Yesterday the news of a supposed StarBasic (the scripting macro language inside OpenOffice.org and StarOffice) broke, with the press trumpeting the news that a virus had been discovered that put OpenOffice.org users at risk. The ArsTechnica article (an example of the slightly alarmist press coverage) concluded that OpenOffice was as vulnerable as any other Office suite. The OpenOffice.org team released a statement that firmly assigns this situation to the oddity/curiosity/publicity stunt category.

Several customers have asked me if this is indeed an issue, and while we at Novell take security very seriously, this seems to be simply an attempt at gaining some notoriety, rather than an actual threat to OpenOffice.org users. In fact the authors of the supposed virus actually didn’t let the OpenOffice.org team know about it until after they send the virus code to the Sophos.com security team, a move considered extremely rude in security circles, the defending team needs to be told first in order to react properly and in a timely manner.

The Sophos.com team has commented on this situation in some detail, and the Director of SophosLabs puts all this into perspective by making light of the virus developer’s skills, the motivations behind the virus and puts in doubt that all of this is in good taste.

You can be certain that we are watching this situation, and as the 2nd most active contributor to OpenOffice.org next to Sun, we have engineers who understand the situation and any necessary actions will be pursued with alacrity.

If you have further questions about this, either leave a comment or email one of us, we’re listed on the contact page, or just click on my name below.

RossB

Advertisements