Benjamin Huot wrote: > Its true I don't understand all the ins and outs of this as I am not a > programmer, but I am very paranoid about losing my data, so I am not > willing to risk possibilities even. I know that I can click "no" when I > open up a file with macros in it so it won't execute and that I can set > an setting in the options to keep macros from executing at all, but that > won't work for my uses. And I realize that the default branch of > OpenOffice.org does not yet and has no plans to include VBA support. > Again, this will not work for my uses. OOo will never have a complete VBA support but there is some work ongoing to have "some" support in the future because people are demanding for it.
Of course we all like to praise the advantages of OOo over the competition but on the other hand these should be real advantages not only apparent ones that people in the know can easily spot as invalid. The absence of a feature only could be an advantage if the presence of it created a problem that is bigger than its benefits. I doubt that this is true for VBA support in OOo. OOo has its own Basic and this is as vulnerable as VBA is. The vulnerability is a general problem of scripting languages that are supposed to allow "real" work like access to the local file system etc. Please note that I'm not talking about vulnerability caused by implementation bugs (the typical kind of security holes that is in the news so often these days). The susceptibility to malicious code is an inherent "feature" of powerful scripting languages because the same code can be "good" or "evil". So at this level security is a matter of trust. Executing unknown macros can cause damage to your system as the execution of unknown binaries can do. You should know who created the applications you install or the the macros you run and you should trust these people. The difference between OOo Basic and VBA wrt. security is that at least until now there are no known OOo Basic based viruses in the wild and that most infection methods only work on Windows so that executing them in OOo on e.g. Linux will fail to infect the system. OTOH also VBA viruses aren't a big threat anymore nowadays as the existing means to prevent their execution easily (that are more or less the same in OOo and MS Office BTW) are good enough to make this kind of viruses inattractive for the bad guys. Other intrusion paths are more "promising". So having VBA support in OOo wouldn't change much wrt. security. I know and understand that people often don't understand technical argumentations like mine outlined above. So I understand that some people might "feel" better not to have VBA support in OOo. I assume that any future support will be made optional (means: can be switched on and off) and perhaps even can be disabled by default (at least in a "paranoid mode"). If an admin of a larger OOo installation wanted to switch it off for all of his users this would be as simple as nowadays is switching off macro support completely. But please understand that it would be better for OOo if we all tried to talk rational (not emotional) about macro virus threats. Ciao, Mathias -- Mathias Bauer (mba) - Project Lead OpenOffice.org Writer OpenOffice.org Engineering at Sun: http://blogs.sun.com/GullFOSS Please don't reply to "[EMAIL PROTECTED]". I use it for the OOo lists and only rarely read other mails sent to it. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
