OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Office Worm?

Thomas Zander <zander@kde.org> wrote on 06/13/2007 07:15:34 AM:

> Just a little comment; the unix wisdom is to never ever allow code to be
> shipped in the same container as data. This basic principle is violated
> and thus you can wait for such problems.
> IMO its not just the media that makes an issue about this as the majority

> of users will always answer 'yes' if they want to continue opening
> something. So while your blog is technically totally correct, the media
> is also totally correct that this is a real issue.

Certainly it is a real issue, though it is one that affects MS Office no
less (and probably more) than Open Office.  The basic problem is very deep.

Users expect to be able to construct extensions to documents and send them
along with the documents.  However, most documents are transmitted without
any authentication or even integrity checking.  There's not going to be a
lot of security available as long as both of these statements are true,
using conventional programming or scripting languages,

There is another possible approach, which involves constructing and
standardizing a programming language that is designed for different levels
of trust in the sender, including no trust at all.  With such a language,
you can allow a reasonable class of "harmless" extensions even in untrusted
scripts, while using authentication mechanisms (such as PGP or S/MIME) to
offer more capability to trusted scripts.

I've been a fan of the latter approach since the early 90's, when I
developed several languages that had these characteristics.  (The languages
were geared for email and MIME structure, but could work similarly for
general documents and XML structure.)  For those who are interested, you
can read about them at:


Standardizing one or more such languages would be a major contribution, but
also a whole lot of work.

Finally, just a brief comment on this line from Malte's blog:

> Users shouldn't run macros from unknown sources, same like they
> shouldn't run any programs or other scripts from unknown sources.

Of course they shouldn't.  But they do, and they will.   We'll never
perfectly train our users, but we could substantially reduce their
opportunities for inadvertently harming themselves.  -- Nathaniel

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]