back to article Microsoft slapped for Windows-only Office patch

Microsoft has defended its decision to release a Windows-only security patch for its Office program after a researcher warned it put Mac users of the software at risk. Swa Frantzen, in a blog item posted to the SANS Institute's Daily Handler's Diary, said a bulletin Microsoft issued Tuesday violated the company's own position …


This topic is closed for new posts.
  1. Chris C

    Didn't see it

    "'To take an attack against Office of Windows and make it viable against those other two products requires a degree of retooling that frankly we don't see in the security research space right now,' he said."

    He doesn't see the can of Diet Coke on my desk, either. For that case, he doesn't see me. Does that mean I don't exist? I would venture a conservative guess that there are literally thousands of in-the-wild exploits out there for various software packages that the software authors are unaware of. That doesn't mean they don't exist.

    Similarly, most people are probably unaware of the "racing" game (similar to Spy Hunter) hidden inside the original release of Excel 2000 and IE, but that doesn't mean that it's not there.

  2. Anonymous Coward


    I am sure all 3 users are outraged

  3. Adam Foxton


    it's because, as the fanbois are / were so very proud of saying, Macs are utterly hacker-proof even without any protection.

  4. Anonymous Coward
    Anonymous Coward

    Game in Excel???

    I thought that was a Myth

  5. Anonymous Coward
    Gates Horns

    It would take too long to...

    ... fix Office on the Mac as it is fucking broken beyond repair. By far and away it is the worst piece of crapware ever released for the platform, with the one exception being Windows Media Player and guess who coded that complete dog turd.

  6. Anonymous Coward

    But Macs Don't Do Viruses

    Does this mean Macs are just as vulnerable to 3rd party vulnerabilities as their Windows counterparts? Sound like FUD put about to make people buy Windows 7! Everyone knows Macs don't get viruses...or at least that's the word from the Apple fanboys.

  7. Anonymous Coward

    i dont see a problem with this...

    so 1000's of users are protected....

    BUT - apples ARE everything proof??? the appletards keep telling me they are - so it couldnt be a problem for them

    but i am sure all 7 of them will post lots of comments here...

  8. The Fuzzy Wotnot

    Yeah right!

    Sorry but any Mac user with half a brain wouldn't buy MSO for Mac, it's nowhere near as good as the Windows version, a silly example being duplicate removal in Excel, in Win, not in the Mac version!

    If you're serious get Parallels, XP and MSO or dump that and just get OOO, might not be perfect but you get what you pay for and at the price OOO charge, it's a bargain for 90% of Mac office suite users like me!

  9. Grant

    @ Game in Excel???

    It's there i've seen it but it was only in certain versions, no wonder it was so big.

  10. cordwainer

    Macs and Microsoft and viruses, oh my

    Macs have always been vulnerable to MS Office security problems, the old macro viruses being an excellent case in point. This is nothing new. Microsoft's claim that they can't see the Mac version being attacked via the current PowerPoint vulnerabilities is (considering history) frankly bizarre. Those who observe that Office for Mac is a piece of crap are accurate. Microsoft has treated its Mac software as an afterthought for years. Mac users are almost unanimous in their agreement that MS Office 5.1 was the last good version. Beginning with Office 98, it's been steadily downhill for the past 10 years.

    It's interesting to me that the Mac bashers started jumping in at the very beginning here. Rather than contributing anything useful to the discussion, or thinking about the actual topic, they simply began asserting that Mac users were going to claim their computers are "everything proof" or "hacker proof."

    You guys might want to hold off on the automatic-pilot insults and look at the comments so far. Oh, what a surprise. No Mac users saying their computers are invulnerable.

    For the record, I don't use just Macs myself; as a consultant, I make sure have multiple computers, and every OS at my fingertips. On my Mac laptop I run Linux, Unix, Windows XP and Vista, and the Mac OS of course - all of them in both real and virtual (emulation) modes. I'd do the same on my Dell, except it's a PITA to install the Mac OS on a PC, not to mention a violation of Apple's EULA.

    And I run antivirus software on all my OS's, including OS X. Any Mac user with any sense does - and wears seatbelts, and condoms - as they should. Basic computer safety is a must in any OS. My Mac customers all asked long ago if they should have antivirus software installed. I've e-mailed them links to free programs, and also to utilities for removing the two existing Mac Trojans - OSX.Trojan.iServices.A and the OSX/DNSChanger.

    No one who cares about their computer seriously claims Macs are invulnerable to security holes, viruses, spyware, etc. There are definitely a lot of Mac users who let their enthusiasm override their common sense, but they are a minority, and thank goodness their Windows and Linux counterparts are also, despite the majority of the commenters here seeming to be a part of those minorities.

    It's is nonetheless true there are currently only 2 Mac viruses in the wild, and it is quite possible to avoid them even without antivirus software (not the course I advise, as noted). There are a few proof-of-concept ones, and several security holes that could be exploited. There will definitely be more created, especially as ownership of Macs increases. I wouldn't be at all surprised if some of the current Office vulnerabilities result in Mac attacks, and Microsoft's usual arrogance and slothlike response time will likely contribute to the damage.

    But it is also true that the number of viruses that affect Macs will never come anywhere close to the number that plague Windows. The components of Windows that make it so easy to attack en masse simply don't exist in *nix's.

    And to be fair, let's look at the Windows world, where millions of users oddly suffer from a similar belief in their invincibility to infection. They've heard about the hundreds of thousands of viruses and malware programs. But they sincerely believe they couldn't possibly be doing anything on their computer that would expose them to a virus.

    I can no longer keep track of the number of Windows users among my customers who have outdated antivirus software on their machines, or no antivirus software at all. Out of 25 machines I looked at last week, 10 had expired virus software, 12 had none, and 21 out of 25 machines had some form of malware on them. 3 were infected with Conficker (and numerous other viruses). 7 users had never installed ANY Windows updates. Many of them said they didn't think they needed AV software - not an uncommon response. A surprising number I've talked to claim they don't care if they're infected. "I don't have any confidential information on my computer," they say. They truly don't understand about keystroke loggers and botnets and why their machine is crawling and limping and what phishers can do to fool them.

    Numerous surveys over the past 3 years have estimated that perhaps 1 in 4 Windows machines is infected. Some say the number is higher. I'm becoming rather afraid they're right. Whether or not one thinks the Mac is a superior computer is immaterial. The simple fact is the number of infected Macs is maybe 1%. If that. It obviously takes more work and diligence to keep a Windows machine safe, and the users out there don't know what to do, or often even know they SHOULD do anything. They think the computer came to them protected right out of the box, and that it will stay protected forever. They don't really look at what pops up on their screen, including the out-of-date definitions and update warnings. Things pop up all the time, and they don't recognize which are important No one has ever taught them anything at all, so how would they know?

    Those of us who have jobs to do are going to choose the best tools available - and I don't care which OS they run under. Many people don't. They may aesthetically (or kinesthetically) prefer a certain OS or brand of hardware. And let's face it, economics also prevent the majority from owning more than one OS or computer. But in the business world, I see plenty of instances where departments may have several OS's running specifically for specialty or favorite applications. It's very common in the sciences for people to use multiple OS's, depending on what application they need for the task at hand.

    So maybe we could all stop with the childish your-OS-sucks-mine-rules crap, and use the time spent typing rants to help educate our fellow computer users?

    What am I doing to help the causes of fighting OS prejudice and bigotry, and reducing user ignorance? Well, I do a fair amount of free tutoring and teaching. I write step-by-step instructions for downloading antivirus and anti-spyware software, installing it, and having it update and check automatically. I include instructions for manual scans to be done once a week or month, and checks to make sure the programs are working.

    I make sure people understand they don't have to spend any money on antivirus or anti-spyware programs - the free versions out there are great. I've found out (as have companies like AVG and Avast) that money is sometimes the problem. They make free versions available as a public service.

    I and a lot of others try to help educate users as a public service. Users are not idiots. But no one has ever shown them how to use the tool they bought - and no one has ever helped them understand it's just a tool. It's not intuitive. It doesn't think. And they can learn to use it properly. They are not stupid. Ignorance is not the same as stupidity. Ignorance is a function of lack of knowledge. Knowledge can be acquired.

    Those who treat newbies with contempt, who snicker as they reference ID10T errors - those alleged computer "professionals" who treat users with impatience and rudeness - are perpetuating the problem. It has to stop if we're ever going to lick things like viruses and spam and lost work time from errors and glitches that didn't have to happen in the first place.

    Is all THIS relevant to the topic at hand? No, not completely. And that's not like me. I rarely comment at all, certainly never at this length.

    But I'm just so tired of the irrelevant, mindless, adolescent bickering and jerking off of the kind shown in so many of the comments above - and so many of the comments on almost every damned story on this site. I am no longer able to keep my patience intact and my mouth shut.

    I don't care what OS you use. I have no more use for the Mac zealots than I do for the Windows bigots or the Linux loonies. Those terms don't refer to all the users of those OS's - only the ones who keep yelling "my OS is the best, and anyone who thinks otherwise is an idiot," and sneering at "fanbois" and claiming to be "experts" who KNOW ABSOLUTELY that their OS is better than all the others for all sorts of technical and often esoteric reasons that will never affect the majority of users.

    If you seriously think you're the one who has the only "true" insight - if you can say, with a straight face, "My OS, right or wrong!" - you've lost all perspective.

    Maybe the Reg could set up a virtual playground for those who want to enjoy their Windows versus Mac versus Linux mudslinging...move comments of that ilk from the articles to the sandbox...give the trolls a few bridges to hide under...

    and then help the rest of us keep these discussions on topic and potentially useful?

    Sincere apologies for the excess verbiage. End rant.



  11. Chris C

    re: Game in Excel

    Nope, it's not a myth. Microsoft really did program a game inside Excel 2000 (and we all wonder why MSOffice is so expensive). I tried it out just before posting my comment to confirm. From the text file that was sent to me explaining how to access it:


    Excel Racing Game


    A full-fledged game is hidden in the first release of Excel 2000. (It was removed in SR1 and SR2.) Follow these steps to access a racing game similar to Spy Hunter.

    1. Open Excel 2000 with a blank worksheet.

    2. Select File, Save as Web Page.

    3. In the Save As dialog box, choose Selection: Sheet, check Add interactivity, and click Publish.

    4. Click Publish in the 'Publish as Web Page' dialog box.

    5. Close Excel, declining to save the worksheet.

    6. Open Internet Explorer.

    7. Choose File, Open, click Browse, and open the file you just saved.

    8. Click in the spreadsheet, and hold Page Down to go to row 2000.

    9. Click the gray header to select row 2000.

    10. Use Tab to move the active cell pointer to cell WC2000.

    11. Hold down Ctrl-Alt-Shift and click the Office logo in the upper left corner.

    12. If you've come this far, congratulations! Use the arrow keys to navigate, the spacebar to fire, O to drop an oil slick, H to turn on your headlights, and Esc to quit playing.


  12. Anonymous Coward
    Thumb Up



  13. Anonymous Coward
    Thumb Up



    Bravo, that man.

  14. Anonymous Coward
    Anonymous Coward


    I still believe you're just a little bit tilted towards Windows here. OSX and *nix are not invulnerable for sure, they are just waaay less vulnerable than Windows. I've just received an email from a friend who, form what he's describing, it seems he has a serious virus infection on his computer. This is for the second time this year and the guy runs a fully paid commercial anti virus on his PC. Every time I charge him for the work he tries to protest saying "but I'm paying for an anti virus, isn't it supposed to protect my computer ?" What should I tell him, to stop using his computer or to start budgeting for security incidents like these ?

    Anyway I'm on your side here, what's not to love in Microsoft products ?

  15. Anonymous Coward

    "wears seatbelts, and condoms"

    I use both at the same time. One can never be too safe ;)

  16. raving angry loony


    I vote that the cordwainer post be saved, and automatically posted after any comment section starts to devolve into a "my OS is better than your OS" crap fest.

    All hardware sucks. All software sucks. The rest is personal preference.

    My personal preference is anything not made by Microsoft, because that meets my requirements after a rather lengthy requirements analysis. But my preference may not meet your requirements, so I cannot categorically state that my choice is "better" or "worse" than your choice. Assuming you even bothered to make a requirements analysis. Those who didn't yet claim to have the better solution are simply waving their dicks around and talking out of their arse. They are part of the problem, not part of the solution.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022