[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openoffice-users
Subject:    RE: [users] OOo and viruses?
From:       Reiner Pietrzak <reiner.pietrzak () piecom ! de>
Date:       2002-05-31 17:13:50
Message-ID: 20020531.17135046 () mis ! configured ! host
[Download RAW message or body]

Dear George, dear Anton,

>>>>>>>>>>>>>>>>>> Ursprüngliche Nachricht <<<<<<<<<<<<<<<<<<

Am 30.05.2002, 19:49:23, schrieb "George Wolf" <gandawolf@starpower.net> 
zum Thema RE: [users] OOo and viruses?:


> In biological virology, there is a concept of anticipatory vaccine
> development. It so happens that certain characteristics of the influenza
> virus can be predicted, and a suitable vaccine deployed in advance of the
> epidemic.

> ..

> A fault tree could easily be used to find the holes in OOo before they 
cause
> anybody any damage. I worry that Microsoft either never used security 
fault
> trees, or decided they were too expensive. I knew programmers worried 
about
> VBS macro viruses (viri in Europe?) long before the first one showed up. 
I
> hope we of the OOo community prove to be smarter.

> ..

>>>>>>>>>>>>>>>>>> Ursprüngliche Nachricht <<<<<<<<<<<<<<<<<<

Am 31.05.2002, 14:40:03, schrieb "Anton J Aylward, CISSP" <aja@si.on.ca> 
zum Thema RE: [users] OOo and viruses?:

> ..

> How do I do this and stay "safe"?
> Well, no-one is absolutely safe.  I suppose I could, as some people
> have, get Hepatitis from a contaminated blood supply after being
> involved in a bad car accident.  But I try to drive carefully  ;-)

> There are many sources on what not to do
>   - Don't open attachments
>   - Don't let your e-mail browser automatically run attachments
>   - Don't let your rendering s/w automatically run scripts in HTML
>   - DON'T run ActiveX downloads NO MATTER WHAT!
>   - Set your WP to NOT automatically run macros
>       (actually I never run macros)
>   - Run a kernel that blocks buffer overflows
>   - Don't run untrusted tasks with high (root) privilege.

> Does this seem restrictive?  Of course!  Think about the corresponding
> rules for not contacting a STD.  Some of them are going to impinge on
> your "fun".  If you define "fun" that way.

> I don't find downloading the latest "toys", screen-savers and animations
> to be "fun".  YMMV.

> This is realy about Risk Management.  What risks are you willing to
> accept and what are you willing to assign?   

> ..

> What do I run on my network?  I run a spam filter.  I run an advert
> filter. The former is built in to procmail.  Occasionally it tells me I
> have something that looks like a virus.  How come?  Well go look at the
> Junkfilter site.  The advert filter is built into a caching proxy, which
> of course helps my web browsing.

> I don't run a public web server or public mail server on my machine.

> Of course this doesn't offer absolute protection.  Nothing does, don't
> kid yourself.  But what it comes down to is, as I say, Risk Management.
> I've decided never to run macros.  PERIOD.  If you think macros are a
> real neat thing and want to run them, then all power to you, but
> recognize that you are exposing yourself to a risk.

> Stop thinking that there are some absolutes, that the universe is
> inherently benign.

> ..

I can only back your opinions concerning macro language in Ooo. It should 
be absolutely transparent to the end user, whether macros are activated 
in his actual environment or not and what risks he is about to expose 
himself to.

But the first step should have been if not already conducted by the 
developers is a risk study of Ooo's supported macro language and 
programming API concerning security against virus attacks independent 
from additional personal measures to reduce risks. I also hope SUN 
officials have some opinion about this and I would like to hear something 
about that before I recommend OOo/SO to customers.

Thanks for reading,
Reiner Pietrzak 



[prev in list] [next in list] [prev in thread] [next in thread]