Office 2003 Service Pack Disables Older File Formats 555
time961 writes "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
Default value goes back pretty far (Score:5, Insightful)
However, I really have to question whether the enhanced security is worth it, since those old versions didn't allow too much of embedded scripting anyway. Are we just worried about buffer overflows, because those are still a symptom of their parser, not the format itself.
The software nanny continues to keep us from hurting ourselves... gee, thanks. (Hmm, anyone smell a similar trend in government lately?)
--
Educational microcontroller kits for the digital generation. [nerdkits.com]
A chance for alternatives (Score:2, Insightful)
Re:Default value goes back pretty far (Score:5, Insightful)
Well (Score:2, Insightful)
If you have documents that old, and they don't need to be edited in the future, you should probably convert them to PDF.
If they may need to be edited in the future, perhaps LaTeX or ODF would be good choices.
Re:maybe grepping (Score:1, Insightful)
Conflicting Strategies? (Score:5, Insightful)
Their sneaky brand of evil is saying two conflicting things and making us believe they work together.
Re:hmmm (Score:4, Insightful)
This is the point that people miss. All of the documents that were archived in the older formats will no longer be openable -- in this case, there is an arcane incantation as a workaround, but what if MSFT removes support entirely so that an authoritative document conversion is no longer possible? With open source, the method is obtainable. With closed source, it may be deleted when the company no longer supports it or closes its doors.
There are many cities/states/countries that rely on MSFT formats for document archival. Should a city keep spending money every 5-10 years to also update the formats on all of these records in case the necessary closed-source software ceases to exist or work on modern computers?
long careers exclude using proprietary formats (Score:5, Insightful)
After that, the penny dropped. Using open document formats wasn't simply a way to save money, it was an actual necessity for anyone planning to have a career lasting more than 5 years where writing is a core part of your work.
Re:Default value goes back pretty far (Score:5, Insightful)
I can only speculate that you've not worked in any institutions that have persisted for more than 10 years?
I used to run a university help desk; by the time I left in late 2006 we were still getting requests to convert 5.25" floppies and DOS Wordperfect 4 documents.
The situation is complicated by many other issues:
Ultimately, there is nothing wrong with the "file formats". A file format is not insecure. The issue is that Microsoft is shipping insecure code in Office 2007 and 2003 which may break when these files are opened and allow malicious executable code to run in the user's security context. Rather than fix this insecure code in a shipping product, their policy is to turn off the code and tell the user, "if you want to take the risk, turn it back on, but we won't make it easy."
I work at an organization that has been grappling with this problem since SP3 came out in September 2007. We routinely work on projects that span 15 years, so it's not at all unusual to open project documentation that is 10+ years old. Companies were loyal to MS Office precisely because it promised reasonably complete forward compatibility with archived documents. Microsoft needs to provide a more robust solution to this problem, preferably by fixing the broken code (gasp!) or (less preferably) giving system administrators the tools necessary to enable and disable the functionality in a more global way.
Re:Default value goes back pretty far (Score:5, Insightful)
Really? How about the US government? NASA anyone?
Why should anyone stop supporting old document formats? Are the files created a long ago no longer important? How about 100 year old books? Should we burn them all?
We should stop this file format insanity now, and adopt some open format. Like ODF. Good riddance.
This is why you need to support ODF instead (Score:2, Insightful)
Sure there is a right answer -- (Score:2, Insightful)
(Can he fire the Ballmer?)
Gates could afford to build a special fork of one of the Linux or BSD distros. (Linux would require less work, but he may find the BSD licensing more palatable, as we know.) He could afford to develop several sandboxed WINE environments capable of emulating the clot of software relevant to each OS release from 3 to whatever level of support he is dropping. He could afford to put into the packages for this special fork open source converters that would convert old documents to whatever is current at Microsoft (since he is not likely to be willing to convert to the more logical option). And, as a bonus, he could even provide software to check the sandbox for damage and report and repair it. (Actually, the repairing would not really just a bonus.)
Why doesn't he do it?
Dang, and why doesn't Apple make MOL an official product? Or even MOM?
