Security dilemma

Office 2003 SP3 is heavily focused on security patches. Thats great, no-one wants to get pwned opening an office doc, but heres a thing:

The bad guys now have a list of loads of attack targets in non patched versions of Office. That will probably represent the majority of the market for a long time. (think 97 – 2002 ~ 50-60%?).

Service pack analysis is a standard security vulnerability discovery technique, and a simple way to find vulns in non current versions.

This is a catch 22 for Microsoft, if they don’t tell us enough info they’ll get a kicking, if they tell us enough so we can make an informed decision the bad guys get a bunch of targets for free. (And MS still get a kicking!)

I think SP2 had a lot of security stuff in it too, so at this stage I think my advice is to use 2003 if at all possible. Especially for any connected machines. I don’t think I would ever recommend 2007 as its new (with bugs) and the UI is rubbish. I am assuming much of this patch is either already in 2k7, or in SP1 which is currently in beta.

Would you see this a potential lever to encourage enterprises to migrate off 97/2k/2k2? I assume those are all completely unsupported by MS now? Or are people really not that bothered about security?




Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: