-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/15 14:04, Thisis theone wrote:
> We think macros and other rarely used, but high risk features should be > DISABLED BY DEFAULT in LibreOffice. Since I don't do windows ^1, I can't confirm the statement in the original article that MSO ships with Macros disabled by default. If that is the case, then changing the defaults in LibO/AOo/EO/NO/etc won't make a difference, because the user will enable the macro to run, if only for the specific document. Tom Davis wrote: >So we tend to find the LO and AOO simply don't have as many vulnerabilities and problems. Because LibO, AOo, & EO run on various platforms, I suspect that, as a malware vector, they are less vulnerable than MSO on Windows. By way of example, I can't use JabBib on my laptop, because the version in the official distro repository is incompatible with the specific setup of my laptop. There are two or three other programs I'd like to install, but have similar issues. If I had the drive space, I could install the tool chain required to compile the programs from source code. The apparent increase is insecurity that support for the number of macro languages that LibO & AOo brings, is nullified by the macro writer not knowing what components of that language are available on the target machine. > It's difficult for anyone to find any flaws that can be exploited by writing some nasty macro. At least one "proof of concept" "nasty" macro was publicly released for OOo. I've seen a couple of posts, and articles, that imply that there are some OOo/LibO/AOo ^2 specific macros in the wild, but nothing that can be confirmed. ### ^1: The last time I used MSO on Windows, it took 90 seconds from starting MSO to seeing the Blue Screen of Death. That was with the then current version of MSO on Windows 7. ^2 I don't recall any mention of EuroOffice, NeoOffice, or Android OpenOffice in those articles: * NeoOffice, running exclusively on Mac OS X, can easily accommodate malware that relies on the standard Mac OS X configuration; * Android OpenOffice can easily accommodate malware that targets the Android Operating System; jonathon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUxDFCAAoJEKG7hs8nSMR7+T4QAJB9yBIOl+SWUXey7dwRuIoZ CBdMJXqyB6Uyo1drRTp4sPFBTqOmu+KQYUAQUqLBGBGChCNjTe6tgGzRfd4MBGJQ IVyUrdDDbF46M06Clmn0CQB7CMI0wlDXhFdVnXA2ke7DLSFw51qTD7Bpt9PNm6rT mzIgiRGB58SHrdi4unYWFdrj72VlRpxtNJxo0bRFo7yNG5JkPIsHoNllR9H8+fgb HsAQPXQPKcR7YPQv/gp/iZqe8/aIlMPi+dR7SWl2itRC0h8PHmGMhDKgzlMUs5ph BPGcy3soKCqOxlP4w4q8LfsxHqBXkdN2T/mjSOYxNEx97s7KxtHRR5HrYj/Lyh+s YhhGVB61xCkFYYJnrs5aPu81FIiF5P5t1bkeU7krjbzVhHe4SjH095/WBGgpgpHJ yP8XTI2nACoXRduabWoxOIxTXDAZ9CeqSACs6Fz7aTY2qkgjQU9a473Zf/tQRM1f /p6nxIp4f5KfEJUY/lPva7sStmnng2BdfFVZXFFrTyfIYNp6V3XibT/WG+CXdjz4 BNxVtvQgP3dqJaBeQKk8JVt9bKfnwhzWIi4h3u2Elezdcnx9itvrKNLFQJgJdh6J geukPsIEcSGfYXa8/F9R7kl64fOLuHll8h+NiNG480orFR/IdlKGfFsJDEpQnxnT vi5Hl0n7beJ2CXB3Dne1 =hclh -----END PGP SIGNATURE----- -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
