I've been using StarOffice 8 as my default app for .doc and .xls files for some time now, and only use the M$ stuff when I absolutely have to. Since the code base is completely different (I assume, 'cuz M$ hasn't sued yet), vulnerabilities shouldn't be transferable. I've found the files open quite reliably. And the price is right: free download for ed. users.
--Bill.
Bill Wheeler, Systems Administrator
Michigan State University Libraries
(517) 432-6123 x 234
[log in to unmask]
-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]]On
Behalf Of STeve Andre'
Sent: Saturday, 09 December, 2006 8:50 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently a zero-day attack using Word is
happening
I've always interpreted that as you don't open attachments in Windows
unless you know the person you've gotten it from, *and* you've been
told that the attachment has been send to you by that person in
another email.
I've been trying to get my users to first send email to someone
saying "I'm going to send attachment xy", and then to send
another email with the actual attachment. Using that out-of-
band communication is I think enough paranoia to get around a
clever virus that sends poisoned attachments to friends via an
addressbook.
Given the rather secure nature of Windows at the moment, I think
this is needed. Agreed that MS deserves a large whack on the
head for building such a system and then blaming the users...
--STeve Andre'
On Friday 08 December 2006 12:53, Tom Rockwell wrote:
> From the MS website: "As a best practice, users should always exercise
> extreme caution when opening unsolicited attachments from both known and
> unknown sources."
>
> What the heck does does that mean? How do I exercise extreme caution
> when opening a file? Is that like being careful when I pick up a frying
> pan that may be hot --- sort of hold my hand close to it and then touch
> it lightly to see if it is to hot? Am I supposed to click slowly on the
> file or something? Click on the file, but look away from the monitor?
>
> I hate the way that Microsoft tries to shift blame to the user and puts
> out such meaningless statements about security.
>
> Better advice would be that all users of Word take the next week off and
> wait for the patch.
>
> /rant off
>
> -Tom
>
> Cheryl Akers wrote:
> > Published: December 5, 2006
> > http://www.microsoft.com/technet/security/advisory/929433.mspx
> >
> > Microsoft is investigating a new report of limited �zero-day�attacks
> > using a vulnerability in Microsoft Word 2000, Microsoft Word 2002,
> > Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word
> > 2004 for Mac, and Microsoft Word v. X for Mac, as well as Microsoft
> > Works 2004, 2005, and 2006.
> >
> > Also see
> > http://www.symantec.com/enterprise/security_response/weblog/2006/12/micro
> >soft_word_0day_under_inve.html
> >
> > Cheryl
> >
> > Cheryl Akers, MS, CNA - [log in to unmask]
> > Microcomputer Support - Microbiology and Molecular Genetics
> > 2228C Biomedical Physical Sciences
> > Michigan State University
> > East Lansing, MI 48824
> >
> > 517-355-6463 X1514
> >
> > "I try to take one day at a time, but sometimes, several days attack me
> > at once."
> > Jennifer Unlimited
