OpenOffice security is questioned
French researchers pinpoint security issues, but OpenOffice.org says only bug discovered has already been fixed.
OpenOffice has said only one actual bug was discovered, and that flaw has been fixed already. But the research, by the French Ministry of Defense, also points out that many security flaws have already been discovered in Microsoft Office applications, claiming that these are "easily transportable to OpenOffice."
According to the report, titled "In-depth analysis of the viral threats with OpenOffice.org documents," this means that the "general security of OpenOffice is insufficient," Infoworld reported.
The report goes on to counter claims from the open-source community that OpenOffice is inherently more secure than Microsoft's Office products. "The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some... aspects," the researchers wrote.
"This suite is up to now still vulnerable to many potential malware attacks," they added.
The paper was first submitted for publication in April and revised in June. It was accepted in July, when some of the
The paper describes four examples of how malicious code can attack OpenOffice and release hazards. The weaknesses are focused around issues such as the use of Zip files, and in particular the use of macro programming procedures and templates.
Last Tuesday, Microsoft announced it had fixed a number of bugs including one in PowerPoint.
Colin Barker of ZDNet UK reported from London.