[duxuser] Re: MSWORD .doc files are a security risk

• From: Bruce Maguire <bruceonline@xxxxxxxxxxxxxx>
• To: duxuser@xxxxxxxxxxxxx
• Date: Sat, 01 Feb 2003 08:26:58 +1100

Hi Catherine and others

The problem with articles like the one you mention is that, while they
may contain accurate information, they don't provide an assessment of
the risk in relative terms. Every time you connect to the Internet,
there is a risk that a hacker somewhere will take control of your
computer and delete all the files on your hard drive. Does that mean
that we should all stop using the Internet? Viruses can be spread
through Word files, but these days, the most troublesome viruses are
spread using non-Word files attached to email messages. Microsoft
Outlook and Outlook Express are especially prone to this kind of
virus, and so if you want to follow the logic of this article, you
should not use these programs (I don't, actually). Last year,
Microsoft issued 72 security alert bulletins, but that hasn't stopped
people from using Microsoft products.

I think it's reasonable to say that millions of Word files are
transferred every day, and there is probably a very small percentage
of those files that contain viruses. EVERYONE these days should have
an up-to-date virus checking program such as Norton Anti-virus or
PC-Cillin running on their computer.

It is true that non-text information is contained in Word files, but
the user does have some control over what information is stored (via
the User Information tab in the Options menu). Saving a Word file as
plain text will remove all font information such as italics and bold,
and may also lose a lot of formatting information as well. I have
found that Rich Text Format (RTF) has a number of compatibility
problems, and that it is by no means as universal as Microsoft would
have us believe. In any case, does it really matter that much if
someone can find out how many times a document was saved? I for one
don't have time to go looking for that kind of information when I get
a file via email, and unless you are working in a high-security
environment where privacy is critical, I doubt that any of the
information about a document's properties would be of much interest to
anyone.

Clearly, it is up to individual organisations and users as to what
policy they have in relation to the sending and receiving of Word
files (or any other type of file, for that matter), but I think that
basic precautions such as having anti-virus software, and not opening
files unless you know who sent them, are sufficient in the vast
majority of cases. For me both as a user and a braille producer, the
benefits of being able to send Word files far outweigh the risks.

Cheers
Bruce
 On Fri, 31 Jan 2003 15:53:52 -0500 (EST), you wrote:

>Hi, Listers,
>This is not as off-topic as it sounds. In my search for a program to open
>MSWORD files without using MSWORD itself, I found an article which was
>absolutely frightening. It encouraged people not to email .doc files
>because, when these files are opened by the recipient, they contain a lot
>more than the original user ever meant to send.
>Do you remember my mentioning the junk pages I got when I convert MSWORD
>to ascii text? This article points out that if you lok closely, you will
>see everything about a document's creation including who created it, where
>it is stored on the computer, how many times it was recovered and saved,
>very precise computer address info, shall I go on?
>It also mentions that the transfer of .doc files can result in viruses
>without doing anything else--not ot mention anyone who would want to
>give viruses. The
>recommendation is that no .doc files be sent as
>attachments via email.
>Instead, these files should be saved while still in word as either rich
>text or plain text. The articles says that saving in this way deletes the
>specific document creation information without damaging much of a
>document's attributes or losing any of the content.
>I intend to write to those of my customers who have recently sent me
>things in MSWORd and point out this danger. I hope some of you will do the
>same.
>
>Catherine
>
>------------------------------------------------------------------------------
>-Catherine Thomas
>braille@xxxxxxxxx                     /
>
>-------------------------------------------------------------------------------
>* * *
>* This message is via list duxuser at freelists.org.
>* To unsubscribe, send a blank message with
>*   unsubscribe
>* as the subject to <duxuser-request@xxxxxxxxxxxxx>. You may also
>* subscribe, unsubscribe, and set vacation mode and other subscription
>* options by visiting //www.freelists.org.  The list archive
>* is also located there.
>* Duxbury Systems' web site is http://www.duxburysystems.com
>* * *

* * *
* This message is via list duxuser at freelists.org.
* To unsubscribe, send a blank message with
*   unsubscribe
* as the subject to <duxuser-request@xxxxxxxxxxxxx>. You may also
* subscribe, unsubscribe, and set vacation mode and other subscription
* options by visiting //www.freelists.org.  The list archive
* is also located there.
* Duxbury Systems' web site is http://www.duxburysystems.com
* * *

• Follow-Ups:
  • [duxuser] Re: MSWORD .doc files are a security risk
    • From: Steve Dresser

• References:
  • [duxuser] DBT and WordPerfect
    • From: Terri Pannett
  • [duxuser] MSWORD .doc files are a security risk
    • From: Catherine Thomas

Other related posts:

• » [duxuser] MSWORD .doc files are a security risk
• » [duxuser] Re: MSWORD .doc files are a security risk
• » [duxuser] Re: MSWORD .doc files are a security risk
• » [duxuser] Re: MSWORD .doc files are a security risk
• » [duxuser] Re: MSWORD .doc files are a security risk
• » [duxuser] Re: MSWORD .doc files are a security risk

1. Home
2. duxuser
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---