Re: Press reports regarding "SB/BadBunny-A" virus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



| From: Akemi Yagi <amyagi@xxxxxxxxx>

| Macros are a useful part of any office suite, allowing users to automate
| repetitive tasks. These tasks include potentially destructive actions such
| as modifying and deleting files, which is why macros are of interest to
| virus writers.

| It is possible in any capable macro language, including those in
| OpenOffice.org, to write simple 'virus-like' programs. Currently,
| OpenOffice.org follows industry best practice to mitigate the risk.

The best practice is not to have a macros feature capable of causing havoc.

| However, the OpenOffice.org community repeats the consistent message from
| security experts that users should never accept files from unknown
| sources.

That is silly advice.

1. dangerous things can come (or appear to come) from known sources.

2. it is common practice to share files and there are good reasons to
   do so.  (This is more useful than any macro capability.)

It would appear that the advice is only given to attempt to duck
responsibility.

The right fix is to the macro feature of Open Office.

I seem to remember that this kind of vulnerability was observed and
eliminated from troff over 20 years ago.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux