[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F57225A.27813.C0E50860@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Bill Gates blames the victim
"Richard M. Smith" <rms@...puterbytesman.com> wrote:
> >>> As long as the patch is ahead of the virus, where
> >>> does the accountability really fall?
>
> I'm curious about one thing. How is the typical home PC user who runs
> Microsoft Office suppose to learn that they now need to download a patch
> to fix this latest critical security hole in Microsoft Word:
<<snip URL>>
And if they do, and are on slow connections, are they (depending on the
version of Office in use) really going to bother with first d/l'ing the
service pack they will need to be able to install the patch at all?
This was a huge problem with MS03-026 and home W2K users. Typically
running SP0, they needed to d/l a 125MB service pack to get their
machines to a state where they could install the patch. Being online
for the 10 to 20 hours (on bogged down modem lines) to get that was
entirely unfeasible -- if nothing else, there machine would hang,
reboot otherwise go septic from all the Blaster traffic they were
trying to get protected from well before the d/l completed...
> BTW, I tried downloading all of the security patches for my copy of
> Office XP the other day but couldn't. The update procedure requires the
> original Office XP CDs which are 150 miles away at my other house.
Charming, isn't it.
Trust us -- we've fixed all the security flaws!
What? You want us to trust that you really are a licensed user so
you can install a security fix that addresses something we missed?
> For 3 or 4 years now, I've been asking Microsoft for a simple option in
> Word to turn off Word Macros since I don't use them. If this option
> existed, these ongoing security holes with Word Macros wouldn't affect
> me. Any idea why Microsoft refuses to implement this rather obvious and
> useful security feature?
In Office XP they actually provided it.
Well, kinda. You can disable all VBA across the whole Office suite --
as an install time option you can specifically pick out VBA support and
set it to "Never install". If you only use Word and PowerPoint (and
perhaps just use Excel for very simple things) you should be OK with
this (though may find that many of the "wizards" MS salesdroids are so
proud of aren't much use...)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists