Macro virus for Staroffice discovered (Techworld)
The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template. If a user opens a document infected with Stardust, every StarOffice text document, with a '.sxw' extension, or document template, with a '.stw' extension, will be infected..." There is no mention of whether it can propagate through ODF files.
Posted May 31, 2006 14:50 UTC (Wed)
by grouch (guest, #27289)
[Link] (2 responses)
Posted Jun 1, 2006 4:03 UTC (Thu)
by Arker (guest, #14205)
[Link] (1 responses)
Expect more of this, not less, in the future, as so much FOSS 'desktop' software imitates bad proprietary software.
Posted Jun 1, 2006 8:22 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
AIUI, PerfectScript viruses are impossible. WordPerfect, despite having a pretty decent macro language, was immune to viruses until they licenced MS's VBA engine. And provided that engine isn't enabled, it's still immune :-)
Cheers,
Posted May 31, 2006 14:51 UTC (Wed)
by MortFurd (guest, #9389)
[Link]
StarOffice 8 is based on OOo 2, and StarOffice 7 was based on OOo 1. StarOffice 5 was out years ago. It was on the SuSE 6.2 CDs so many years ago when I switched from Windows 95 to SuSE 6.2.
Heise does mention that Stardust could easily be ported to OOo 2, however.
Posted May 31, 2006 18:48 UTC (Wed)
by dwheeler (guest, #1216)
[Link] (4 responses)
Oh look, there are multiple implementations, and the format is designed to encourage multiple interoperable implementations. Looks like ODF is the solution, not the problem.
Posted May 31, 2006 21:34 UTC (Wed)
by Ross (guest, #4065)
[Link] (3 responses)
Posted Jun 1, 2006 0:35 UTC (Thu)
by jhardin (guest, #3297)
[Link] (2 responses)
What does the file format have to do with what macros are or are not allowed to do? The file format only stores the data; it's the *application* that supports a macro language, and allows it to run amok.
Posted Jun 1, 2006 1:02 UTC (Thu)
by Ross (guest, #4065)
[Link] (1 responses)
Posted Jun 1, 2006 4:01 UTC (Thu)
by dwheeler (guest, #1216)
[Link]
Too much imitation. Too much blurring of the line between a document and a program.
Macro virus for Staroffice discovered (Techworld)
Exactly. Macro virus for Staroffice discovered (Techworld)
Why not just do it the WordPerfect way?Macro virus for Staroffice discovered (Techworld)
Wol
Heise in Germany reported on the same "virus" and mentioned that Stardust only runs on StarOffice 5.Macro virus for Staroffice discovered (Techworld)
I see no evidence that this virus can attack current systems. But if it could, one solution to virus propagation is diversity. If there were multiple ODF readers, it was reasonable for users to pick any one of them, and there was a virus attack that worked against one, it's less likely to work against others.
Macro virus for Staroffice discovered (Techworld)
That would only work if it is taking advantage of a bug in a particular implementation. It could be (I have no idea) that there is a fundamental weakness in the file format where, like with MS Office files, macros are allowed to edit other files without prompting the user (the startup prompt is mostly useless because people get used to saying "Yes" on every file they open).Macro virus for Staroffice discovered (Techworld)
> ... a fundamental weakness in the file format where, like with MS Office files, macros are allowed to ...Macro virus for Staroffice discovered (Techworld)
If the format dictates when the macro is executed and what it can do, it affects the security. That's my point. Otherwise it's an application bug/feature.Macro virus for Staroffice discovered (Techworld)
ODF has some program-like capabilities defined (e.g., for graphs), but they are all strictly limited. The way the ODF spec is designed, I doubt there is a requirement that makes it impossible to be secure.
Macro virus for Staroffice discovered (Techworld)