Re: [ANN] "Dbl-Click Won't Open..." Issues

In article <C49E5D33.1729D%john@xxxxxxxxxxx>, John McGhie
<john@xxxxxxxxxxx> wrote:

PROBLEM: The deprecated file formats are not secure.
COMMENT: Disingenuous.
A 'format' is neither secure nor insecure. It is the code that operates
on it that has a security property (caveat: You *can* make a format
easier to deal with securely e.g. digital signature infrastructure, but
that is not the case here). In this case, the 'format' is not in
question, simply a four character piece of metadata that describes the
format. They threw a hissy fit because some webby software got the
*name* wrong for the exact same data format. Brain-damaged or what?

RESPONSE: A responsible citizen at Microsoft realised they would have to
double the cost of Office to make them secure, so they decided to protect
users by disabling the automatic opening of the dangerous old file formats.
COMMENT: You always wave those numbers about. Do you have any numerical
evidence in this case?
Of course they did nothing of the sort. They disabled opening files
whose format had the same *name* as old formats, even though they were
created yesterday, with the latest, greatest, most secure and
environmentally friendly of their *own* products.
SIDE EFFECT: Some stupid users complained because there was a change. They
had to take two extra steps to put their computers at risk.
COMMENT: Not stupid at all, since the action to 'reduce' the 'risk' was
derisory.
RESULT: Microsoft realised that computer companies make more money from
infected computers than they do from good ones.
COMMENT: When did they ever do anything else?
Infected computers work badly or not at all, forcing users to buy new
computers with new software and to buy extra software and to buy expensive
consulting services from people who know how to fix these things. Very
profitable business.

Good computers just sit there and work. It can be years before users buy
anything new. Not such profitable business.

OUTCOME: Microsoft forced the responsible citizen to reverse their work and
put us all back at risk.

MY TAKE: The people who made such a fuss never understood what they were
doing, and they have now put us all at extra risk. All because some
software companies that were not associated with Microsoft were guilty of
sloppy programming.
COMMENT: That is nowhere near the full story. Microsoft software
running on PCs ripped the file type off and threw it away with the
resource fork, because they didn't know any better in the old days.
Some webbish software, being helpful, put one back on. World plus dog
knows this. Filetype has henceforward become universally deprecated,
and routinely ignored. 13 years ago Microsoft said they did not like
their *own* filetype any more. Then did nothing for 13 years. Made an
egregious error in Office 2008. Threw hissy fit. World plus dog laughed
like a drain.
I think this is one of the stupidest things I have seen in computing for
many years.
COMMENT: You are wrong about what was stupid about this. The problem
was miniscule. The 'remedy' was laughable.
Next time someone tries the "wisdom of the crowds" line on me, I will use
this as a perfect rebuttal.
OK, for vanishingly small values of 'perfect'.
It won't affect me -- I have commercial-grade security systems set up on
this computer, and I know how to tell whether a file is potentially
dangerous or not. This must work, because I have not had a virus for the
past 20 years. Actually: I have never had a virus, but for the past 20
years this has been more to do with good management than sheer good luck.

So: I have nothing to worry about. I don't have to change anything. This
doesn't affect me. I'm alright, Jack...

The people at risk are the ones that have NOT been employed in professional
computing for the past 20 or 30 years. The people who do NOT have the tools
and expertise to discover potentially dangerous files. The people who do
not have the advanced computing knowledge to remove an infection if they get
it.

The home users. The small business users.

They are the ones who are going to lose the contents of their bank accounts,
the content of their email, their quotations, their customer lists and their
investment portfolios.

And their computers. Those are the ones that will be out there buying new
computers and new software every six months or so. Because they don't have
the knowledge to protect their computers, and they're too busy earning a
living to have the time to get that knowledge.

They're the ones that get hurt by this. The "normal users". You know: the
ones the computer industry should be protecting. Because we promised that
we would. We told them we knew what were were doing; that the customer is
most important; that we have their best interests at heart.

Those are the ones that will get hurt.

That's the real outcome. Are you proud of it? Really?

On 11/07/08 11:22 PM, in article ee9bb16.24@xxxxxxxxxxxxxxxxxxxxxxx, "WFP"
<WFP> wrote:

SOLUTION: Upgrade from Office 12.1.0 to Office 12.1.1

PROBLEM: Word for the Mac would not open *.doc files that I received via
email
(my client is Thunderbird 2.0.0.14) when I double-clicked the attachment,
when
I saved the attachment and double-clicked the file, or when I saved the
attachment and dragged it to Word. The only way I could open the file was
with
File:Open... from within Word, which meant navigating the filesystem to find
the file. Aggravating!!! AFter upgrading, however, the problem went away.

MY TAKE: Microsoft says that it does not want to open deprecated filetypes,
which could pose a security risk. This is a weak response, since those same
files would be opened directly from within Word. If Microsoft is actually
worried about security, it should prevent the security problem from within
Word, not by making it more difficult to open files.
You are in grave danger of being perfectly rational WFP. Don't you
realise this is usenet? You wouldn't want to start a dangerous trend
would you?
FINAL WORD: I do appreciate Microsoft recognizing that this was a problem with
Word (not email clients) and fixing it.

WFP. You are spot on. Once in a while my good mate McGhie goes grumpy
and won't let facts stand in the way of a good harrumph.

I've been a computer pro longer than he, although he's had a harder
time of it. He had to look after some of the first code code (1970)
that I ever wrote. Probably soured him for life. I was long gone. I
only met him him a couple of years ago.

And I have never had a virus, and I have never used any anti-virus.

But then I have never used Microsoft operating systems. (see John's
point above about profitable computer companies) It was my way of
having
"commercial grade security".

I ran my profitable computer company into the ground largely because I
refused to deal with customers who wanted me to move my products from
VMS to some MS OS du jour. I could not see the reason for such wilful
sabotage. So I know he is right about how to be profitable in software.
Deliver dangerous unreliable stuff to clueless customers. Profit.

Macs have been my 'toy computer' of choice since 1984. I never used
them for real work until recently. I'm still not nearly as happy with
OS X as I was with VMS from a security point of view, but the
Mac/Windows virus ratio is pretty close to epsilon, and that will do
me.

John's effort to claim that somebody in Microsoft had a fit of
responsibility instead of the whole Mac BU making a silly mess over a
storm in a teacup is charming but misplaced loyalty.

He'll get over it.
He always does.

--
To de-mung my e-mail address:- fsnospam$elliott$$
PGP Fingerprint: 1A96 3CF7 637F 896B C810 E199 7E5C A9E4 8E59 E248
.