French LtC Eric Filiol claims OpenOffice is more dangerous than Microsoft Office… the defects were designed into the product… and no antivirus software can protect it.
Over the last year, LtC Filiol and his team at the Virology and Cryptology Laboratory a Ecole Supérieure et d’Application des Transmissions (VCL-ESAT) built several self-replicating logic bombs and trojan horses. Then they unleashed them against both products.
Filiol’s crew found it was particularly susceptible to malicious macros. OpenOffice considers macros safe by default.
Before you start complaining about the unfairness of it all, consider Filiol himself. He’s the Head Scientific Officer at France’s Army Signals Academy Virology and Cryptology Laboratory.
At EICAR (the European Institute for Computer Anti-Virus Research), he demonstrated how malware developers can easily force most commercial antivirus software to divulge its virus detection patterns. Then, by simply changing a couple of bytes of code, they build av-proof viruses.
To beat the black hats, Filiol & Co. prototyped a new, Boolean-based malware detection pattern. He followed that with his own combinatorial, probabilistic malware pattern scanning scheme, which he crafted to defy hostile analysis by malware developers and foil their antivirus bypassing tricks.
Filiol clearly knows his stuff.
Presumably, the man applied the same intellect to probing OpenOffice (a product the government of France dearly loves) and Microsoft Office (a product made by filthy Americans therefore despised by the French bureaucracy).
To reiterate, OpenOffice lost.
Filiol attributes the failure to OpenOffice’s youth. Its developers focus on features to the detriment of security. [Curious. Most security folk say the same thing about Microsoft Office and Windows and IIS, etcetera, etcetera, etcetera.]
But OpenOffice will get better, if only because the French and German governments need it. They’ve saved millions of euros by avoiding Microsoft’s licensing schemes, and discovered the comfort found when replicating systems or adding new programs, without worrying over piracy charges.
Doggone it, Europeans have become accustomed to software freedom. And as you know, once something becomes a habit, you don’t change easily. You just deal with any headaches as they pop up. In the past, software habits worked to Microsoft’s advantage.
Today? Not so much.
2049
5 comments
Comments feed for this article
July 21st, 2006 at 6:59 am
Pingback from Rolas de Aztlan » Re:Mix Friday #9: Double-O
July 24th, 2006 at 9:56 am
Gandalf
“OpenOffice considers macros safe by default.”
That’s just wrong!
By default, OpenOffice asks confirmation for running untrusted macros, and there’s NO trusted source by default.
Please check your facts before asserting such things.
July 24th, 2006 at 10:24 am
BJ Gillette
Hi Gandalf. Thanks for the correction. Much appreciated.
July 25th, 2006 at 3:39 pm
Limulus
Here’s the OpenOffice.org response to the ZDNet.fr article:
http://www.openoffice.org/security/response_to_defence_ministry_leak.html
—
Response To The French Ministry of Defence Report Leak
2006-07-20
There has been comment in the media about a report on a French language website: “Le ministère de la Défense met OpenOffice à l’index”
The ZDNet article claims to describe the proceedings of a confidential meeting within the French public administration. It is not appropriate for the OpenOffice.org community to comment on a leak from a private meeting. However, one of the people mentioned in the article, Eric Filiol, has posted two replies to the online article clarifying the purpose of the research and correcting some of the incorrect conclusions in the original article.
The OpenOffice.org office suite is being widely adopted within the French public administration, and the OpenOffice.org community has been working closely with the departments involved. OpenOffice.org is pleased that its source code is being scrutinised by the most important and respected department of security in France.
If security vulnerabilities are suspected, there is a well defined procedure within the IT industry for reporting, analysing, and resolving any issues, which aims to minimise any public announcement (and the resulting creation of exploits) until fixes are available.
The OpenOffice.org community confirms it regards security as of the highest importance and will react immediately to any security issues reported by the French public adminstration or other competent bodies or individuals.
-The OpenOffice.org Team
—
July 25th, 2006 at 4:49 pm
BJ
Hi Limulus.
Despite comparing today’s macro-virus weakness in OpenOffice to Microsoft Office, circa 1995, Eric Filiol’s comments on ZDNet.fr line up pretty well with the point I’ve been trying to make… To wit, there are plenty of excellent reasons to run OpenOffice.
This security cloud will quickly pass. Let us know as soon as the fix is published. We’ll do what we can to help get the word out.