File format is less secure? (Score:5, Insightful)
This doesn't make sense to me. A file format doesn't have buffer overflow vulnerabilities, the program that opens it has them. A file format cannot execute a virus or a trojan, the program that opens it is the one that does it. I cannot believe that a file format can have inherent vulnerabilities that cannot be circumvented by the program that reads the file.
On the other hand, considering the ODF vs. OOXML format wars, it seems to me that Microsoft's objective with this is actually to press for the standardization of OOXML. How exactly I don't understand, since the whole point of standard document formats is to avoid this same problem that they've just created.
This is exactly why proprietary formats are bad (Score:5, Insightful)
This is exactly why proprietary formats are bad, at least for documents that need to be kept for a long time for some reason, such as archival or historical documents. Even if open source office applications do similar things and depricate support for old formats, the older application versions might at least be available. Or third party developers could more easily create conversion programs. While open source programs do also exist to read these old proprietary documents today, we don't know if future proprietary document formats will be able to be supported. The open formats will be supportable.
Re:Default value goes back pretty far (Score:4, Insightful)
> work around this, i.e. leaving it technically (but not really practically
> for almost everyone) an option, for now at least gives MS an excuse, while
> still taking a big step towards getting rid of support for those old formats
> entirely, which is not all that unreasonable I suppose for formats greater
> than 10 years old.
Let's not forget - what is being supported is *software*, ie M$ Office, not a file format.
The current iteration of Micro$oft Office should be capable of opening any and all files created by any prior release of M$ Office, and should be capable of doing so in a safe and secure manner.
If the current iteration of Micro$oft Office is incapable of safely and securely parsing any file created by any prior iteration of M$ Office then surely something is very wrong with Microsoft, and with M$ Office!!
Re:Well (Score:3, Insightful)
Re:Default value goes back pretty far (Score:5, Insightful)
Unreasonable:
Most students, business and personal users don't wish to be unable to open their 10 year old document because it's no longer supported. Students want to be able to access old study notes, businesses want to get at statistics, company history and old documentation of systems or business practices, and the end user wants to be able to open that wedding speech they wrote 10 years ago, or that collection of jokes in an MS word doc.
Stupid:
Why do people buy Office instead of using something free? For the 3000 features? No, at least most don't. They buy Office for universal compatibility s that they can exchange documents with everyone. The moment users start complaining that they can't open the MS Office document with Office, but it's okay you can use a free alternative, people will start installing the free alternative. They're not forcing anyone to move up to a later maintained version, they're forcing people away to software that actually does the job they want it to.
Only fools and company sock puppets (sales and marketing) actually believe obsolescence is reasonable, particularly when it comes to data.
Re:Default value goes back pretty far (Score:0, Insightful)
Re:Default value goes back pretty far (Score:5, Insightful)
I occasionally load in data tapes from as far back as 1982. Reports related to the data will be in whatever file format is popular at the time, which will be MS Word and MS Excel from the early 1990s on. Since computing power is so cheap now a lot of stuff in a lot of feilds gets reprocessed, old data is a lot more useful than repeating 10 years worth of experiments again or sending 50 guys out to survey an area for two months or even trying to examine something that doesn't exist anymore. Old file formats like TIFF, SEGD, tar and so on are deliberately backwards compatible so that archiving is more than just an expensive hobby. Since Microsoft have moved out of the hobby software space and into the office they should realise that they have to take a professional approach throughout the company to avoid mistakes like this.
Time for you for ODF (Score:5, Insightful)
Re:Default value goes back pretty far (Score:4, Insightful)
Tee-hee! That got laughs from all kinds of government employees, university administrative assistants, paralegals, and so on.
And this undoubtedly will put a smile on the faces of all the good old boys at Exxon, who have been fighting the good fight to keep from actually having to pay for the damage that their Valdez supertanker did about 20 years ago. If all the prosecutor briefs from before 1995 were suddenly much more difficult to access, then maybe Exxon will succeed in avoiding payment of the $2.5 billion they owe.
Proprietary file formats are definitely good for some businesses.
Thank you Microsoft... (Score:5, Insightful)
Oh, yes it is... (Score:4, Insightful)
I would. The average slob (who could very well be someone who doesn't update their old files for long periods of time) using windows does not know what the registry is, let alone how to modify it. Also consider this: What is more dangerous and likely to cause serious damage, an old file format or a average user trying to fix their registry to read old files?
