RSSCorel refutes Microsoft's file format 'insecurity' claims
By Jacqueline Emigh | Published January 4, 2008, 10:04 PM
Are Corel's file formats 'less secure' than those in Microsoft Office 2003 and 2007, as Microsoft told customers in a highly controversial support bulletin? Definitely not, according to Corel officials.
Corel officials today hotly refuted claims by Microsoft that older file formats for CorelDRAW and its Quattro spreadsheet software ever posed security risks when opened within Microsoft Office. But they stopped short of contending that Microsoft is intentionally vilifying either CorelDRAW, an illustration package which Corel sees as complementary to Office, or Quattro, a spreadsheet that's the counterpart of Excel in Corel's WordPerfect Office X3.
Microsoft publicly raised issues about security implications surrounding older file formats from Corel as well as IBM's Lotus arm and Microsoft's own Office suite in a technical support bulletin that first went online in December.
In that article, Microsoft tells customers that, by default, the Service Pack 3 update to Office 2003, released by Microsoft in September, blocks older file formats from CorelDRAW and Quattro, Lotus Notes, and Microsoft's own Excel, Word, and PowerPoint packages, since these formats are "less secure" than the formats in Office 2003 and 2007.
"They may pose a risk to you," Microsoft cautioned users.
The Microsoft KnowledgeBase article also provided some cumbersome and potentially dangerous workarounds -- involving changes to registry settings -- for making it possible to open older CorelDRAW, WordPerfect Office, and Microsoft Office files in Office 2003 once SP3 has been installed.
But in an interview today, Gerard Metrallier, Corel's director of product management for graphics, denied that Draw's file formats present any security problems whatsoever, instead suggesting that any issues that might conceivably crop up are probably related to import filters in the older editions of Microsoft Office products.
"We've been looking at all of this up and down," Metrallier told BetaNews. Corel, he said, has never received any security complaints from CorelDRAW customers.
Further, in thoroughly perusing online security databases such as US-CERT and FrSIRT, Corel has come across "no known issues" for CorelDRAW.
But, he added, Corel is in "active discussions" with Microsoft to try to resolve what he perceives as "miscommunications."
"We've been making sure that there are no [security] concerns, and Microsoft is in the process of revising its KnowledgeBase article," according to Metrallier.
Greg Wood, Corel's communications manager for office productivity, told BetaNews he is convinced that Corel's Quattro spreadsheet has never presented any "significant" security risks.
But, he noted, even before Microsoft's support bulletin came to light, Corel had already become concerned that Microsoft's Office 2007 files can't be opened in current editions of either Quattro, WordPerfect, or Corel's Present presentation package.
Consequently, Corel is now in beta with a solution for opening Office 2007 files within WordPerfect Office.
For some reason, Microsoft's bulletin spared Corel's competing WordPerfect word processor and Present presentation graphics packages from any suggestions of file format "insecurity."
Microsoft also failed to offer any registry workarounds for either Notes or Quattro, even though file formats for these particular products were indeed imputed as "less secure" than those of Office 2003 and 2007.
Metrallier told BetaNews today, however, that neither the SP3 update nor use of the workarounds in Microsoft's bulletin have any effect on CorelDRAW files, maintaining that they'll open up in Office 2003 whether or not the SP3 update is installed or Microsoft's CorelDRAW workaround is put into effect.
In any case, he emphasized, most CorelDRAW users who also use Microsoft Office export their CorelDRAW files to Office, as opposed to importing CorelDRAW files from Office -- so that Microsoft's own filters have rarely even come into play with CorelDRAW's.
Microsoft calling the format/product of another company insecure?
pot.....meet kettle.
Score: 0
|"Microsoft may pose a risk to you"
Now there's a correct and true statement. Happy?
Score: 0
|OK, seriously, who the hell cares about these older formats that isn't just whining for the sake of whining against Microsoft? When any other company-- I'm looking your way, Apple-- drops backwards compatibility it's cheered and applauded as being innovative and with the times.
If you have older formats that you're ACTIVELY using, get with the times and convert them. Plain and simple. pforbes, if you like WordPerfect, then friggen use WordPerfect.
