Tille - I can see you, read those man pages!   Tille's Site

The dangers of using MS Office

MS Office (Word, Excel, PowerPoint) is a breading ground for viruses and information theft. Consider switching to a safe substitute like OpenOffice.

  • 94% of all computer viruses come in the form of auto-executing macros in MS Word, Excel and PowerPoint files. Opening any one of these three files from an email can infect your computer. Once infected, every new document created will have the infection. This happens because the default "blank" document that is used to create any new file is infected. This file is called normal.dot. At a minimum you should disable auto-executing macros or at least set the option to prompt you before running them. You can get more information about viruses at www.sarc.com

  • MS Office stores hidden data in your files that you don't see when viewing or editing the document. This includes the change history, the people that edited the file and the dates that they made the changes, etc. This can be very damaging from many perspectives and can include unexpected meta data from portions of the disk that weren't written over when the file was created. For more information see this article on the BBC News site:

    http://news.bbc.co.uk/1/hi/technology/3154479.stm

  • From the document: "Computer researcher Simon Byers has conducted a survey of Word documents available on the net and found that many of them contain sensitive information. He gathered about 100,000 Word documents from sites on the web and every single one of them had hidden information. In a research paper about the work Mr Byers wrote that about half the documents gathered had up to 50 hidden words, a third up to 500 words hidden and 10% had more than 500 words concealed within them. The hidden text revealed the names of document authors, their relationship to each other and earlier versents. Occasionally it revealed very personal information such as social security numbers that are beloved of criminals who specialize in identity theft. Also available was useful information about the internal network the document traveled through, which could be useful to anyone looking for a route into a network. Mr Byers wrote that the problem of leaky Word documents is pervasive and wrote that anyone worried about losing personal information might want to consider using a different word processing program. "

  • When sending out a document, consider a safe file format like PDF. This is a read-only format that is cross platform so the recipient doesn't have to have the same software that you used to create it to view or print it. They cannot edit it either as this is a read-only format. Someone with a Macintosh for example, would be able to open, view and print your document in the same formatting that you created it in regardless of the software that they use. You don't have to worry about sending out unintentional information which is why the IRS publishes it's tax forms in this format. Alternatively, you can cut/paste the document directly into your email and avoid attaching a file altogether.

  • Fortunately, there is a good alternative to running MS Office. You can download a free substitute called OpenOffice at www.openoffice.org. This is an open source project that is cross platform and runs on Windows, Macintosh, Linux and others. This software provides work alike equivalents to MS Word, Excel and PowerPoint. They also through in a Drawing program for good measure. They have created an open document file format that is used by default. You can set the default file save format to MS Word, Excel and PowerPoint so that any new documents that you create will automatically save to these formats. This is safe with OpenOffice because although the auto-execute macros are preserved when the document is edited-they aren't executed. Saving the document back will save the embedded macros but you can open these with confidence knowing that OpenOffice won't run this potentially dangerous code. You can set OpenOffice to be the default application for *.doc, *.xls, *.ppt files by right clicking on a file with this extension and selecting the "Open With" and then "Choose Program". Scroll down the list of programs and select OpenOffice. Click the check box for "Always use this program to open these files". This will allow you to leave MS Office installed in case you run into a need for it but will set OpenOffice as the default program for these types of data files. This program has a button on the tool bar to export the document to a PDF file. This is a good option to send out a resume or other legal documents to someone via email.

  • Vendor lock-in. Because Microsoft doesn't document their file formats for Word, Excel, PowerPoint, etc., they hold the keys to your data. You have to use their software to open, view, edit or print any document created. This is partially why the discovery of meta data is somewhat new and the potential exists for other security related issues. Microsoft is going toward an annual subscription software licensing model which will require you to activate your software annually every year to continue using it. This threatens the data that you've spent the last 15 years creating and foreign governments in particular have become very nervous about being so beholden to a foreign company for their public documents. China recently declared that all public documentation was to be stored in public documented file formats and they are using a derivative of OpenOffice and it's native file formats for their document storage. I expect other governments to follow suit. Also keep in mind that MS Office isn't cross platform meaning that not only do you have to use their software but you also have to be running it on their OS, namely MS Windows. This lock-in allows them to hold a gun to your head and demand what they will and has served to cement their position on the desktop. There are good alternatives such as the Apple Macintosh that are threatened by Microsoft's continued threats to drop MS Office support for that platform. So to a large extent, OpenOffice helps restore competition in the computer industry far beyond just Office software. It comes down to who owns your data. Are you handing the keys to your data vault to someone else?

This article was not written by myself. However, the original author is unknown to me.

Home
© 1995-2010 Machtelt Garrels - tille - Powered by vIm - Best viewed with your eyes - Validated by W3C - Last update 20100511