A report on the security of OpenOffice has caused a stir in the open-source community by highlighting six security "issues" around the open-source office suite.
OpenOffice has said only one actual bug was discovered, and that flaw has been fixed already. But the research, by the French Ministry of Defense, also points out that many security flaws have already been discovered in Microsoft Office applications, claiming that these are "easily transportable to OpenOffice."
According to the report, titled "In-depth analysis of the viral threats with OpenOffice.org documents," this means that the "general security of OpenOffice is insufficient," Infoworld reported.
The report goes on to counter claims from the open-source community that OpenOffice is inherently more secure than Microsoft's Office products. "The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some... aspects," the researchers wrote.
"This suite is up to now still vulnerable to many potential malware attacks," they added.
The paper was first submitted for publication in April and revised in June. It was accepted in July, when some of the
details of the report began to leak out, and then published Aug. 1 in the Paris-based Journal of Computer Virology.
The paper describes four examples of how malicious code can attack OpenOffice and release hazards. The weaknesses are focused around issues such as the use of Zip files, and in particular the use of macro programming procedures and templates.
Although I don't like to support Microsoft (and personally use OOo extensively), it's important to point out that Microsoft's Office for Mac works just fine on MacOS, which is a secure (unix-based) operating system. And, in fact, OOo's Mac port is clunky (NeoOffice is not clunky, but it's not up-to-date).
I routinely crash all major/minor releases of OO.o I have used last five years. Learn keyboard shortcuts and start using them - very fast. Believe me OO.o would crash sooner than you would run of those few shortcuts you know. I stopped using keyboard in OO.o for the very reason. Though if you would try to do something very fast with mouse in OO.o - it could easily crash too. Happens to me all the time.
Though same applies to releases of M$O. Though second/third patch level (SR1/2/3/etc) normally works stable enough. In my experience, M$O (unlike OO.o) hangs more often than crashes.
As all security researchers have said most conditions leading to crash of application can be used for exploit.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
run on secure operating systems.
I routinely crash all major/minor releases of OO.o I have used last five years. Learn keyboard shortcuts and start using them - very fast. Believe me OO.o would crash sooner than you would run of those few shortcuts you know. I stopped using keyboard in OO.o for the very reason. Though if you would try to do something very fast with mouse in OO.o - it could easily crash too. Happens to me all the time.
Though same applies to releases of M$O. Though second/third patch level (SR1/2/3/etc) normally works stable enough. In my experience, M$O (unlike OO.o) hangs more often than crashes.
As all security researchers have said most conditions leading to crash of application can be used for exploit.