Schneier on Security
A blog covering security and security technology.
« 30,000 People Mistakenly Put on Terrorist Watch List |
| U.S. Immigration Database Security »
December 7, 2005
OpenDocument Format and the State of Massachusetts
OpenDocument format (ODF) is an alternative to the Microsoft document, spreadsheet, and etc. file formats. (Here's the homepage for the ODF standard; it'll put you to sleep, I promise you.)
So far, nothing here is relevant to this blog. Except that Microsoft, with its proprietary Office document format, is spreading rumors that ODF is somehow less secure.
This, from the company that allows Office documents to embed arbitrary Visual Basic programs?
Yes, there is a way to embed scripts in ODF; this seems to be what Microsoft is pointing to. But at least ODF has a clean and open XML format, which allows layered security and the ability to remove scripts as needed. This is much more difficult in the binary Microsoft formats that effectively hide embedded programs.
Microsoft's claim that the the open ODF is inherently less secure than the proprietary Office format is essentially an argument for security through obscurity. ODF is no less secure than current .doc and other proprietary formats, and may be -- marginally, at least -- more secure.
This document document from the ODF people says it nicely:
There is no greater security risk, no greater ability to "manipulate code" or gain access to content using ODF than alternative document formats. Security should be addressed through policy decisions on information sharing, regardless of document format. Security exposures caused by programmatic extensions such as the visual basic macros that can be imbedded in Microsoft Office documents are well known and notorious, but there is nothing distinct about ODF that makes it any more or less vulnerable to security risks than any other format specification. The many engineers working to enhance the ODF specification are working to develop techniques to mitigate any exposure that may exist through these extensions.
This whole thing has heated up because Massachusetts recently required public records be held in OpenDocument format, which has put Microsoft into a bit of a tizzy. (Here are two commentaries on the security of that move.) I don't know if it's why Microsoft is submitting its Office Document Formats to ECMA for “open standardization," but I'm sure it's part of the reason.
Posted on December 7, 2005 at 2:21 PM
• 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Microsoft objecting to open formats? No shit? :)
The EU is also pushing open Doc formats. MS is getting into a hole. It does not want ppl to be able to use the MS file formats without paying for MS products. But any goverment or firm need to be able to read legacy docs etc. MS formats just don't work, or any other closed format. As soon as the readers/writers reach end of life, so does your archive of docs.
But you still need them for leagal reason etc. Most firms that need 100% legacy support normally archive via hardcopy of important things like contracts etc.
This does not leverage modern Tech. MS closed format days are over if they want to stay where they are. And some "open" patented standard won't cut it. Unless others are alowed to wirte readers unecumbered (like PDF's) it just won't do.
The problem is everyone want lots of Bells and whisles. This makes any stardand difficult to implement and even harder to keep secure. I just don't understand why we need excutable code mixed with plain documents....
I really wish they would leave out the scripting stuff in open doc.
I've found Tim Bray's comments on this topic to be illuminating. He's one of the main authors of the original XML spec, and his blog is at:
His commentary and links on the ODF v. Office formats seem mostly to be under his "Microsoft" tag:
(Including a lovely nugget pointing out that Microsoft made 8G$ on revenue of 11G$ on Office last year. Gotta love 70% profit margins.)
The Groklaw web-site (http://www.groklaw.net/) has had a lot of coverage of the Massachussetts ODF decision and, more recently, on Microsoft's decision to coerce ECMA into proposing the Office XML formats into a standard. There was a posting today, and one on Monday, and quite a number of others. These point to various other blogging sources.
I delighted to see that the issue of macros in file formats commonly used as email attachments is now being seriously considered as undesirable.
For years, I have used RTF in preference to MS Word .doc format, for just this reason. I have also encouraged those who communicate with me by email to do the same, though to almost no effect - people who see sense in locking their doors struggle to grasp the issue.
Surely what we need is a document format that, by design, can carry no macros at all (or none affecting anything outside the RAM image of the document), irrespective of the language used. Otherwise, there remains the threat of bugs in the sandbox implementation that could be exploited to transmit viruses.
Non-security related comment:
I wonder what the overall effect of the OpenDocument format will be on Microsoft Office market-share, etc.. Won't Microsoft embrace (or create) an open document format, in the end? By opening such documents with ease, and supporting their creation, Microsoft will be able to say, "We support open documents." Of course, the default file format used in office to save documents would likely remain closed and subject to change.
That way, they can "support" open document formats without actually _supporting_ them.
For a guiding analogy, think of Microsoft's efforts here as a low-speed hijacking.
It would be wrong to let the pirates win.
microsoft is doomed, and young children today will live to see the end. the open source model is inherently superior to the proprietary model in the same way that a primitive monkey with opposable digits is superior to a dinosaur with really big teeth. microsoft is losing a tiny fraction of its market share every day, look at the trendline, not at a single point on the graph.
I don't think so. Big companies and organisations have staying power. Remeber that IBM was the MS of the late 70-'s and early 80's. Now its the champion of OS. Lets hope MS will be the same in 20 years.
Greg, IBM is hardly a noble champion of open source. From what I've experienced with their Websphere portal product, they take free open source software, slap some IBM branding on it, and sell it for big bucks.
Even worse, they add junk that makes their software harder to work with than the baseline open source stuff, which means that you then have to hire IBM consultants just to get everything to work.
Never trust a software vendor that has an army of consultants to feed.
You're preaching open source to the choir. My mom used to work as a secretary in the military for many years. Over those years different document editing software was used, mostly MS based because MS gives the gub'mnt a special break. Many times an outside source has to be used to open an older document because the new improved stuff won't open the old stuff, even if it was only one year old. Funny thing is of all the times I'd visit her at work, I'd tell the officers in charge about using Open Office to create documents with so they wouldn't have to hire someone to translate. Sadly the only response I would recieve is if Open Office can't open all MS documents, then they can't use it. Damned circular reasoning.
Ah, Word macros!
I once helped a young lady submit her resume via hotmail at the community-based computer technology and learning centre I do voluntary work at. Hotmail flat out refused to accept her word document attachment, citing a probable virus threat, and she was getting frantic.
So I saved it as rtf, got it sent off and haven't seen her since, so I assume it got her the job.
Hotmail voting against MSWord document file formats? As most probably virus wrappers! Yep, Microsoft has a lot of faith in their own formats!
And from what I've seen and heard at Brian Jones' blog, I'm not so sure they've managed to get away from that - the /ref directory in .docx is on the surface a good idea, but I'm not so sure it couldn't be subverted to point to a possible malware download site, or a virulent macro, etc. All of which could be cleared up by putting their Office Open XML through the same standards wringer that Open Document Format went through, but Microsoft seem rather shy on that.
yes, m$ft gives the gub'mnt a special break.
i wouldn't mind so much if it were **our** gub'mnt.
unfortunately, it isn't our gub'mnt, it's the RED CHINESE gub'mnt.
somewhere in the hall of heavenly peace, or whatever the f*** they call it, there's a bureaucrat who knows more about the api's than loyal american geeks and he can write compatible apps (if he knew how), because they had to show code to get in there. this has been a longstanding source of irritation for me.
> This document document from the ODF
you repeat repeat yourself
Open Source is not nearly as important as Open Standards.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.