LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

BadBunny? Only if you invite it in

BadBunny? Only if you invite it in

Posted Jun 14, 2007 7:11 UTC (Thu) by beejaybee (guest, #1581)
Parent article: BadBunny? Only if you invite it in

"The balance between security and new features is always tricky, but when trying to compete against an established market leader, sometimes the features have to win."

Sorry, guys, the vast majority of users of office suite software are not security minded - they undoubtedly will click through viruses if the promised "benefit" is big enough, especially when they're working on corporate systems that they're not responsible for cleaning up after malware infestation.

Put a revolver with all chambers loaded with live rounds into a typical office suite user's hand, tell them that if they point it at their head and pull the trigger they'll see a picture of Paris Hilton/Brad Pitt naked (according to sexual orientation) and most of them will happily smear their brains over the wall.

Dangerous features need to be kept out of the hands of those who are not properly trained to avoid their misuse. That accounts for well over 90% of office suite users, even those running linux.

"In the end, if users are going to blindly click through any kind of warning, any reasonable level of security is impossible. This is true no matter what operating system, web browser or office suite is used."

Indeed. It would be a huge pity if features which are not needed by a large majority of OOo users are allowed to damage the security reputation of linux. OOo is far too bloated anyway, slimming it down by removing infrequently used and dangerous features would do it no harm at all.

(Log in to post comments)

BadBunny? Only if you invite it in

Posted Jun 14, 2007 7:51 UTC (Thu) by eru (subscriber, #2753) [Link]

It is not just about security-ignorant users, but basic usability. I want to be able to read an electronic document sent to me without any risk that simply opening it will do bad things. Is this too much to ask? It is an indication of the sad, sad state of this field that the answer to that appears to be "yes".

To go into another bad real-world analygy, suppose a stationery manufacturer sells paper sheets that otherwise look great, are durable etc, but have the unfortunate tendency to ignite if certain designs are drawn or printed on them. I don't think they would stay long on the market, even if the manufacturer put warnings on the packages about what not to print on them.

BadBunny? Only if you invite it in

Posted Jun 14, 2007 16:38 UTC (Thu) by thoffman (subscriber, #3063) [Link]

If I understand correctly from reading the article, I think you can safely read anything that anyone sends you.

Just don't click "OK!" if OO pops up a dialog box asking you if you want to run the macros in the document!

That seems very reasonable for most people.

However, I think there should be a way to easily and completely disable OO macros on a per-user basis. That way, less-experienced users (such as children) who share a computer with more experienced users could safely exchange documents with school mates, etc. without risk, while the "expert" users on the same machine could use OO macros to do the nifty automated things.

But what if one needs to run the macros?

Posted Jun 14, 2007 20:20 UTC (Thu) by eru (subscriber, #2753) [Link]

Just don't click "OK!" if OO pops up a dialog box asking you if you want to run the macros in the document!

That seems very reasonable for most people.

I think it very unsatisfactory. For better or worse, the macros might be essential for fully getting the contents of the document. A related example: an ex-colleague once wrote a surprisingly short PostScript macro that when run, drew the very complex-looking logo the company used at the time, by observing how it had been put together from replicating some simple elements. A very effective way to compress into about two hundred bytes something that otherwise would take several kilobytes, even in vector form. An office suite macro might do something similar, and I think this is a very reasonable use for them: formatting the contents of the document itself for presentation without mucking about with anything external to the document and the window used to display it. I would like to allow it without questions, and at the same time prevent all potentially malicious uses.

It ought to be possible, provided office suite makers drop the idea that an office suite must be a complete application development environment, and go back to what 99.9% of the users really want to do with them: create and view documents.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds