"Richard M. Smith" <[EMAIL PROTECTED]> wrote: > >>> As long as the patch is ahead of the virus, where > >>> does the accountability really fall? > > I'm curious about one thing. How is the typical home PC user who runs > Microsoft Office suppose to learn that they now need to download a patch > to fix this latest critical security hole in Microsoft Word: <<snip URL>>
And if they do, and are on slow connections, are they (depending on the version of Office in use) really going to bother with first d/l'ing the service pack they will need to be able to install the patch at all? This was a huge problem with MS03-026 and home W2K users. Typically running SP0, they needed to d/l a 125MB service pack to get their machines to a state where they could install the patch. Being online for the 10 to 20 hours (on bogged down modem lines) to get that was entirely unfeasible -- if nothing else, there machine would hang, reboot otherwise go septic from all the Blaster traffic they were trying to get protected from well before the d/l completed... > BTW, I tried downloading all of the security patches for my copy of > Office XP the other day but couldn't. The update procedure requires the > original Office XP CDs which are 150 miles away at my other house. Charming, isn't it. Trust us -- we've fixed all the security flaws! What? You want us to trust that you really are a licensed user so you can install a security fix that addresses something we missed? > For 3 or 4 years now, I've been asking Microsoft for a simple option in > Word to turn off Word Macros since I don't use them. If this option > existed, these ongoing security holes with Word Macros wouldn't affect > me. Any idea why Microsoft refuses to implement this rather obvious and > useful security feature? In Office XP they actually provided it. Well, kinda. You can disable all VBA across the whole Office suite -- as an install time option you can specifically pick out VBA support and set it to "Never install". If you only use Word and PowerPoint (and perhaps just use Excel for very simple things) you should be OK with this (though may find that many of the "wizards" MS salesdroids are so proud of aren't much use...) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
