MS Critical Patch Fixes 8 Vulnerabilities 202
nandemoari writes "A hole allowing hackers to take control of Microsoft Exchange was just one 'critical' issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer browser, Office, and its SQL Server.
Three of the eight vulnerabilities patched yesterday were marked 'critical.' The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be exploited when a user opens or previews an email in the Transport Neutral Encapsulation Format (TNEF)."
Doesn't Sound so Bad (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Interesting)
Maybe their budget doesn't stretch so far as to be able to employ 1 guy to do nothing but manage a mail server.
Exchange is a big pain in the ass, and it doesn't scale very well. I hate it, and all I have to do with it is keep it from ever touching the web directly.
Re: (Score:2)
E2k7 is a major leap forward in terms of scalability and touch requirement's. Its probably easier to architect correctly as well compared with e2k3. E2k3 and prior could actually scale pretty well but you had to be an exchange guru to do it right and spend a lot of energy managing the environment. They also worked ok for small single server shops out of box with little touch. It was the vast space in the middle they handled poorly.
E2K7 strikes me as something that would be a bit of bare for anyone not a
Re: (Score:3, Interesting)
Let me start by saying that I never want to see the words "bare" and "it professional" in the same sentence. Ew. Ew. Ewwwwwwwwwwww.
That being said, I'll acknowledge that Exchange is actually improving pretty dramatically between releases. Even 2k3 is so far ahead of earlier Exchange releases as to be almost unrecognizable. We run about 300 users on a pretty small hardware footprint, and, provided you run everything through an antivirus before you send it to the users, it all works with little supervision.
I
Re:Doesn't Sound so Bad (Score:5, Insightful)
I've run it, and it doesn't. That you put them on the same page shows you've never run Exchange because Exchange is not about email.
I'll tell you what I tell everyone: you need to go use Exchange for a while. Sit behind some manager and watch them fuck with their goddamn calendars for a while. Watch how neatly the calendars integrate with the email. Watch how it integrates with Office for document collaboration.
There is no one product that handles all those features so well and so seamlessly.
All those features can be had from a half dozen different OSS apps, and when you've laboriously cobbled them together into a working whole and presented it to management, they will give you a look like you handed them a plate full of dogshit, and then they will give you a list of things that aren't as good.
And when you go back to your office you'll go over the list and you will grind your teeth because the fuckers are right. You will never convince people to ditch exchange until you can provide a product that is just as good.
Zimbra? (Score:2)
Have you evaluated Zimbra?
At my company (I'm CTO) we have a mix of Windows, Mac, and Linux clients. (Sales/Support use Windows/Mac, tech dept is nearly all Linux) Throw in a few palm and Windows mobile phones, and you have a support nightmare. Supposedly, Zimbra supports all of these without issue.
I'm in the beginning stages of implementation (just allocated a dual-CPU server to trial it on today ON CentOS) but I'm wondering if anybody out there has anything to say about this?
Re: (Score:2)
Can I include on that list
- send an email to the server to pwn it?
Exchange is good if you're an all Windows shop. If not, it's just as good as postfix/caldav/smb.
Re: (Score:2)
Clearly you've never used the beauty and wonder that is Entourage [microsoft.com]. [/sarcasm]
You're right, and you're wrong. The assumption is that you just don't need fancy calendar apps, and mail server based collaboration and crap like that if you're a unix/linux shop. I know how it is. Even mutt is decadent to a hardcore unix freak, just grep the mail spool you pussy!
And really, the Exchange infrastructure is massive overkill if you're a small shop anyway.
But for a decent sized corporation it really helps to be able to
Re: (Score:2)
Good to know. What do you think the break point would be? >1000 users and it's worth the cost, time & effort?
Also curious if you think taking the money spent on CALs, licenses, etc and spending it on infrastructure & setup for a more unixy back end would result in something close. Like using the stuff from 37 signals.
http://www.37signals.com/ [37signals.com]
Re:Doesn't Sound so Bad (Score:5, Insightful)
Who knows? The thing is, once you have 1000 people, the critical mass of pointy-hairs will make Exchange a requirement.
Still, 70 bucks a seat sounds expensive when your budget is in the hundreds of thousands. When your budget is in the millions, that's like 1 manager's salary, so you fire the guy you like least, and buy exchange for the company.
I am often at a loss to explain business decisions though. We use this huge proprietary design system, and for years we were shackled to the old version of the system by costs of the hardware upgrade (old solaris mainframes). I sat down one day and took the new version of the system (which we had for free, since we were paying support), and made it work on open solaris on x86 hardware.
Took it to my boss expecting a raise, and maybe, you know, some appreciation. Got told off because my solution didn't account for the need to buy ~40 CS3 licenses (around 30k, for some new copies, and some upgrades).
Fast forward 6 months, and we went out and bought a NEW system to do the same thing for more than 10 times what my upgrade would have cost. The new system only replaces half of the old system, so we still have half a crappy old system to maintain, and, AND, we still had to buy the fucking CS3 licenses!
Front to back it cost us probably half a million dollars and the new system is universally hated for its crap speed and crap stability (it's running, I shit you not, on virtualized win2k boxes...I could fucking weep).
The thing is, my solution was impossible because it couldn't be put on the capital budget because it was over the max budget for an in-house upgrade. But the much more expensive system could because it was under the budget for a purchased system. Penny wise, pound foolish.
I have an incredible philosophical problem... (Score:2)
I have an incredible philosophical problem with any software designed to cause code to run as a result of you receiving an email, and which then takes that email as its input data, particularly if it starts processing it before it verifies the referential integrity of the MIME container(s) in the message.
The primary reason OutLook has been such a cesspit of exploits is "Exchange integration". Loosely translated, this means that it ignores encapsulation enforcement by starting to interpret the contents of a
Re: (Score:2)
The reason it's been a problem is that the vast majority of Windows admins don't know what the hell they're doing.
If it's properly configured, and properly deployed behind a shitload of OSS-based hardening, it'll hardly ever have problems...Our corporate exchange setup hasn't had a virus in years...We have far far far more trouble with people who still use IE and people who bring in thumbdrives full of crap from home.
Yea, it's a pain to protect it, but once you do it works fine.
Re: (Score:2)
Is it that easy? (Score:5, Interesting)
Re:Is it that easy? (Score:5, Insightful)
Like sendmail has never had critical vulnerabilities in its address parsing code?
The irony is that the error is in MS's proprietary TNEF format. This is a binary format so it should be easy to parse.
Offtopic, but why can't slashdot link to the meat [microsoft.com] rather than some ad-laden rehash?
Re: (Score:2)
yeah but qmail hasn't :p
Re:Is it that easy? (Score:5, Interesting)
yeah but qmail hasn't :p
Of course, it has about 5% of the features of Exchange or Postfix or Exim or Sendmail or...
Re: (Score:2)
Yeah, that's why yahoo uses it [citation needed] and why it's second most popular MTA [citation needed].
If it supports their specific needs, why not? I'm not going to advocate Notepad just because Yahoo! uses it in some specific situation, though.
Re: (Score:2)
Sendmail is infinitely more configurable and complex than Exchange Server's SMTP MTA. Don't get me wrong, I'm not defending sendmail's history, but using flaws in something as complex as humans to justify flaws in unrelated bacteria doesn't cut it.
Re: (Score:2)
My reading of this is that it took a specific email and an active attack at the same time. The Exchange vulnerability only requires specifica
Re: (Score:2)
Offtopic, but why can't slashdot link to the meat rather than some ad-laden rehash?
I think you answered your own question.
Re: (Score:2)
Like sendmail has never had critical vulnerabilities in its address parsing code?
I find it extraordinarily funny that Sendmail... probably the most insecure example of a popular open source program, is what you've chosen to compare to Exchange. Years ago there used to be a sendmail vulnerability every week!
Hell, even sendmail is more secure these days. I still won't use it though, mostly because it's a bear to configure and postfix is far better for anything I've used it for.
Re: (Score:2, Informative)
It is possible... this is usually the symptom of buffer overflow error in the server code. An attacker discovers the hole, takes advantage of the vulnerable buffer to "smash the stack", and dupe the process to execute the shellcode (concise machine code that does whatever an attacker wants) planted in the "specially crafted" mail text.
