August 14, 2006 8:47 AM PDT

OpenOffice security is questioned

A report on the security of OpenOffice has caused a stir in the open-source community by highlighting six security "issues" around the open-source office suite.

OpenOffice has said only one actual bug was discovered, and that flaw has been fixed already. But the research, by the French Ministry of Defense, also points out that many security flaws have already been discovered in Microsoft Office applications, claiming that these are "easily transportable to OpenOffice."

According to the report, titled "In-depth analysis of the viral threats with OpenOffice.org documents," this means that the "general security of OpenOffice is insufficient," Infoworld reported.

The report goes on to counter claims from the open-source community that OpenOffice is inherently more secure than Microsoft's Office products. "The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some... aspects," the researchers wrote.

"This suite is up to now still vulnerable to many potential malware attacks," they added.

The paper was first submitted for publication in April and revised in June. It was accepted in July, when some of the details of the report began to leak out, and then published Aug. 1 in the Paris-based Journal of Computer Virology.

The paper describes four examples of how malicious code can attack OpenOffice and release hazards. The weaknesses are focused around issues such as the use of Zip files, and in particular the use of macro programming procedures and templates.

Last Tuesday, Microsoft announced it had fixed a number of bugs including one in PowerPoint.

Colin Barker of ZDNet UK reported from London.

See more CNET content tagged:
OpenOffice, OpenOffice.org, open-source community, open source, researcher

5 comments

Join the conversation!
Add your comment
The French are overlooking a major OOo security feature
MS Office only runs on Windows, but OpenOffice.org can also be
run on secure operating systems.
Posted by rcrusoe (1305 comments )
Reply Link Flag
false
Although I don't like to support Microsoft (and personally use OOo extensively), it's important to point out that Microsoft's Office for Mac works just fine on MacOS, which is a secure (unix-based) operating system. And, in fact, OOo's Mac port is clunky (NeoOffice is not clunky, but it's not up-to-date).
Posted by Harlan879 (130 comments )
Link Flag
OO.o security?
That must be joke.

I routinely crash all major/minor releases of OO.o I have used last five years. Learn keyboard shortcuts and start using them - very fast. Believe me OO.o would crash sooner than you would run of those few shortcuts you know. I stopped using keyboard in OO.o for the very reason. Though if you would try to do something very fast with mouse in OO.o - it could easily crash too. Happens to me all the time.

Though same applies to releases of M$O. Though second/third patch level (SR1/2/3/etc) normally works stable enough. In my experience, M$O (unlike OO.o) hangs more often than crashes.

As all security researchers have said most conditions leading to crash of application can be used for exploit.
Posted by Philips (400 comments )
Reply Link Flag
Thats the Problems with open source software,all the security issues,it could easily cost more the starting from the bign!
Posted by uohaa (9 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.