[LINK] OpenOffice.org less secure than Microsoft Office?

[rchirgwin at ozemail.com.au]

Karl,

Karl Auer wrote:

>On Wed, 2006-07-19 at 21:15 +1000, rchirgwin at ozemail.com.au wrote:
>  
>
>>Like Karl, I can't read French. But I can say this: anyone can easily 
>>defeat any attempt on their Office suite, whether Open or MS. If the 
>>software can't see the Internet, it can't be attacked from the Internet. 
>>So if the firewall says "OO.exe has no Internet access" or "word.exe has 
>>no Internet access", then hackers to either suite can do as they please 
>>and not bother me.
>>    
>>
>
>I'm not sure that makes sense, Richard.
>
>Most attacks destroy something unrelated to the vector they came in on.
>A firewall can't identify an application (in general), it identifies and
>supervises protocols. Any application can use any protocol. The more so
>if it is hacked :-)
>  
>
A reasonable personal firewall on a PC identifies the application trying 
to use the network. In ZoneAlarm, then, the rule simply says "Word has 
no Internet access". Thunderbird has access to the "trusted zone" only, 
with one external IP (the ISP mail server) added to the list of trusted 
addresses. Yes, this is incomplete; there's a NAT in the DSL modem and 
other sundry bits.

>A firewall *in the operating system* could perhaps identify applications
>as you suggest, but this would only be useful if the operating system
>ran at a higher privilege than the applications (otherwise the
>application could simply turn off or modify the firewall).
>
>Security flaws in an application like Word or OO are typically not
>something a firewall can "see" or mitigate anyway. They are in things
>like  macro capabilities. 
>
Yes, but the impact is mitigated if the infected application can't 
communicate with the network.

You're right, there's more than my off-the-cuff last night. But it still 
stuns me that people could still get hit by these things ...

RC