On Mon, 2007-05-28 at 18:52 -0400, D. Hugh Redelmeier wrote:
> | From: Akemi Yagi <amyagi@xxxxxxxxx>
>
> | Macros are a useful part of any office suite, allowing users to automate
> | repetitive tasks. These tasks include potentially destructive actions such
> | as modifying and deleting files, which is why macros are of interest to
> | virus writers.
>
> | It is possible in any capable macro language, including those in
> | OpenOffice.org, to write simple 'virus-like' programs. Currently,
> | OpenOffice.org follows industry best practice to mitigate the risk.
>
> The best practice is not to have a macros feature capable of causing havoc.
>
> | However, the OpenOffice.org community repeats the consistent message from
> | security experts that users should never accept files from unknown
> | sources.
>
> That is silly advice.
>
> 1. dangerous things can come (or appear to come) from known sources.
>
> 2. it is common practice to share files and there are good reasons to
> do so. (This is more useful than any macro capability.)
>
> It would appear that the advice is only given to attempt to duck
> responsibility.
>
> The right fix is to the macro feature of Open Office.
>
> I seem to remember that this kind of vulnerability was observed and
> eliminated from troff over 20 years ago.
>
Removing the macro capability would indeed remove the visible capability
in OOo. However the reason that we like, use and want to use computers
is the ability to do more than is possible than on the printed page.
Embedding a macro so that a 3d image of a device being described can be
rotated and viewed from different angles is on example of the use of
this capability. Hyperlinking is another, Java answered the call for
much of the capability, and the Windows authors immediately modified the
JVM to override the decisions which gave the Windows version new and
problematic issues with virus potential.
We are past the stage where the easy answer of "don't support the
feature" is a reasonable response to the problem. However, limiting or
modifying the capability of the macros to do harm may be possible. It
will take more work. Unfortunately, it is possible with any
programmable architecture and the wonderful human brain to figure out
ways to "beat the system", and get it to do new and interesting things.
We call that programming and innovation.
Like mechanical warfare, computation is a battle for the latest and
greatest technology on both sides, and will be so for the foreseeable
future.
I love the challenges, but I do hate having my computers crashed,
taken over, and files deleted. I have experienced all of these in the
last few years, in spite of keeping my virus scanners up to date, using
a rootkit checker, and having used non-admin accounts on Windows. My
solution is that now I run FC6, and the Virus Writers Guild (or whatever
they may refer to themselves) is now beginning the opening volley
against linux. Weaknesses abound, even here, but some features of Linux
will limit attack effectiveness, so I am hopeful that I will find safe
haven by utilizing several of the enhanced features of linux, such as
SElinux, and data partitioning by user and so forth, so that it may be
possible to have greater security and safety on line.
Macros pose inherent problems, but would we want to limit these
capabilities for everyone because there are some bad eggs in the world?
Why not put more effort into the bad egg collection systems?
Regards,
Les H