Re:Default value goes back pretty far (Score:5, Insightful)
1. I bet that some of the code is not Microsoft's. They have bought it and I would not be so sure about the right to modify it in the first place. In any case we are back to rewriting code which noone understands any more.
2. You can sandbox in a sandbox-friendly language (not the case here it is all C++ or C at that age) or if your code is written in a manner where sandboxing works. Classic example - using exemptions on out-of-memory or invalid pointers to allocate memory. I know a chap who writes everything like this and he used to work for MSFT at just about that time. Wanna sandbox that? Especially in a multithreaded environment? I doubt it. On top of that I can bet that the internals of the code in question reinvent the wheel left right and center and reimplement functions that are nowdays part of the foundation classes. As a result the size of the piece of code which you have to sandbox suddenly grows on an order of magnitude. And so on.
As I said, I for once can sympathise with a MSFT decision. I have no sympathy to the fact that they do not admit to the underlying reason which is using formats that are not open, well defined and standardised (nothing to do with security), but that is a different story.
Re:Typical MS "Planned Obselescence" (Score:3, Insightful)
Given that Apple seem to end support after 6-7 years, and there's no evidence that any OSS offering will extend support that far back, why is there suddenly an outcry with Microsoft stopping support file formats which are now over a decade old?
Seems to be bloody-minded hypocrisy.
Re:Default value goes back pretty far (Score:3, Insightful)
I've seen people buy Office. I've also certainly been aware of large companies buying it. How do you think MS make money from it if it's not bought? If they didn't care about the home market there wouldn't be home specific versions.
Fortunately there are alternatives one can use if ms products fail - the results may not be ideal but better than nothing. I do not understand why all this fuss about such policy then.
Perhaps because some people have a life and have better things to do with it than waste it finding other software that aren't ideal to get around their software supplier crippling their software. Why should anyone waste time and/or money downloading a free office alternative, or applying registry hacks just to open a document they created 5 years ago. Way to demonstrate loyalty to the customer.
Mod parent up! (Score:5, Insightful)
The richest tech company in the world is throwing its hands up in the air and saying that can't figure out how to make its most profitable (and presumably most actively developed) products render a human readable, non-executable data format safely--PLEASE. This is nothing more than a very clumsy (but brazen) attempt to make people upgrade. I'm surprised they have the balls to do it, what with their current OOXML circus.
Re:Default value goes back pretty far (Score:3, Insightful)
I do not agree, but that's irrelevant.
What's relevant is that instead of the obvious choice (open a dialog box like "This document is in an old format which poses security risks if coming from an untrusted source. Open anyway? (yes) (no) (always) (never)") the guys at MS decide what you can or can't access with your new PC.
Re:Mod parent up! (Score:5, Insightful)
> make people upgrade. I'm surprised they have the balls to do
> it, what with their current OOXML circus.
I'm not surprised at all.
It is what one expects from a company that does not respect the people who have used its software (and re-purchased it several times) over many years.
Would Adobe even consider doing this with Photoshop? No.
What we are seeing is nothing more than a "vendor lock-in" ploy.
I'm almost certain that M$ will not fully support OOXML if it gets approved by the ISO. Lets be realistic - M$ Doesn't actually support it now!
Re:Uh, you do know it's XML, right? (Score:3, Insightful)
Apparently, you don't know what XML is. You can encapsulate ANYTHING with XML. It's just a bunch of tags that have no meaning until you describe what the tags encapsulate. And then there are binary blobs, which don't mean jack because they don't get described as anything else besides a binary blob.
I did a little bit of Googling just so I don't put my foot in my mouth too firmly here.
It is a fact that binary blobs are allowed in OOXML as well as ODF. The MS/OOXML rabid fan site ooxmlhoaxes even stipulates this. No argument there.
BUT, in the article GNOME/OOXML podcast shows two sides closer than appears [linux.com], these binary blobs that MSFT have are NOT specified in a publicly accessible document (if they ever were documented). While the thrust of the article was about software politics and the podcast itself, it did have a few nuggets for our conversation.
Now, if MSFT is allowed to just grandfather in undocumented binary blobs into OOXML for whatever reason, is OOXML truly an open format?
OOXMLhoaxes would have you believe that ODF has this same problem:
But, this is of course shenanigans. ODF is based on an open source package. Since the package is open source, we all know the code that would create the binary blob and can document it and recompile it. MSFT has not offered the code to authoritatively read their own binary blobs. And let's not talk about reverse-engineering being viable for use by large companies. This would open them up to patent lawsuits if MSFT chose to go that route.
From the same blarticle:
So, Office 2003 also has undocumented binary blobs? Well, so much for XML making it easy for one to decode previous Office formats.
Looks like I won't be chewing on my foot after all. Here's the search I did to find out about the OOXML undocumented binary blob problem [google.com] in case you'd like a starting point.
Re:Default value goes back pretty far (Score:3, Insightful)
Re:Not really that bad (Score:4, Insightful)
Re:Mod parent up! (Score:4, Insightful)
Sounds reasonable to me. I mean, do you respect stupid people, even if they give you their money?
Re:Default value goes back pretty far (Score:3, Insightful)
Re:Well (Score:2, Insightful)
Re:Thank you Microsoft... (Score:2, Insightful)
One of the strengths of MS was backward compatibility in most of their products - with the possible exception of Office (Please note the past tense).
Ultimately this is another nail in the coffin for MS for it proves that you can't use ANY MS Office file format for reliable long term storage - unless you are prepared to walk the MS Upgrade Treadmill.
With a serious credit-crunch looming, I suspect that more and more people will be having a long hard look at cheaper, reliable office alternatives.
Re:More cheese with that whine? (Score:4, Insightful)
You paid real cash money for something to work a certain way, and it did, until your proprietary-vendor overlord makes up some crappy reason for removing the functionality.
While the specific instance of removing support for ancient formats isn't likely to have too much catestrophic effect, the precedent is well worth bitching about.
The least Redmond could do is turn the converter code over to the public domain, so that, when the unforseen requirement to, say, compare ancient versions of Uncle Hezekiah's will suddenly crops up, people don't have to spend a ton of money to open a simple file.
Of course, there is the business model of having a stable of ancient computers with creaky Windows versions and applications, just for these moments, but that business is so boring as to be hideously expensive.
Re:Mind-bogglingly complex? (Score:3, Insightful)
And for what? The excuse that these are insecure formats is a lie. It's just data. If Office 2003 is vulnerable to exploiting old file formats, that's Office 2003 code that is insecure.
The best lesson that users can learn from this is don't ever upgrade Office.
Re:Thank you Microsoft... (Score:2, Insightful)
How is using a different file format helping me to read older formats? This comment is not insighful, it compares apples to oranges.
Maybe you could say that it is a reason to use OpenOffice, which by default still opens the older formats. Or a reason not to upgrade to Office 2003.
Re:Thank you Microsoft... (Score:3, Insightful)
Re:More cheese with that whine? (Score:2, Insightful)
Re:Default value goes back pretty far (Score:4, Insightful)
A lot of individuals have pointed to MSOffice as a standard, stating that future versions will always be able to read the older formats. Now there is absolute proof that it isn't true.
Another reason for an open format that is actively supported by multiple vendors.
Re:Thank you Microsoft... (Score:1, Insightful)
So, what you and Microsoft are saying is that when any new version of software comes out, I need to go back, open ALL my previous documents in the new version and save them with the latest version of that format? Even documents I may never need again, because, well, I MIGHT need them, and if I ever DO need them, they'll need to be readable.
Yeah, I can see how that will increase efficiency... (/sarcasm - it's up to you where the sarcasm started).
How about they just disable the ability to WRITE in the old formats?
Wouldn't that be a better solution? Then you can still read your millions of documents, you just can't save in an old, insecure format.
I still think ODF is the way to go, but I'm trying to provide a sane way out for MS here...
Re:Thank you Microsoft... (Score:4, Insightful)
Two point:
1) There are no vulnerable file formats, only vulnerable implementations. If the old MS format were vulnerable, then they could at minimum sandbox the thing or take the easy way out and disable specific vulnerable implementation functions (which likely aren't used by anyone) unless the user verifies them and manually enables them.
2) No matter what ISO does, the spec is out and you are free to use any program that implements the current version. Since libraries and government institutions must have the original unconverted documents of all their archives (note, a single space or comma can change the meaning of many documents including the constitution), you can be sure that some viewer will always exist for "Older" versions.
