsoft (and the rest of the industry) don't get this stuff figured out, we will see a regression to the days when only certain software could open certain files.

Only this would make sense for a company tired of paying for an IT staff larger than any other non-profit-generating center and *still* not being able to count on their system going down because of some imported file from some (current or potential) vendor or customer. If you know all of the users in your company will be unable to open up any file that happen to fly their way, then you don't have to worry about this sort of trick-into-opening vulnerability.

Telling a company to prohibit file downloads from cd, email or floppy is not an option. It is also unlikely that any non-technology company (and, I suspect, most technology companies) will pay to keep all of their employees up to date (weekly or more often) on the latest threats--we are talking about training at the level of folks who regularly use spreadsheet, word processing, or presentation documents.

So please don't expect that any sort of warning screen that appears before each new document is opened will accomplish anything. Just what do you expect the department secretary to do? Tell the boss this file isn't usable? I don't believe so. . .
Posted by: rgathercoal@...   Posted on: 04/11/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Office zero-day bugs spoil Patch Tuesday  Loverock Davidson | 04/10/07
L.D. , L.D. , L.D. , when will you understand not everyone is like you .  Intellihence | 04/10/07
You gotta understand Loverock  Zeppo9191 | 04/11/07
Back on first  jorjitop | 04/11/07
Now now  Loverock Davidson | 04/11/07
Warnings?  Bucky24 | 04/11/07
What does that have to do with giorgio_z's post?  Zeppo9191 | 04/11/07
Tsk, Tsk., Tsk  mv520 | 04/11/07
re: Now now  Intellihence | 04/12/07
...doesn't make this flaw all that feasible...  levinson | 04/11/07
Why bother with "office productivity" software?  rgathercoal@... | 04/11/07
Patches spoil every software makers rep  Boot_Agnostic | 04/11/07
Exploits, not vulnerabilities  TripleII | 04/11/07
Weird  RocketEater | 04/12/07
Gee this old stuff...  Heatlesssun1 | 04/11/07
You forgot one...  justanitguy | 04/11/07
Good point however...  Heatlesssun1 | 04/11/07
Scan is an option  Freebird54 | 04/11/07
ZDNet, give the meaningless DRIVEL a rest.  dgurney | 04/11/07
Good point!  Heatlesssun1 | 04/11/07
style sheet?  rgathercoal@... | 04/11/07
Hmmm  RocketEater | 04/12/07
It's something similar  Hrothgar - PCLinuxOS User | 04/12/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here