If you have older formats that you're archiving for posterity, fine, I get it, but archive an appropriate program to go with them. Better yet, convert them to PDF... there are even PDF programs that let you do batch operations so you don't have to do it by hand. If they're for posterity only, they're not gonna be modified, so PDF would work great.
OK, I'm done with logic and making sense, so now back to your regularly scheduled whining...
Score: 0
|Sorry, I don't want to whine, but simply enjoy the pleasure of contributing to this excellent and qualified forum expressing a personal point of view. I appreciate Microsoft, they are great and without their work none of us would be here, even when I think that some of their facts are not right and make use of my freedom of expression to comment them, being one of its oldest customers. Nevertheless I assume I may be wrong. I only, simply and freely say what I think. But as it is said, four eyes see more than two. You are welcome for expressing your point of view, no matter if you think different.
Score: 0
|Sadly you use neither logic nor making sense. What you fail to understand is there are thousands of companies that MUST keep these files in their original formats per their clients request and internal processes. Law firms that work with engineers, engineers that work with architects, architects that work with city planners is just the first I can think of that comes to mind in my own circle of knowledge, and I KNOW that we must be able to at least view these older file formats upon occasion. MUST. So try and extract your little world view a tad beyond the last 2 years. The rest of us have work to do. And no converting to PDF for these formats doesn't begin to cut it, nor does "upconverting."
Score: 0
|I still and everyday keep using Wordperfect and .wpd files for my own needs. They are practically close to aliens. IMHO in many aspects Wordperfect is better than Word. What does Microsoft mean when they use the word "security"? My .wpd files are today much more secure than the .doc ones. IMO for Microsoft "security" means "bussiness exclusion and hardware sales increase".
Score: 0
|Wasn’t Corel one of the companies at the forefront of supporting MS-OOXML back in 2006? So much for supporting the failed MS-OOXML format gets you these days.
Ah yes, but that’s the way Microsoft works. You do for them, and then they screw you anyway. Microsoft is not about making technology better, it’s about fricking up the other guy.
But alas, here’s a solution! Within any program you have, delete all of Microsoft’s format profiles. That’s right, delete them. Still using .doc? Start saving to ODF and switch to ODF permanently. Already using Microsoft’s failed MS-OOXML format? Dump it and switch. Given enough time and files, there won’t be any Microsoft formats in use, and thus no need to support them anymore. Gotta start somewhere, even if the Microsofties scream like repubs!
Score: 0
|"The Microsoft Knowledgebase article also provided some cumbersome and potentially dangerous workarounds."
LOL nice try at maligning MS, Betanews.
Score: 0
|Uh, editing the registry IS cumbersome and potentially dangerous if you don't know what you're doing.
LOL nice try at maligning Betanews, sumone.
Score: 0
|Microsoft came out today and said that it's not the file format that in insecure it's the code in Office that is used to open those old files.
Microsoft basically said this stuff in insecure and why bother fixing it because these file formats are so old.
Score: 0
|And people wonder why I keep Open office on my machines.
Score: 0
|Because it is my data, and i will do with it as i damn well please. Why should i be forced to pay the M$ upgrade tax to keep access to my data?
Score: 0
|Uh...you don't have to....just don't download SP3. I mean...is MS at your house with a gun to your head saying "Download SP3 or else"? I Didn't think so.
Oh and look, that's interesting, you replaced the "S" in MS with a "$"...how creative and original! It'a almost like you're implying Sony isn't in business to make money or something.
Score: 0
|Holy crap, dude... you PAID for Service Pack 3? Damn, you got ripped off... maybe you shouldn't shop at CompUSA.
Score: 0
|as usual, your point makes zero sense. Where did i say i paid for SP3?
Score: 0
|Yeah, don't download SP3 and watch your machine get owned by all the script kiddies who target the vulnerabilities which SP3 fixes.
Yeah, that is a smart move.
Score: 0
|So you have files that you actually use that were made in a format that was retired over a decade ago. Just do what I do. Keep the old version. If you need any of those files fire up an older version and save the file format up. No one is forcing you to pay Microsoft anything.
Score: 0
|