Bill,
I think that can offer a lot of protection, but I wouldn't assume that
it's 100%. The Mac versions of Word are reportedly vulnerable to
this same exploit. Obviously the binary executables are different.
If StarOffice mimics a particular function in Word closely enough, for
instance with macros, then it could be vulnerable to certain attacks. My
guess is your strategy would protect against this particular exploit.
STeve's suggestoin to have folks send a separate message alerting the
recipient that an attachment is on its way is really good advice. The
virus can spoof the e-mail headers but won't be able to spoof text in the
style of your correspondents. I hope it doesn't come to secret
passcodes!
/rich
On 12/9/06, Wheeler,
Bill <[log in to unmask]>
wrote:
I've
been using StarOffice 8 as my default app for .doc and .xls files for some
time now, and only use the M$ stuff when I absolutely have
to. Since the code base is completely different (I assume, 'cuz
M$ hasn't sued yet), vulnerabilities shouldn't be
transferable. I've found the files open quite
reliably. And the price is right: free download for ed. users.
--Bill.
Bill Wheeler, Systems Administrator
Michigan State
University Libraries
(517) 432-6123 x 234
[log in to unmask]
-----Original
Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]]On
Behalf Of
STeve Andre'
Sent: Saturday, 09 December, 2006 8:50 AM
To: [log in to unmask]
Subject: Re:
[MSUNAG] Apparently a zero-day attack using Word
is
happening
I've always interpreted that as you don't open
attachments in Windows
unless you know the person you've gotten it from,
*and* you've been
told that the attachment has been send to you by that
person in
another email.
I've been trying to get my users to first
send email to someone
saying "I'm going to send attachment xy", and then
to send
another email with the actual attachment. Using that
out-of-
band communication is I think enough paranoia to get around
a
clever virus that sends poisoned attachments to friends via
an
addressbook.
Given the rather secure nature of Windows at the
moment, I think
this is needed. Agreed that MS deserves a
large whack on the
head for building such a system and then blaming the
users...
--STeve Andre'
On Friday 08 December 2006 12:53, Tom
Rockwell wrote:
> From the MS website: "As a
best practice, users should always exercise
> extreme caution when
opening unsolicited attachments from both known and
> unknown
sources."
>
> What the heck does does that mean? How
do I exercise extreme caution
> when opening a file? Is
that like being careful when I pick up a frying
> pan that may be hot
--- sort of hold my hand close to it and then touch
> it lightly to
see if it is to hot? Am I supposed to click slowly on the
>
file or something? Click on the file, but look away from the
monitor?
>
> I hate the way that Microsoft tries to shift blame
to the user and puts
> out such meaningless statements about
security.
>
> Better advice would be that all users of Word take
the next week off and
> wait for the patch.
>
> /rant
off
>
> -Tom
>
> Cheryl Akers wrote:
> >
Published: December 5, 2006
> > http://www.microsoft.com/technet/security/advisory/929433.mspx
>
>
> > Microsoft is investigating a new report of limited
zero-dayattacks
> > using a vulnerability in Microsoft Word 2000,
Microsoft Word 2002,
> > Microsoft Office Word 2003, Microsoft
Word Viewer 2003, Microsoft Word
> > 2004 for Mac, and Microsoft
Word v. X for Mac, as well as Microsoft
> > Works 2004, 2005, and
2006.
> >
> > Also see
> > http://www.symantec.com/enterprise/security_response/weblog/2006/12/micro
>
>soft_word_0day_under_inve.html
> >
> > Cheryl
>
>
> > Cheryl Akers, MS, CNA - [log in to unmask]
> > Microcomputer
Support - Microbiology and Molecular Genetics
> > 2228C Biomedical
Physical Sciences
> > Michigan State University
> > East
Lansing, MI 48824
> >
> > 517-355-6463
X1514
> >
> > "I try to take one day at a time, but
sometimes, several days attack me
> > at once."
> >
Jennifer Unlimited