“Microsoft Corp. deliberately broke access to older files, including many generated by its own products, to step up security with the newest Office 2003 service pack, a company evangelist said yesterday…”
Microsoft has said it designed “Office 2003 Service Pack 3,” blocks most pre-Windows 98 Word documents as well as many Office 97 files and some data from CorelDraw .CDR files, as well as some other formats, because they are vulnerable to hackers.
The months-old Service Pack 3 (SP3) for Office 2003, said Viral Tarpara, a U.K.-based IT evangelist for Microsoft, blocks old file formats for security purposes. “Some older file formats, including some from Microsoft, are insecure and do not satisfy new attack vectors that hackers can use to execute malicious code,” maintained Tarpara. “The decision to block the formats is strictly to protect your machine from being compromised.”
Office 2003 Service Pack 3, which was made available in September, came about for security reasons, blocks a lengthy list of word-processing file formats, including Word 6.0 and Word 97 for Windows, and Word 2004 for Macintosh. It also blocks older versions of Excel, PowerPoint, Lotus Notes, Corel Quattro spreadsheet, and Corel Draw graphics package.
“After you install Office 2003 SP3, some Excel 2003, PowerPoint 2003, Word 2003, and CorelDraw (.cdr) file formats are blocked,” said the company in an advisory at: (http://support.microsoft.com/kb/938810).
“By default, these file formats are blocked because they are less secure. They may pose a risk to you.”
“However, users argue that they could make companies’ archived files difficult, or impossible, to access in the future.”
“Because these are, after all, old file formats… many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives, said user time961’s on tech gadfly site Slashdot.”
Although the update shipped months ago, Microsoft has been feeling some recent heat over its decision to block all access to a slew of older file formats in its Service Pack 3 (SP3) for Office 2003.
On releasing the service pack, Microsoft said one of its main benefits was that it would make it easier to interoperate with Microsoft’s latest operating system, Vista, and its latest productivity suite, Office 2007. The older file formats that are now blocked are in decreasing day-to-day use, but the blocking of them will make retrieval of archived material more difficult.
Those questions continued into December. A user identified as “dberwanger” complained that he called Microsoft’s support desk, but was told it would cost $250 to “fix a problem with SP3 that they created. Finally completely uninstalled Word 2003 and reinstalled (because you cannot just uninstall SP3) and the problem is fixed.”
Microsoft sought to quell concern about the problem in December, when it published a knowledge base (KB) article outlining how to adjust the software’s settings so that Office 2003 can access and save documents in the blocked formats.
IT administrators can download a group policies template from the Microsoft site to return formats from the dead, but individual users or smaller shops must instead edit the Windows registry, a daunting task that even Microsoft warns against. “Serious problems might occur if you modify the registry incorrectly,” the company said in the support document. “Modify the registry at your own risk.”
But critics like time961 charge that does not apply to the ostensibly clean, internally created files archived by companies — and Microsoft does not provide a simple way to enable access to those documents.
The work-around was branded by one critic on tech Web site Slashdot as “mind-bogglingly complex.”
Other users responded negatively to the change. A system administrator at a U.K. university, who asked not to be named, called it “a money-making exercise,” adding that it would cause a problem to the central IT resource not to have access to some older file formats but that the effect would be greater on other less “progressive” departments within the university.
In a posting to a company blog yesterday, Tarpara recommended that rather than monkey with the registry, users convert documents in bulk to the OpenXML format — Office 2007’s default format — using the tools in the Office Migration Planning Manager (OMPM) kit, which can be downloaded from Microsoft’s site. “OMPM is great because it does not overwrite the original files at all, it simply makes a copy of the file in the new file format so there is no risk,” said Tarpara.
Microsoft admittedly remains a little gun shy when it comes to security, given years of pounding complaints from customers about software vulnerabilities.
Therefore, recent years have seen Microsoft favoring improved security over ease of access when a choice needs to be made. That is essentially what drove this latest change, according to company representatives.
“As technology continues to advance, the more dated technology brings serious downsides from a performance/reliability and security standpoint,” a Microsoft spokesperson said in a statement.
Microsoft has touted Office 2007 and its OpenXML file format as more secure for months. And in May, the company unveiled “Microsoft Office Isolated Conversion Environment,” a tool for Office 2003 users that does a double file conversion on the fly to sanitize older formats by temporarily transforming them into OpenXML.
Ironically, the SP3 changes are the latest move in Microsoft’s response to users’ demands that it make their PCs and files more secure. Over the years, the company has blocked many potential avenues of attack on its products by implementing filters to stop break-in attempts.