Computerworld - Microsoft Corp. yesterday apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk. Microsoft also issued new tools to let users of Office 2003 SP3 unblock a host of barred file types.
In a posting to his own blog, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in attributing security problems to certain file formats, including the one used by CorelDraw.
"We stated that it was the file formats that were insecure, but this is actually not correct," LeBlanc said, referring to a description in a now-changed support document. "A file format isn't insecure -- it's the code that reads the format that's more or less secure. The parsers we use for these older formats aren't as robust as the code we've written more recently, which is part of our decision to disable them by default.
"Some of the formats blocked are from products built by companies other than Microsoft, and we apologize for implying that there were any problems in those companies' file formats," said LeBlanc. He did not specifically name Corel.
But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update. "We didn't know where the issue was coming from," Gerard Metrallier, Corel's director of product management, graphics, said yesterday.
LeBlanc also echoed the mea culpa made Friday by Reed Shaffner, product manager for Office, who acknowledged that Microsoft had done a poor job communicating the changes to users, and had failed customers when it posted daunting work-arounds that required manual editing of the Windows registry.
"We also recognize that we have not made any of this as usable as we'd like, and we apologize that this hasn't been as well documented or as easy as you need it to be," LeBlanc said. "We did not provide an easy way for end users to change this behavior so they could open these older files." To make amends, Microsoft has posted several files on its Web site that automate registry changes.
The revised support document lists four downloads that users can run to unblock Word, Excel, PowerPoint and Corel files. Other downloads are available that reverse the file-blocking.
Microsoft's rewritten Knowledge Base article also fingered the company's own code, not the file formats, as the security concern. "By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you," the revision read. That was a change from the earlier version, which had claimed: "By default, these file formats are blocked because they are less secure. They may pose a risk to you."
Free Insider Guide
Rising salaries boost IT optimism, though not everyone is feeling upbeat. Our survey of 4,000+ IT workers shows who's riding the wave and why. Use our interactive tool and compare your own paycheck. Read more...
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