There are other possibilities but buffer overflows are among the most common ones. I didn't RTFA and neither do I know whether this is one but yes, taking over the server by m
Re: (Score:2)
> this is usually the symptom of buffer overflow error in the server code.
I really don't understand much about MS technologies, but why their Exchange server is not rewritten in C# so at least buffer overflows can be avoided?
Re:Is it that easy? (Score:5, Insightful)
Properly written C and C++ code can and should trap all exceptions. There is no excuse for untrapped buffer overflows in mature commercial code.
Buffer overflows are programmer errors, not program exceptions that signal some kind of event. They can't be "handled" -- they must be eliminated from the source code.
Re: (Score:2)
> They can't be "handled" -- they must be eliminated from the source code.
Apparently, there is never enough expertise nor allowed time (specially at Microsoft) for this kind of debugging, so why not use some tools (albeit less optimal) that avoid creating those errors from the start? That's one of the original purpose of these higher level languages (or managed environments if you want.)
Re: (Score:2)
In Microsoft's world, buffer overflows are not always errors. They are also part of deliberate back doors. Classic example is the "we'll execute a correctly-formed MP3" in DX9, which was NOT a buffer overflow, and which was patched in a day when discovered (because they knew exactly where to look). There's no reason, other than a back door, to execute data from a stream. It's a very convenient way to get the DoJ keyloggers, for example, installed.
The back doors are designed in, not purely errors, so all
Re: (Score:2)
Thank goodness my Exchange server is behind a firewall *and* a Postfix SMTP proxy running on a Linux box. There's no direct exposure of Exchange to the outside world.
Re: (Score:3, Informative)
Unluckily for you, this vulnerability will still affect you. If you read the security announcement by Microsoft, a possible workaround is to block all TNEF / winmail.dat attachments, which will break all incoming RTF mail. Depending on what your business exactly does, this might not be a viable workaround.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And since we don't use Outlook as a mail client, I actually filter all incoming messages to extract the actual attachments from those stinking winmail.dat file before the mail is delivered. You could do the same thing at the postfix server so that Exchange never sees TNEF files.
Re:Is it that easy? (Score:4, Funny)
Wow, you have a firewall that stops email from getting to a mail server! I gotta get me one of those...It would reduce my workload by 95%! Since I don't answer any of my phones, the only way people could contact me with problems would be by ambushing me on the way to the bathroom.
It would keep the CEO from ever contacting me, that's for sure. God knows he'd never be caught down here with people who do work.
Re: (Score:2)
No, I have a Postfix server exposed on port 25, while the Exchange server sits unexposed behind the firewall. The Postfix server receives, processes (if necessary, to turf spam, etc) and then passes on mail to the Exchange server. The Exchange server then passes mail off to the Postfix for outgoing transmission.
Re: (Score:2)
Besides, what happens when someone combines this with, say, a flash vulnerability and causes a machine inside your network to send
Re: (Score:2)
i do the same thing with sendmail - and guess what? unless you are sure to strip everything of all possiable TNEF data then if one of the "special" e-mails passes your spam filtering it will go right on to the exchange server where it will be proccessed and you will be screwed.
this isn't someone sending a malformed SMTP message that effects only exchange's SMTP MTA.. this is specialy formatted content inside a perfectly ligit e-mail. no normal or even abnormal spam filter would catch this if it was directe
Re: (Score:3, Interesting)
Well the firewall won't help you with this vulnerability because even after the message is handled though the other mail gateway it can still be a threat. It is however very common to not let exchange speak directly the the outside world. I for one block all smtp at my edge firewall except to and from a cluster of Barracuda Spam filters. They also used to be configured as a smart host in the E2K3 world. In 2k7 i simply don't use the edge transport rule and let the hub transport server treat them as a sen
Re: (Score:2)
I was more referring to the firewall aspect; struck me as funny. I once went to a property to do a security audit, and found that their firewall literally blocked EVERYTHING. No ports open at all inbound OR outbound. They paid for a broadband connection, but the individual computers were all on dialup, because they thought that's just how teh interwebs worked.
