[plug] Duck and cover, new MS-Office vulnerability

Craig Ringer craig at postnewspapers.com.au
Thu Sep 4 17:10:32 WST 2003


>>Given some time and the popularity of OpenOffice we might be cursing
>>their software in the future and applying regular security fixes.
> 
> Might be. The odds are very much in OOo's favour since *everything* in 
> MS-Office is a bolt-on afterthought, whereas OOo (StarOffice in a 
> previous incarnation) was planned from the ground up in a structured 
> fashion.

?!?

I must say, it sure doesn't feel that way from the UI. Haphazard would 
be my chosen description. Then again, it is trying to be like MSO :-P . 
I can't claim much knowledge of the innards, so I can't comment on the 
internal design - I'll have to take your word for it.

OTOH, it definitely does the job well, and (thankfully) it's a bit 
harder to accidentally rearrange toolbars, keyboard shortcuts, change 
charsets/languages, etc than in MSO. I have the weirdest problems with 
Office2k here, where some user has accidentally hit CTL-ALT-(somekey) 
instead of CTL-(somekey) and switched to French spelling, or changed 
keyboard layout (but just for Word!) or some similar strange thing. 
Fixing accidentally hidden/closed/rearranged toolbars is a daily chore. 
I'm delighted with the way you can't just grab a toolbar accidentally in 
OO.o .

I do wish OpenOffice shipped with scripting & macros disabled by 
default, too. You'd think that MS would've been a strong lesson there - 
even if you think your scripting support is secure, disable it by 
default. Hmm... (goes issuezilla hunting).

Craig Ringer




More information about the plug mailing list