Saturday, August 19, 2006

Getting Closer to Microsoft (for purely defensive purposes)

“Deluge of flaws” being found in Office

You are not going to see much in here that’s all warm and fuzzy on the subject of Microsoft, or even particularly friendly. But let’s be practical, everybody uses their stuff. And it’s because of that fact that this is bulletin is important, nay, crucial.

Ziff-Davis’s E-Week reports that:

"What started as an amusing eBay listing of an Excel vulnerability for sale has developed into an all-out hacker assault on Microsoft Office applications.

"Security researchers and malicious hackers have zeroed in on the desktop productivity suite, using specialized 'fuzzing' tools to find a wide range of critical vulnerabilities in Word, Excel and PowerPoint file formats."
("Fuzzing tools”? You mean, marketing? No, eWeek explains,)
"Fuzzing, or fuzz testing, is an automated technique used by researchers to find software bugs."
The article points out that as Microsoft (belatedly) got serious about security vulnerabilities in Windows, hackers and hence security researchers have moved up the software ecosystem to go after “the low-hanging fruit” in applications. Well, there ain’t any bigger trees in the orchard than Word, Excel and Powerpoint, which were originally put together with the same oblivious attitude to security as the OS.

In short, what this means is that in order to keep our lives simple, we’d all better keep in touch with all the bug fixes, "service packs," etc., for Office from the E-Empire. (That “E-“ is for “electronic” – no, honest! ; - )

(…half an hour later:) Oooh, boy, is my head spinning. Well, try this, bravely found by starting at, Gawd help us:
Security and Office: Find out how to help protect your data

This page was obtained by clicking Office under Product Families in the navigation column at left, then typing “security” into the search box. (I’m specifying all this as a disclaimer, since there’s an awful lot of stuff there, and who knows what’s the most recent and comprehensive.) There are, naturally, thousands of rabbit holes there you could disappear down, so if you’re a masochist with a week or two to spare, have at it!

Here's a case where you really might be better off hiring a professional to at least get you set up with this. (No, we don't do that; this is not a subtle sales pitch.) It'll cost you, true, but it beats the hell out of having your computer taken over by zombies, spending long hours trying to get it exorcised, and losing all your data (because few are those who back theirs up).

Just a sec -- here we need to say, BACK UP YOUR COMPUTER! This weekend! At least just copy all your own files onto CDs, preferably rewritable CD-RWs. (There, now you can't say nobody warned you, okay? And we've done our duty as digital citizens.)

No comments: