Word 97 Users Abandoned by Microsoft?
September 13, 2002 1:08 PM   Subscribe

Word 97 Users Abandoned by Microsoft? "Microsoft's flagship word processor has for years had a security flaw that could allow a criminal to steal computer files by "bugging" a document with a hidden code." Microsoft will fix the problem for newer versions of Word, but those of us who use Word 97 are more or less out of luck. As it turns out, the Microsoft Corporation page doesn't seem to have any easily accessible information on this issue.
posted by Joey Michaels (40 comments total)
 
Word 97 was about two Windows versions ago. No company has to support their product after that long of a product cycle. Are they still trying to fix holes in Windows 3.1 or 95? Should they?
posted by mkelley at 1:13 PM on September 13, 2002


"They bought the package with full faith in Microsoft and its ability to protect them from this kind of exploit."

It's ability? Riiiight.
posted by fredosan at 1:20 PM on September 13, 2002


Our school uses Word 97. Updating to a more recent version of Word would cost us a whole lot of money that we don't have. Telling us "there is a hole in the security for Word 97, but we're not going to fix it - get a more recent version if you want to be safe" is borderline infuriating.

In other words, "abandon something that works fine for you and spend lots of money on our newer version or your files will be at risk."

So, to answer your question, yes they should support their product even that long after a product cycle.
posted by Joey Michaels at 1:21 PM on September 13, 2002


Our school uses Word 97. Updating to a more recent version of Word would cost us a whole lot of money that we don't have.

AbiWord, the open source, free software that reads and writes Word doc files is....(drumroll....) free!
posted by mathowie at 1:27 PM on September 13, 2002


Does AbiWord offer full support for versioning?

I do work for a company that continues to require Word 6.0/95 file format, so I've stuck with Word 97 for years. Microsoft is doing a real disservice to its customers by refusing to update five-year-old products. It's another example of how the software industry gets away with murder when it comes to customer support.
posted by rcade at 1:28 PM on September 13, 2002


Ooooo. Passing that link on to our tech department. Nice. Thank you, fearless leader.
posted by Joey Michaels at 1:28 PM on September 13, 2002


Obligatory mention of free alternative OpenOffice.org. Though I don't image it'll run well on a Pentium 166/32MB, on which I used to run Word 97.
posted by skryche at 1:30 PM on September 13, 2002


There's also Openoffice if you want to save a few bucks but still have a very nice, cross-platform, improving, and supported product.
posted by Lafe at 1:31 PM on September 13, 2002


I'm sure you think they do, but that makes no business sense whatsoever and I'd find it hard to believe that any software company would continue to actively fix and support a product that's six years old - particularly when there have been multiple upgrade opportunities since then. Sure, it's going to cost a lot to upgrade now, but you did nothing to protect your investment in Word when you had the chance to do so, so you're going to blame Microsoft for your decisions? I'm all too aware of how evil they are, but last time I checked billg@microsoft.com couldn't actually reach into your brain circuitry and force you to upgrade or not...
posted by JollyWanker at 1:32 PM on September 13, 2002


Now if this was to popup in 1999 or 1998, I would expect a security update. But why do you expect updates for archaic software? Sure I use old machines and old software but I realize that it's old and doesn't have the features that the newer version does. I realize that. But if I want those features, like it or not, then I will have to pay for that update...or in the case of software switch to open source, like what skryche mentioned OpenOffice or my favorite AbiWord.
posted by mkelley at 1:33 PM on September 13, 2002


I haven't touched MS Office for two years. Not since I found 602 PC Suite.
posted by brownpau at 1:40 PM on September 13, 2002


I'm not asking them to give me new features. I would fully expect to pay for those. I'm asking them to fix a bug in a program we purchased from them that allows people to steal files. Are you implying that the fix they are providing to more recent versions of Word is a feature?
posted by Joey Michaels at 1:43 PM on September 13, 2002


rcade - Abiword will support external version management tools if you use its native format. I run it under Linux and use RCS to manage my versions--included embedded graphics. But in general, if you are going to get into a "does it have these 120 features and scratch my butt" thing, then no, Abiword isn't right for you. It's small and simple and lacks all the bells and whistles of typical bloatware. I posted a review of it a few months back.
posted by chipr at 1:44 PM on September 13, 2002


"why do you expect updates for archaic software?"

Because it's still being used by 32% of surveyed users?

Look, I understand that MS wants us to upgrade every time they change the arrangement of the toolbar, but if a third of the people who use MS Office are still working with Word '97, I'd say they have an obligation to patch a security flaw like this one, especially since it was their fault in the first place.

If my six-year-old minivan was suddenly found to have a defective computer chip that caused it to exceed allowable emissions standards, Ford would have to recall it even though it's two product cycles out of date, because there are still hundreds of thousands of them out there being used.
posted by mr_crash_davis at 1:45 PM on September 13, 2002


Each time a company produces a new version update, it is really a massive bug fix on top of additional features. So yes, the protection from future bugs is a feature.
posted by mkelley at 1:49 PM on September 13, 2002


Ah, hence the fun of liscensing a product rather than purchasing it.
posted by pjgulliver at 2:01 PM on September 13, 2002


rcade, beyond the basics of Word's features, I only use versioning and comments for book related doc files. Other than that, I could use notepad or HTML to write business letters.

