What is Digg?Sponsored by Dragon Age: Origins
See the new YouTube feature trailer for Dragon Age: Origins view!
youtube.com/DragonAge - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
18 Comments
- tgraham, on 10/12/2007, -4/+18The real point of this whole episode is not that OpenOffice is vulnerable; rather, that we shouldn't be so 'smug' about open source 'immunity' to virus'. No coder is perfect, and whilst the idea that many eyes make for better programmes might be true, there are clear examples where bugs do slip through.
Indeed, if it's so easy to guard against, why haven't they fixed the problem? - lnxaddct, on 10/12/2007, -3/+15tgraham,
There is *nothing* to guard against. OpenOffice.org has scripting capabilities, they utilize full programming languages (like java, python, javascript, etc...). You can program *anything* you want in these languages, literally. Someone decided to write a macro that loaded a porn image and displayed it. Before any macros are ran, OOo asks you if it is okay to run because it is from an untrusted source (you can add trusted sources that digitally sign their macros). This is not a virus mainly because because it doesn't replicate and spread itself without human intervention. It is not a vulnerability, because it is just another program, and you have to specifically allow it to run. Nothing is exploited here, no "holes" are being taken avantage of. This is all just silly. It is akin to claiming that python is a virus or a vulnerability because I can write a program that is able to remove a file from your harddrive. - tgraham, on 10/12/2007, -4/+12Don't think I've ever read a more stupid suggestion.
- ThugEsquire, on 10/12/2007, -4/+11Exactly. If "debunked" means "nothing new and easy to guard against," we'll next be hearing "Windows spyware debunked by experts."
- TubaTechno, on 10/12/2007, -4/+10Most if not all the Windows viruses and spyware is easy to guard against too....whats the big deal?
- brandizzle, on 10/12/2007, -2/+7I don't get it. How's it a virus?
It's running the macro that you gave it permission to run....it isn't its fault if you told it to download porn. - theone3, on 10/12/2007, -5/+9I wish I could "Mark this as in-acute."
Virus = Virus. The payload is not important. Malicious intent was carried out through exploitation of an application. That is a virus. Any attempt to 'debunk' this virus by complaining about the language it was written in, the function it served, or the specific malicious intent, is simply a finicky and misguided attempt at creating an unwarranted spectacle. - gotamd, on 10/12/2007, -2/+6Wait, it's debunked because it's "nothing new and easy to guard against"? That sounds like most computer viruses to me. People manually run files that contain viruses all the time too. Human stupidity applies to all software, not just Microsoft's.
- gahzinia, on 10/12/2007, -6/+9It automatically downloads pr0n? And it automatically opens it for me? I fail to see how that could be bad. That's a feature, not a vulnerability!
- kandresen, on 10/12/2007, -1/+4Even though it may not be thought of as that critical, it is more likely that a user run a macro virus in a document they receive than run a python/bash/perl/etc. shell script.
What if we created a unprivileged user for macro processing that is different from both the user and the open office install user? A document with macro could the loaded in memory only for that macro user and hardly anything could be done outside of the memory loaded (+temporary files) that belongs to the macro user. - cliffzdude, on 10/12/2007, -1/+3Consider it a proof of concept virus.
From the article:
"Pitonyak did go on to say that, in theory, "An OpenOffice.org virus can be just as bad as an MS Office virus. I have seen some people claim that you could not write a virus using OOo, when in fact, it is no more difficult than any other platform." Pitonyak suggested that a true macro virus could use StarBasic's file and directory handling capabilities to trash a hard drive. Alternatively, it could include binary data that could be written to disk, then run, or download binary data from a web site. In the last two cases, he explained, "the macro is merely an infector for the real virus.""
Bottom line, OpenOffice has macro cabability that can be, and probably will be exploited just as Microsoft Office has macro capability that can and is exploited. - inactive, on 10/12/2007, -2/+3Ah...Kaspersky Labs is in the news again for stupid things...what a surprise. They *always* seem to create controversy over something meaningless or "suddenly" discover a huge gaping hole somewhere...it's all lame advertising for their crappy Anti-Virus product.
- kandresen, on 10/12/2007, -1/+2Just an added comment. Most macros seems to be related with the document itself - guiding the user in filling out a form, etc. But if a document needs to access other resources, then we could load the external files as part of a project. Warnings when a macro tries to access a file / mail server / web, or similar, could also be enforced to all resources outside of a project - OO document tries to access external resource ___ Are you sure you allow this...
- Opening, on 01/21/2008, -0/+0You can download Open Office software suite bundled with microsoft excel and powerpoint alternatives plus anti-virus software at http://officesoftwaresuite.com
- ViceVirtue, on 10/12/2007, -12/+6It is a silly idea... but tgraham is being overly harsh
- MrKoopa, on 10/12/2007, -8/+1Omg OMGSH Thats awerfsdfv
- Sukino, on 10/12/2007, -9/+1It downloads an image file (with adult content) from the Internet and then opens this file in a new document.
classic - simoncoul, on 10/12/2007, -19/+5I bet anyone money that MS made this virus as OO.o is starting to gain more main stream attention!
© Digg Inc. 2009
— Content created and posted by Digg users is