We run a secure proxy for OWA, sendmail proxy for DMZ'd email handling, a SAV gateway for virus scanning, and upstream of our internal systems we pay
Re: (Score:2)
Stop spreading FUD (Score:4, Funny)
It's all closed source, so there aren't any real vulnerabilities. Even the certified professionals [slashdot.org] say so. They're certified what more do you need !
As if you could spread havoc through email [google.com] on a proprietary system. Bah.
Re:Stop spreading FUD (Score:5, Funny)
We DON'T want to know what demonic code is stored in the source files on some secure Microsoft server up in Redmond.
Hmmm...
Did you know that if you boot Windows backwards you can hear satanic APIs ?
Oblig. Quote (Score:4, Funny)
That's nothing! If you boot Windows forwards, it loads Windows!
Re: (Score:2)
That's nothing! If you boot Windows forwards, it loads Windows!
Woah, now that is scary !
Oddly enough... (Score:4, Informative)
the IE fix ONLY affects IE 7. If you're running IE 6 (or even 5) on any platform, you don't have a patch to install.
Could it be, *gasp*, that IE 6 is more secure than IE 7? The mind wobbles.*
*For you yungins, go look up Kelly Bundy and the above phrase.
Re: (Score:2)
How about no.
http://secunia.com/advisories/product/11/ [secunia.com]
22 unpatched vulnerabilities, some of which are critical.
Re:Oddly enough... (Score:5, Funny)
*For you yungins, go look up Kelly Bundy and the above phrase.
I just did. The top result [google.com] is your post!
Re: (Score:3, Funny)
And the next thing we will hear is that Kelly Bundy has been citing smooth wombat for all these years.
Re: (Score:2)
That is both hilarious and scary. Thanks!
Re: (Score:2)
Kelly Bundy.. hmm, can't remember how I know that name....
Re: (Score:2)
Oh geez, Peg, why can't you remember that? I'm going to the Nudie Bar.
Re: (Score:2)
Or it could be that they no longer support IE 5 and 6 and so won't release a patch even if they are affected?
The other possibility is that the bug is in the code responsible for the much better standards compliance in IE7, in which case IE5 and IE6 are only more secure because they don't support the feature, which doesn't really count.
Re: (Score:2)
Is a bear catholic?
Why can't Microsoft ever get this right? (Score:2, Insightful)
Why in the world would an e-mail delivery system ever consider executing external code? Exchange should simply look at the delivery address. If it is a local address, place the message in the user's mailbox. If an external address, forward to the next hop. What's so difficult with that task?
CommuniGate Pro has never had this problem. IronPort appliances don't have this problem. Exchange should stick to its sole job as a delivery agent and stop trying to be so smart.
Can't we live without OLE?
Re:Why can't Microsoft ever get this right? (Score:5, Informative)
Why in the world would an e-mail delivery system ever consider executing external code?
Exploits such as the ones mentioned aren't because the system is executing external code intentionally, rather, a carefully crafted message will overflow a buffer and change the values of some CPU registers. If the values change in such a way that a pointer moves execution to a part of the carefully crafted message, that message is now external code that is being run.
Re: (Score:2)
Exploits such as the ones mentioned aren't because the system is executing external code intentionally, rather, a carefully crafted message will overflow a buffer and change the values of some CPU registers.
But that overflow would be impossible if Exchange wasn't trying to act on the contents of messages flowing through it. For instance, it's impossible to make Postfix choke on an attachment since it doesn't try to process them (with the minor exception of filtering on the headers of encapsulated emails if you specifically enable that functionality).
Re: (Score:2)
but it does indeed "process them" as soon as it reads them
Nope. It treats them as a block of data to be moved about and makes no attempt to interpret the data beyond what's necessary for mail delivery. Exchange is getting nailed by examining TNEF attachments. Postfix (or Sendmail or qmail) couldn't care less what, if any, attachments are embedded in an email.
A valid analogy to Exchange would be if ClamAV fell to a buffer overflow while trying to scan attachments.
Re: (Score:2)
Exchange needs to be so smart so that it can open up the TNEF document and scan it for content which would route it depending on a user rule, an Antivirus scan need, or a content filter the admin may have.
And yes, CommunicateGate PRO has had it's share of serious problems just like almost any software;
http://secunia.com/advisories/search/?search=CommuniGate [secunia.com]
One of these allows file access as root.
Re: (Score:2)
They need to isolate those functions away from the MTA agent. MTA should do MTA and punt the rest to a wholly separate program that has to re-establish trust and re-validate the input data.
Re: (Score:2, Insightful)
the only built-in groupware feature that I've seen people using in Exchange (without shelling out xBox credits for half a dozen other additional applications like SharePoint, SQL Server, BizTalk, InfoPath, etc) is the one allowing to click on predefined Yes, No, Maybe buttons to reply to a message...
MS Proprietary Protocols have a history of flaws (Score:2, Insightful)
Re: (Score:2, Informative)
Regarding performance, both APIs are functional. DirectX is more an interface to hardware where OpenGL is a generic interface that may or may not be hardware accelerated. Performance is driven largely from the drivers. In my expe
So.... (Score:5, Funny)
....What "carefully crafted message" would I need to send to take over an Exchange Server?
To: ExchangeServer@company.com
Subject: H3ll0
I 0wn you Now. Please reply back with passwords.
Regards,
Hax0r
Re: (Score:2)
My buddy figured out how to craft the message. He emailed me the message this morning at work. Hmm, maybe that's why its such a quiet day.
We installed it ... (Score:3, Interesting)
... and Exchange 2003 stopped delivering messages to mailboxes.
Rolled it back, and everything worked fine ^H^H^H^H just as it used to.
I may be missing the point of these "fixes", but surely "security updates" should actually be tested at some stage?
Re:We installed it ... (Score:4, Funny)
Yes, they should. Namely by you. In your testing environment. Before deploying it to production.
Re: (Score:2)
oh get over yourself (Score:5, Insightful)
I had the same with exchange 2007. Calendaring stopped working so I reinstalled rollup 5 and everything went back to normal.
As for your comment, one day when you move into the "real world" you will realize that you dont always have the resources to test every single patch that comes down the line. Id much rather have a microsoft patch fubar the machine than have a haxxor pwning it because i was busy testing a patch. At least when i have to explain to management why the email was down for 30 minutes, I can blame microsoft instead of saying that we got exploited (which would then become MY fault).
Not everyone can afford to have redundant everything. Especially machines that are only used for testing, and therefor not in a production environment, where it is easier to find bugs. Sure, if your exchange server services 2000+ users, or generates tens of thousands of dollars a day then maybe you can afford another machine to test on. Most people in the Real World do not have those luxuries.
Re: (Score:2)
"testing environment"? What's that? Sounds like one of those things that adequately-funded IT departments get.
"Adequately-funded IT department"? What's that? Sounds like one of those things that only IT-oriented companies might have.
Re:I love the small of hot-fix patches in the morn (Score:2)
Of course not, they get them on a daily bases, per app.
I wouldn't surprise me if the sum development time on the core system and apps of any given Linux install was greater than that of any given MS install, for any given duration.
Re: (Score:3, Informative)
There is a difference between the hole you posted and the one that is being discussed though, a very big difference.
The security hole in the Kernel that Ubuntu fixed required local access to the machine in question, the exchange bug could be exploited by sending the server an email so not access what so ever was required.
Privilege escalation vulnerabilities are generally considered to be of a lower priority to fix and not as severe as you must have modicum of trust in order to give someone a shell account.
Re: (Score:2)
The verbiage there is mind numbingly stupid. I quote, "Ubuntu became the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel". In other words, a kernel fix was made available and it was applied. They make it sound like it has far reach consequences and by have multiple distros, the problem is somehow made far, far worse.
Huge difference between local and remote exploits. The fact you seem to not understand the difference squarely places you into your own worst scenario,
Re:I love the small of hot-fix patches in the morn (Score:4, Insightful)
A local exploit is a potential problem even if you're the only user. If an attacker combines a remote non-root exploit (say an Apache bug that gets him access as the 'nobody' user) with a local exploit (that upgrades 'nobody' to 'root'), he now has a remove root exploit.
Local in this case just means a logged-in, unprivileged user that can run arbitrary code.
Read up on blended threats.
Re: (Score:2)
Since I'm the only user on my box I don't think I have to worry about me exploiting my self and doing unknown harm
How do you know you don't have DID? [wikipedia.org] ;)
Re: (Score:2, Funny)
Re: (Score:2)
Posting this sort of bullshit on Slashdot just comes off as being unbearably smug and condescending. Go take it to a windows forum or Expert Sexchange or wherever. Everyone here knows about Linux.
On top of that, like a lot of smug amateurs, you don't have any knowledge whereof you speak. Lack of Exchange is a deal breaker for a huge chunk of the business world.
Until there is a real Exchange/Outlook replacement that is available open source, people are never going to drop it, because, for them, the functiona
Re: (Score:2)
My time is valuable.
So is everybody else's.
I don't have all night to sit up recompiling to get the thing to work.
FUD alert FUD alert FUD alert.
Oh, and don't forget the legions of friendly, helpful Linux users who will be glad to listen to my problems and recommend a solution.
There are legions of helpful companies who will charge you money to support you and it will still cost less than Window$
Re: (Score:2)
Hehe, after posting a negative response to your original post ... I have to say that not only are there helpful companies who will charge less than supporting Windows, but there ARE quite a few helpful Linux users. It seems to vary by distro.
Re: (Score:2)
when i can play every game i've purchased in the last 15 years out of the box NATIVELY without having to run it in wine, cedega, crossover or whatever the fuck the new "emulator" is these days, then i'll consider switching to linux.
When you can do that in Vista or Windows 7, let us know. Most programs written in 1994 won't even run correctly on Vista or XP. A lot of programs written prior to 2002 for DOS Windows (95,98,98SE,ME) have difficulty on the NT kernel line.
Re: (Score:2)
You know what the difference between Wine and the layer in Windows that lets you use 9x applications is?
Most people who use Wine know it exists and what it does.
Aside from that, you can throw out any game made before 2000 or 2002 as it is not run natively on Windows 2000/XP/Vista/7 either.
Re: (Score:2)
The Windows layer actually WORKS? Wine doesn't work well. It has never worked well. There are millions of people who will tell you that it works well. They are liars.
Re: (Score:2)
Actually, they aren't running natively. They are running in an API translation layer similar (but more compatible) to Wine. That layer just happens to come pre-installed in your OS.
I'll grant you it's more refined and works better, but it is still there.
as I said above:
Most people who use Wine know it exists and what it does.
Re: (Score:2)
Most, applications have issues, but mainline apps tend to work rather well. Lame as it seems to say so, the compatibility has skyrocketed in the last 6 months. 6 Months ago, I'd have agreed with you. There weren't many applications that worked well. Now, between what does work well, and what is freely available, Linux and FreeBSD offer access to pretty much whatever you need from Windows.
Re: (Score:2)
Re: (Score:2)
IE is tricky, but most MS apps that are tied to the core of the OS and undocumented APIs are.
Surprisingly, MS Word and Excel work pretty well. There are a few games, but to my knowledge, nothing particularly new.
Re: (Score:2)
No, it was called Linux very early on, somewhere around 0.9, by one person, in 1991 (not the 80s); and the number of developers involved is still quite short of "millions of guys".
What is now Linux started, possible as early as the lat 60s, but definitely by 1984 in the form of GNU. The Linux kernel didn't come on the scene until 1991.
Re: (Score:2)
OO.org is pretty cool. Some parts of it are definitely NOT as good, definitely ont better, than MS Office.
This is a subjective evaluation and very open do debate. Since the two products are not from an "identical" specification, it is impossible to evaluate how one is better than another based on a side by side comparison. We have to weight the features of one against another, factor in quality, and weight the feature sets. MS Office does have more features, but by and large, not features the 99% of the use
Re: (Score:2, Informative)
You can debate it all you like, but the simple fact that the free product has practically no marketshare compared to the product that costs 500 bucks a license is pretty fucking telling.
Firefox proves decisively that the superiour product will make strong gains even against an entrenched monopoly. That OO.org is still languishing in obscurity has more to do with it's flaws than some gigantic conspiracy of users who just can't think of anything better to do with their money.
Re: (Score:3, Informative)
That OO.org is still languishing in obscurity has more to do with it's flaws than some gigantic conspiracy of users who just can't think of anything better to do with their money.
What rock have YOU been under?
Gross market share moves slowly. Great change takes years or decades, and if you see change where the majority product becomes a minority in 10 years, that's very rapid change. There's every sign that this is, in fact, happening. It's by no means comprehensive, but it's pretty clear that OO.o is making
Re: (Score:2)
I first used OO.org in 2002, which is before Firefox even existed as anything other than Mozilla bloatware. Since then OOO has managed to pull what, single digit marketshare? And since then Firefox has topped 20%!
Open Office has HAD a fricking decade. To have to have a government mandate to drive adoption for a FREE product? You think that's a good thing?
Every new release of OO I load it up, play with it, then never use it again. It's not that I love MS Office, it's that there are other OSS products that do
Re: (Score:2)
The latest one that I've run into is the Base component. Which doesn't offer any simple way to import/export data from CSV, XLS, tab-delimited or other external data files. For some of those data file types, you have to go through the spreadsheet component of OO.org, which is extremely convoluted. The equivalent in MS-Access is pretty much "File, Import" or "
Re: (Score:2)
Now compare with Firefox. Although Microsoft has tried to make the internet an IE only thing, th
Re: (Score:2)
Export to PDF *is* a pretty good feature. Huge? Not so much. It's easy enough to print to PDF, do a postscript printer to file output and convert it to PDF, etc.
99% of the users will never care about most MS Office features? What was that about subjective evaluation? :)
What really has to be weighted is user usability/user usage efficiency, right? what is important in an "office productivity suite" is how productive a user can be with it. My own experience (no, I haven't done a double blind study of "n
Re: (Score:2)
Gah, I edited out part of my post... I originally had "(or those...other two)" in there.
What I was aiming for was that it'd take more than sendmail to get blackberry users happy.
Re: (Score:2)
But for those that see open source as a religion instead of a means to an end, they'll prefer to have no tool and just the moral high horse
It is easy to paint someone's position as "extreme" in order to make yours more reasonable. It is a isotope of ad-hominem.
The opposite is true, of course. We open source/free software people are very practical by nature. We see and understand that "better" software isn't just an arbitrary and subjective feature set comparison. It is quality. Flexibility. Durability.
Havin
Re: (Score:2)
I don't know how you can write that and be serious. OpenOffice is not a very well developed product, is not very flexible, and durability is in question because a lot of people end up throwing it out.
I'll give you a classic example which actually happened to me recently when I had way too many windows open on my Ubuntu setup. I opened my document with Openoffice, made some changes, hit save. Then went about doing other tasks. At that point I had probably 30 windows open so I couldn't see that I had left th
Re: (Score:2)
I don't know how you can write that and be serious. OpenOffice is not a very well developed product, is not very flexible, and durability is in question because a lot of people end up throwing it out.
Without any actual facts to back that up, I don't believe you because my experience is entirely different.
Another feature I really like about OOo is the ODF format. It is documented and I will always be able to use my documents.
Re: (Score:2, Interesting)
Re:Bandwagon (Score:5, Informative)
You're not looking at the actual history of Microsoft Windows, though. Windows was (and still is, to a large part) built off what was originally a single-user system that would exist ENTIRELY as a standalone unit that was never connected to any other computers.
No, it's not. Windows NT was designed from the start to be a multiuser, networked OS.
UNIX, on the other hand, started with that kind of functionality in mind.
Actually, no. The very first versions of UNIX were single user. The multiuser stuff was added later, which is probably why it still had (and still has, in most configurations today) the concept of a superuser, even when other OSes had moved on.
Re: (Score:2)
I still think their should be a super user. It should be the only shared account, and only shared between a small group of people in the org that are both willing and by need trust each other entirely anyway.
The other options generally don't make sense because:
* You never can have total separation of powers someone always has to have the ability to get access to someone else fife should something happen to that person. Continued..
*If multiple accounts exist that can grant themselves new privileges at will