Hi :) I think the LibreOffice macros system is more secure by design. I think it's fair to assume that if LO/AOO have a certain percentage of market-share then we could expect roughly that percentage of exploits. That doesn't seem to be happening though.
Ok, so you could say that it might be better for malware writers to only aim at the most used office suite and ignore the rest even if they have a sizeable percentage of market-share. However, once a macro is written surely it's not immensely difficult to edit it to work in a different program? That doesn't often work either though because the malware written for MS Office relies on specialist knowledge of the flaws in MS Office. LO/AOO simply don't have the same flaws and vulnerabilities. The top priority of LO/AOO is (are?) radically different from the top priority of MS Office. Microsoft's primary goal, as a profit-making company, is to generate profits. They have shareholders who are concerned about the profitability of the company and on the yield returned on the value of their shares. LO and AOO have none of that. Also the way of working is entirely different. With MS each dev is shielded "from knowing too much" about the bigger picture and from knowing too much code around the specific area they are working on. Industrial espionage is a major concern. Also once code is written very few people are going to see it. The emphasis is on the code doing the job and on being written fast enough. Devs toil in obscurity and they can't show a portfolio of their work or hold up examples to a future employer to show off how good they are. With LO and AOO any elegant code is much admired and wins respect and starts to attract a fan-base. The other way around is that kludgy code is an embarrassment to the dev and is likely to be seen by lots of peers. In LO and AOO the devs are like Gods of Rock or celebrities and can show off their work. Also MS has teams of people whose sole job is to take a list of problems that other people have found and then decide which are worth fixing and which they think MS can get away with not fixing. By contrast in LO and AOO tons of people gripe about the tiniest thing and wont let it go until it's been fixed. So we tend to find the LO and AOO simply don't have as many vulnerabilities and problems. It's difficult for anyone to find any flaws that can be exploited by writing some nasty macro. Regards from Tom :) On 24 January 2015 at 14:04, Thisis theone <[email protected]> wrote: > Hello list, > > https://threatpost.com/microsoft-reports-massive-increase-in-macros-enabled-threats/110204 > > http://blogs.technet.com/b/mmpc/archive/2015/01/02/before-you-enable-those-macros.aspx > > We think macros and other rarely used, but high risk features should be > DISABLED BY DEFAULT in LibreOffice. > > What do you think? Is it worth it? > > Thanks.. > > Have a wiser and safer day! > > -- > To unsubscribe e-mail to: [email protected] > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be deleted -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
