Monday June 12, 2006 Malte about some of his work at Sun Microsystems, Inc.
| Malte Timmermann's Blog Malte about some of his work at Sun Microsystems, Inc. |
|
|
Monday June 12, 2006 Some information about "SB.Starbugs" You may have seen some news about an other virus for StarOffice and OpenOffice.org. I wasn't able to get the sample from Symantec, because such things are only given to AV vendors. But Peter Ferrie from Symantec confirmed that "SB.Starbugs doesn't bypass OOo security checks and OOo will ask the user if to enable macros for that document. There are no exploits, no security concerns." So SB.Starbugs does have some replication code, which might classify the macro as a virus, but OOo will not execute it without asking the user. Again, it's just a macro, see “Some words about 'Macro Security' in office applications” Posted by Malte Timmermann ( Jun 12 2006, 09:59:50 PM CEST ) Permalink Comments [1]
Thursday June 08, 2006 Some words about “Macro Security” in office applications StarOffice and OpenOffice.org have a macro engine for good reasons. You can create very useful solutions based on an office suite, or you can easily automate some tasks. Macros have full access to system resources! If a user runs a macro, he should be aware that it's the same like running any (downloaded) program. When loading a document, StarOffice and OpenOffice.org check if there are macros included. The user can choose between different security levels for macro execution in "Tools / Options / Security / Macro Security":
Trusted sources means that the macros are signed by certain people or that the documents are stored in certain locations. To completely disable document macros, simply set security level to "Very high" and don't configure any trusted source. My recommendation: Never run any macros if you are unsure whether it's safe. Posted by Malte Timmermann ( Jun 08 2006, 05:36:41 PM CEST ) Permalink Comments [0]
Tuesday June 06, 2006 Some information about "stardust" Currently there are a lot of news about "The first macro virus for StarOffice and OpenOffice.org". I got the "proof of concept virus" from some antivirus company and looked a little bit deeper into that.
It's a macro in a sxw file, I can't find anything interesting there.
Summary: It doesn't act as a virus in any version of StarOffice or OpenOffice.org. It's even not a valid proof-of-concept! Details: 1) It doesn't start! When the file is loaded, the user is asked if to enable macros from this document.
2) It doesn't do anything special When the user manually starts the macro, the only thing that happens is
that an image should be loaded into a new document, and some text is
written in the current document. 3) No self reproduction There is some sub routine called "InstallGlobalModule".
Conclusion: This is not a virus, even not a proof of concept. OpenOffice.org has a macro language with access to local resources.
Users shouldn't run macros from unknown sources, same like they shouldn't run any programs or other scripts from unknown sources. Posted by Malte Timmermann ( Jun 06 2006, 10:04:35 PM CEST ) Permalink Comments [1]
Malte starts blogging... I thought about starting to blog for some time now, but I never got it started. There was the time when all the discussions about OASIS OpenDocument Format and Accessibility arised. Now that all the news about a proof-of-concept virus for OpenOffice.org arise, I feel that I really should start now, because I am also responsible for StarOffice Security. So that's the beginning of Malte's Blog. I don't like to read long blog entries myself, so I promise I will try to keep my blog entries short... ;) Posted by Malte Timmermann ( Jun 06 2006, 06:09:38 PM CEST ) Permalink Comments [0]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
