Wednesday, June 07, 2006

the stardust dustup

i've been seeing a number of posts like this lately, talking about how the new staroffice/openoffice macro virus is just hype...

statements like this are really telling:
In a statement prominently displayed on the OpenOffice.org home page, the group also disputes applying the label “virus” to Stardust, the proof-of-concept exploit discovered last week by Kaspersky Labs.
you see, stardust is an intended virus as mentioned by both mcafee and kaspersky... unfortunately, kaspersky labs didn't mention it was broken in their first blog post on it, only in the actual encyclopedia description which the media (mainstream and blogosphere alike) didn't bother to read and/or understand, thus necessitating the second blog post to clarify the issue...

there's lots of talk about how kaspersky labs is misleading the public and hyping up a non-existent threat... about how nothing in stardust is really new and how it's not really a vulnerability but rather a misuse of legitimate functionality... well, here's the thing:
  1. while it's true kasperky labs could have made a more informative blog post the first time 'round, the place where they said further details would be clearly stated the virus was broken...
  2. what's new here is that someone is trying to write viruses for the staroffice/openoffice platform and they may eventually succeed or someone else may fix the bugs in the current attempts and thereby succeed in making a virus for that platform... stardust is the first attempt, and the fact that someone is making that attempt is new and newsworthy... there might not be an actual virus yet, but one (or more) is coming...
  3. of course it's just a misuse of legitimate functionality - that's true for viruses in general... they aren't made possible only because of security defects, they're inherent to the general purpose computing platform and if you're going to provide a reasonably powerful macro programming facility in your office suite you're going to invariably wind up supporting macro viruses...

0 comments: