First OpenOffice Virus, Not In the Wild 169
NZheretic writes "According to APCmag, the first cross-platform OpenOffice.org virus — 'SB/Badbunny-A' — was emailed directly to Sophos from the virus developers. The proof-of-concept virus affects Windows, Mac OS X, and Linux systems and uses different methods on each. It has not yet been seen in the wild. Despite Sun's OpenOffice.org developer Malte Timmermann's claims to the contrary, this kind of embedded scripting attack represents a real threat to OpenOffice.org users. Back in June 2000 when Sun first announced the open sourcing of OpenOffice.org, the twelfth email to the open discussion list put forward a two-part solution for providing OpenOffice users with Safe(r) Scripting using restricted-mode execution by default and access by signed digital certificates. In October 2000 the issue of treating security as an 'add-on' feature rather than as a 'system property' was again raised. Is it time to now introduce such measures to the OpenOffice.org Core to greatly reduce any future risk from scripted infections?"
The real solution (Score:5, Insightful)
Documents shouldn't run code (Score:4, Insightful)
Imagine how few viruses and trojans there would be if requiring script was the exception rather than an unfortunate rule.
Oh well, we can all dream.
Re:The real solution (Score:5, Insightful)
Re:The real solution (Score:4, Insightful)
Why must Sun (Score:4, Insightful)
Copy even Microsoft's mistakes?
I mean, really. We've known about macro viruses for 20 years, and the danger of putting executable code in documents for about the same, and yet, in 2007, an open-source application, backed by a major UNIX vendor is released with this vulnerability?
Apparently many eyes do not make bugs shallow. I guess the community was asleep at the switch. Or maybe, something in the process is broken. Or maybe Sun just doesn't care.
Now, lest you think this a troll, consider: Security and virus immunity have been a big selling point for open source systems. Until now. Sun is a large player in the open source arena, and this makes everyone else - secure or not - look bad. Security was the major selling point for OO, and now that it's questionable, I'm not sure where Sun is going to go with this: they can't compete with Microsoft on features, OO is far from a universal standard (which means you're going to be plagued with interoperability issues), and OO's last major selling point is that it is free as in beer.
Re:yet another bogus Linux 'virus' story .. (Score:3, Insightful)
Getting write and execute permissions is a concern. Because they wider the Linux audience, the more people will want to double click on an attachment to see the 'dancing ponies' or whatever.
Sad, but true.
Most people don't work in financial companies (Score:3, Insightful)
You are correct that vulnerable functionality should be in a protected wrapper. However, this will simply reduce, not eliminate shenanigans. Clever monkeys will still find a way.
Re:The real solution (Score:3, Insightful)
And that, of course, is almost directly related to the fact that the MS file formats are closed. With an open format like ODF, scripts for importing data aren't critical, since it's quite easy instead for a program to export it in the proper format, or to write an external script or program to transform data into ODF format. After all, it's XML.
Unfortunately MS has trained industry to rely on scripting to do basic things that should be done in other ways, just for the sake of not having to divulge file format details.
But in any case, I agree with the opinion expressed elsewhere in the comments that scripting isn't inherently bad, but it should be limited in ability by default. If a company needs unprotected scripting so badly, I don't see why their IT department can't just deploy it with the correct defaults.
Re:The real solution (Score:2, Insightful)
Many people get viruses (appearing to come) from well known trusted sources, so this advice is wrong.
The correct thing to say is:
Don't open unsolicited attachments or files, ever .
If in doubt, speak to the sender and confirm its validity.
Re:saving Grandma from Linux .. (Score:1, Insightful)
Re:So what's this virus going to do again??? (Score:1, Insightful)
because we all uninstall everything we don't use right? you fail to see that they can be written to use other apps, this just happens to use mirc or xchat.
never underestimate a determined thief.
Re:The real solution (Score:3, Insightful)
Re:OO already does that. (Score:5, Insightful)
virusscanner bloat (Score:3, Insightful)
meanwhile, our computers get slower and slower. virusscanners eat up lots of resources and become ever slower. I recently noticed clamav takes 13 seconds to scan an infected
wouldn't it be time that antivirus companies slim down the signature lists a bit. of course it is cute to boast a "number of signatures" above 100.000, but who is really getting benefit from the scanning of all those hypothetical viruses?
Not just finance companies - even departments (Score:4, Insightful)
Those departments don't always fancy calling the IT department when they have an IT requirement - particularly if it doesn't seem that complicated. There is always someone in the department who knows their way around Excel (and possibly Access) better than any of their colleagues. So they cobble something together in some 'orrible mess of VB macros linking who knows what files, referential integrity or scalable design be damned.
Were you to audit any sizeable business for spreadsheets made somehow interactive with scripts and badly designed databases thrown together in Access, I guarantee you'd be amazed and disturbed in equal measure. And you really don't want to start trying to figure out which ones have somehow become critical to the business.
This has been going on for years. Try taking that functionality away today, you might as well suggest replacing their computers with slide rules.