Microsoft: Word 2007 crashes aren't a bug, they're a feature
-
... if a power saw shuts down, you don't lose your wood.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistYes, it would be wonderful if Word didn't crash, but as one of the guys quoted in the article said, crashing is a lesser evil than allowing malicious code to run further. The powersaw did not go up in smoke, you could atleast use it to cut other pieces of wood.
Regards Senthil [MVP - Visual C#] _____________________________ My Blog | My Articles | My Flickr | WinMacro
-
It is better to crash rather than execute malicious code.
________________________________________________ Personal Blog [ITA] - Tech Blog [ENG] - My Photos ScrewTurn Wiki 2.0.3
And it is better to show a "The document could not be loaded" error than crash. We're not talking about offering the chance to load the document. We're talking about completely rejecting the malformed document and ensuring your other documents already loaded (and potentially unsaved) are OK.
cheers, Chris Maunder
CodeProject.com : C++ MVP
-
dan neely wrote:
I really don't see any other alternative
Don't open it and tell the user Word cannot open it. If absolutely neccesary then there can be a further button on the dialog that says "Detailed reason" for us geeks. Don't freaking crash. Come on Dan, don't defend this kind of poor application programming. It only encourages further obscenities on users.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
"file789-1.doc - Unspecified Overflow in word 2007 - Crash in wwlib.dll . Code execution is not trivial." - that's how the guy who discovered the problem described it here[^]. My guess is that he specifically manipulated the document file to attempt to exploit security issues in the document parser and get code (possibly malicious) to execute. And as the last paragraph of the article states
"The company said it will continue to investigate, in case earlier editions of the word processor, which don't include code that purposefully crashes the app, are found to vulnerable.
Microsoft explicitly wrote code to crash the app if it detected exploitation of a security issue (like overflow). I think it is a perfectly reasonable approach.
Regards Senthil [MVP - Visual C#] _____________________________ My Blog | My Articles | My Flickr | WinMacro
-
"file789-1.doc - Unspecified Overflow in word 2007 - Crash in wwlib.dll . Code execution is not trivial." - that's how the guy who discovered the problem described it here[^]. My guess is that he specifically manipulated the document file to attempt to exploit security issues in the document parser and get code (possibly malicious) to execute. And as the last paragraph of the article states
"The company said it will continue to investigate, in case earlier editions of the word processor, which don't include code that purposefully crashes the app, are found to vulnerable.
Microsoft explicitly wrote code to crash the app if it detected exploitation of a security issue (like overflow). I think it is a perfectly reasonable approach.
Regards Senthil [MVP - Visual C#] _____________________________ My Blog | My Articles | My Flickr | WinMacro
S. Senthil Kumar wrote:
I think it is a perfectly reasonable approach.
No, it isn't. I demand more from software. Keep making space for excuses and you'll keep getting excuses.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
-
Microsoft: Word 2007 crashes aren't a bug, they're a feature[^] Yes sir. I understand that Word crashed and you've lost all your work; but we protected you from harmful content sir, that could have, uh, deleted all ... your ... work. :doh:
:..::. Douglas H. Troy ::..
Bad Astronomy |VCF|wxWidgets|WTLDouglas Troy wrote:
aren't a bug, they're a feature
A feature to test Crash Analysis application or webservice?:laugh:
Vasudevan Deepak Kumar Personal Homepage Tech Gossips
-
But Dario, they are making an assumption that a malformed document contains some kind of malicious content; a malformed document being one, by their description, is a document that fails to load when "Word has run out of options to try and reliably display " the document. So, even if I have a document that, say, was on a bad CD, that now fails to read into Word ... this will cause Word to crash; and any unsaved work I have will be lost!?!? If you ask me, and I know you're not, but this sounds more like they've turned every potential 'bad' document into a malicious one instead. That's not a protection scheme I would subscribe to ... Just a thought.
:..::. Douglas H. Troy ::..
Bad Astronomy |VCF|wxWidgets|WTLIf you are opening the document how could you have made changes to the document before it opened?
Matt Newman
-
But Dario, they are making an assumption that a malformed document contains some kind of malicious content; a malformed document being one, by their description, is a document that fails to load when "Word has run out of options to try and reliably display " the document. So, even if I have a document that, say, was on a bad CD, that now fails to read into Word ... this will cause Word to crash; and any unsaved work I have will be lost!?!? If you ask me, and I know you're not, but this sounds more like they've turned every potential 'bad' document into a malicious one instead. That's not a protection scheme I would subscribe to ... Just a thought.
:..::. Douglas H. Troy ::..
Bad Astronomy |VCF|wxWidgets|WTLIf you are opening the file, how can that instance of word crashing affect unsaved work. By definition if you are opening the file your work has already been saved (and malformed).
Matt Newman
-
If you are opening the file, how can that instance of word crashing affect unsaved work. By definition if you are opening the file your work has already been saved (and malformed).
Matt Newman
You can have multiple files open, no?
This statement was never false.
-
Yes, it would be wonderful if Word didn't crash, but as one of the guys quoted in the article said, crashing is a lesser evil than allowing malicious code to run further. The powersaw did not go up in smoke, you could atleast use it to cut other pieces of wood.
Regards Senthil [MVP - Visual C#] _____________________________ My Blog | My Articles | My Flickr | WinMacro
I just wanted to point out that our analogy is as flawed as the original (soory for spelling errors - I'm ethanolizeerated)
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighist -
I didn't say it was an analogy. I said it was material for his new career in pedantic comedy, which you seem to be heading for as well. :P We could modify the material to say "blade hit a knot of wood and flew off" but seriously, the original point is that anybody trying to excuse a company for this kind of response to a flaw in their product is NUTS. BTW most power saws now have an instant-off feature. If something goes wrong they stop. The blade doesn't fly off, it doesn't ruin the block of wood and it doesn't cut peoples arms off.
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
I think the answer that microsoft gave is BS, but with all due respect isn't
Paul Watson wrote:
BTW most power saws now have an instant-off feature. If something goes wrong they stop.
the same thing in a way?The App is stopping, albeit in a drastic manner. I think that if they want to be secure they would just refuse to open the malformed document. Crashing an pp by design is both stupid, and lazy.