-----BEGIN PGP SIGNED MESSAGE-----
On 24/01/15 14:04, Thisis theone wrote:
We think macros and other rarely used, but high risk features should be DISABLED BY DEFAULT in
Since I don't do windows ^1, I can't confirm the statement in the
original article that MSO ships with Macros disabled by default.
If that is the case, then changing the defaults in LibO/AOo/EO/NO/etc
won't make a difference, because the user will enable the macro to run,
if only for the specific document.
Tom Davis wrote:
So we tend to find the LO and AOO simply don't have as many
vulnerabilities and problems.
Because LibO, AOo, & EO run on various platforms, I suspect that, as a
malware vector, they are less vulnerable than MSO on Windows.
By way of example, I can't use JabBib on my laptop, because the version
in the official distro repository is incompatible with the specific
setup of my laptop. There are two or three other programs I'd like to
install, but have similar issues. If I had the drive space, I could
install the tool chain required to compile the programs from source code.
The apparent increase is insecurity that support for the number of macro
languages that LibO & AOo brings, is nullified by the macro writer not
knowing what components of that language are available on the target
It's difficult for anyone to find any flaws that can be exploited by
writing some nasty macro.
At least one "proof of concept" "nasty" macro was publicly released for
OOo. I've seen a couple of posts, and articles, that imply that there
are some OOo/LibO/AOo ^2 specific macros in the wild, but nothing that
can be confirmed.
^1: The last time I used MSO on Windows, it took 90 seconds from
starting MSO to seeing the Blue Screen of Death. That was with the then
current version of MSO on Windows 7.
^2 I don't recall any mention of EuroOffice, NeoOffice, or Android
OpenOffice in those articles:
* NeoOffice, running exclusively on Mac OS X, can easily accommodate
malware that relies on the standard Mac OS X configuration;
* Android OpenOffice can easily accommodate malware that targets the
Android Operating System;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
To unsubscribe e-mail to: firstname.lastname@example.org
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Impressum (Legal Info)
: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (MPLv2
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our trademark policy