Re:Default value goes back pretty far (Score:3, Insightful)
So while a documentation most certainly exist I can bet a case of beer that there is no way in hell to produce a working implementation without looking at the existing code or even reverse engineering it.
Further to this, even in cases where docs exists noone has even bothered to analyse the formats from a security perspective. WMF is a classic example. A format that allows you to execute stuff as a part of the definition and noone noticed this for many years until the shit hit the fan. I bet that there are gems like that in many of the other "prehistoric" format specs.
Re:Thank you Microsoft... (Score:5, Insightful)
Nope.
It's even worse.
This problem only occurs if you do walk the MS Upgrade Treadmill; should you choose to remain true to the good old Office 97, all will be fine.
OK, so the problem of opening new documents someone sends you occurs in that case, but you can't have it all.
It's a damned if you do, damned if you don't type of game: either you lose old documents or you lose new ones.
The bottom line, therefore, is: you lose anyway.
Whatever you do, if you go with Microsoft, you will lose.
Best case scenario: all you lose is lots of time. However much is necessary for converting all the old documents.
Do add that to the price of Office itself.
it's not like it's YOUR data or anything (Score:5, Insightful)
Apple also did something like this (or worse) when they EOL'd Classic in Leopard. Millions of files become inaccessible overnight because the applications to read them simply cannot be run. It's thoughtless and cynical and extremely destructive.
The summary is not alarmist. Data obsolescence happens every day. It's a fatal flaw in the proprietary software model that RMS correctly identified decades ago.
Re:Time for you for ODF (Score:3, Insightful)
Re:Default value goes back pretty far (Score:4, Insightful)
Nope. Don't sandbox, virtualize. Create a tiny VM that has only the minimal OS needed to run the core of the code, and run the unsafe code in there. The tiny OS doesn't need to have any device support, just a bit of memory management plus a set of APIs that pass through to the real OS outside, with parameter validation.
MS has all of the technology needed to do this. If they don't want to make a truly minimal OS, they could always just use Windows Mobile, with all of the optional components removed. It wouldn't be trivial, but neither would it be a huge chunk of work.
It would probably cost them fewer dollars to implement a virtualized "sandbox" for that old code than it will to handle the support calls their move is going to create. OTOH, the virtualization approach would only help with security, it wouldn't encourage people to upgrade.
Re:Typical MS "Planned Obselescence" (Score:3, Insightful)
Your clients are wrong. You can download a compatibility pack and readers for Office 2007 documents for Office
Do you really think that you are going to tell a multi-million-dollar customer, "Do it our way, or you can take your millions of dollars of business elsewhere?"
The customer is always right.
Re:Thank you Microsoft... (Score:3, Insightful)
What the fsck are you talking about?
How are you going to convert documents from one format to another when the old software cannot save the document in the new format, while the new software won't open a document in the old format?
Third-party applications?
I mean, sure. But then let's show people that OpenOffice.org really can open both the old and the new documents. And convert them to whichever format they like.
Incidentally, it's an office suite as well. And you paid how much for MS Office?
I don't know how this is pertinent to this discussion anyway, but you're only proving my point: just dump MS Office if you need MS Office compatibility.
Paradoxical as it may sound.
Re:Thank you Microsoft... (Score:3, Insightful)
No, Word for Mac is not blocked (Score:3, Insightful)
According to the Knowledgebase article [microsoft.com]: (Emphasis added by me.) Now, if you look at the provided handy table of values, you see that the two versions of MS Word for Mac that are directly compatible with OS X, registry values 195 and 268 (for Word X for Mac, and Word 2004 for Mac, respectively) are below the default cut-off on the table. In fact, even Word 98 for the Mac (which can only run on OS X in Classic) falls below the cut-off on the table. Only products with corresponding values from the table numerically below 101 (those appearing above the cut-off line in the table) will be blocked.
Since Office 2004 for Mac is still a supported product, it would be insane for Microsoft to block its files from being loaded in the Windows version of Office. I admit these instructions are confusing, but the KBase article clearly does not say what you claim it is saying.
Incidentally, according to the table and the above quoted text, the only Mac Word document formats that are blocked by default in this service pack are the following: