Microsoft + Word = problems
Fresh on the heels of the MySpace + QuickTime problem comes a Microsoft + Word problem. Many people know about macro viruses in Microsoft Word (and Excel), which can travel between Windows and the Mac (see the book chapter on viruses for details). But Microsoft has just announced that there’s a flaw in Word, for both Mac and Windows, that could allow a malicously-crafted Word document to execute arbitrary code on the Mac or Windows machine. And of course once it can do that, it can, in theory, take over the machine, and do bad things including sending itself out, for instance as an email attachment, to other unsuspecting users.
Microsoft doesn’t have a fix for the flaw in Word at this point. It pretty much just recommends not opening Word documents. The only good news, from a Mac perspective, is that the maliciously-crafted document will probably “only” crash Word on the Mac, but not take over the machine, since the take-over code will probably be Windows-specific. But maybe not, especially on Intel Macs, where writing Mac-takeover code has gotten at least a slight bit easier due to the CPU being the same as the one Windows uses. Mac-takeover code is still pretty darn difficult however, and the Mac still remains the smaller, less-well-understood, harder-to-break-into base.
On the other hand, Apple has set itself up for an eventual attack by touting its better security through various “I’m a Mac, I’m a PC” ads. It would be sadly ironic if the first such attack came courtesy of Microsoft.
Wednesday, December 6, 2006