Some people say that 90% of Word users don't use any of the features beyond the basics, and would be covered well by any one of these open source office clones.
posted by mathowie at 2:03 PM on September 13, 2002


"If my six year old minivan ......."

If Mac System 7 (or Windows 95, Office 95, or Mac OS8) had the same bug would Apple be required to make the changes? No, they're out of date.

In the auto world they would compair to a 1985 mini-van, does Ford still recall autos this old?
posted by mkelley at 2:05 PM on September 13, 2002


Let's pretend this a car we are talking about, say a Mercedes. Do you expect Mercedes to install new locks found on their 2003 models, the ones that can only be opened by special laser cut keys, on your old early '90s Benz just because lock picks have now learnt how to open the type of lock on your car?

Your options are to either invest in a new security system or get a new car or just make do with what you have.
posted by riffola at 2:09 PM on September 13, 2002


I agree. I use SimpleText to do most of my word processing and do my spellcheck in Outlook before I send my letters out. I don't need the features so I don't use them. I don't want to pay for that either. SimpleText=$0 Word=$$$
posted by mkelley at 2:11 PM on September 13, 2002


Sure, it's going to cost a lot to upgrade now, but you did nothing to protect your investment in Word when you had the chance to do so. . .

It amazes me that people have so fully bought into the 'must upgrade at every opportunity' mind-set. If the software already does what I want of it, what use is an upgrade? If I have licensed software that is unable to perform the tasks its producer claims it can do, then why should I have to pay for the opportunity to have that fixed?

The planned obsolescence of the software industry reminds me of the domestic US auto industry of the early 70's. There is no reason to have to shell out hundreds of dollars per machine every two years in order to do word processing.

That being said, OpenOffice.org!
posted by Fezboy! at 2:17 PM on September 13, 2002


From a software-programming prospective, this is hardly news. Of course Microsoft is abandoning a 6 year old piece of software. No intelligent software company in the world would support a piece of software, with 2 upgrades on the market, for that amount of time.

It's a sad fact that yes, you're paying for bugs when you buy software. I-forget-whos law states that the more complex the software, the higher the degree of communication and dependance between different sub-routines in the software, the higher the number of potential errors (or bugs). I think the CS metric term for it is "Cycloclomatic Complexity", but don't quote me on that.

And in reality, it seems as if this problem can largely be prevented by not being an idiot. Don't open word attachments in emails from people you don't know. Don't execute marco code (which is what I believe is cryptically described as "bugged code") from people you don't know. If you usually don't work with marco'ed documents, turn on the option in word that allows you to see if there's any hidden vb code inside your documents.
posted by SweetJesus at 2:24 PM on September 13, 2002


"why do you expect updates for archaic software?"

If it were archaic, no one would be using it and it wouldn't be an issue at all. Clearly plenty of people are using it and are impacted by an error thats been there all along. If it were an incompatibility with XP or win2k, the problem would be with an after the fact incompatibility that no one could expect MS to foresee or warrant.

What would it cost MS to issue a patch? Relatively little (relative to the 50 billion in cash they have in the bank). Who would it help? Lots of people who are using their products.

If they say tough luck, they are:

  • being greedy
  • being petty
  • obviously trying to exploit their own mistake that they should have caught in the first place rather than stand behind their product

    As a user of Word97, there is no reason for me to upgrade, it does everything I need it to. And if they exploit their bugs this way, well, I find myself less motivated to upgrade since they will only pull this stunt again. Matter of fact, if allowed to get away with this, is there any reason for them not to purposely do this next time.*

    *In fact that is exactly what they have said they want. WinXP SP1, just released, has a change in the Eula that says they can remotely inactivate software they feel is unlicensed or or just plain old. Is the software biz getting creepy enuf for you yet?

  • posted by Fupped Duck at 2:33 PM on September 13, 2002


    It's a sad fact that yes, you're paying for bugs when you buy software. I-forget-whos law states that the more complex the software, the higher the degree of communication and dependance between different sub-routines in the software, the higher the number of potential errors (or bugs).

    the complexity of programs which we create in this day and age have increased quite a bit, but the languages which we program in have not evolved to match.

    i don't know the name of the law either, but i am familiar with the theory (in the worst case, and very pessimistically so, for N statements in a program there are N! - 1 (that is N factorial) possible ways for it to fuck up).
    posted by moz at 2:44 PM on September 13, 2002


    But in general, if you are going to get into a "does it have these 120 features and scratch my butt" thing, then no, Abiword isn't right for you.

    I don't care about most of the features. But when all of the editors I deal with use Word and Word versioning, and show no signs of moving beyond Word 6.0/95, I'm stuck with it until an open source editor replicates the feature.
    posted by rcade at 2:45 PM on September 13, 2002


    If it were archaic, no one would be using it and it wouldn't be an issue at all.

    People still use Windows 3.1, but I'm sure most people consider it pretty archaic. It's not an issue of greed, but an issue of resources, and the ability to deploy resources intelligently.

    Software programming techniques change all the time, especially with the Microsoft Software Engineering Framework - the basic idea of which is that programmers can do whatever the fuck they want inside a bit of code, as long as it produces the expected result. It's a good framework for creating software, but it's hell for upkeep.

    In order to fix this problem quickly, a problem which will effect a small percentage of word 97 users, they'll need to find, re-assign (or hire), and task a group of engineers who are familiar (after 6 years) with the hundreds of thousands (probably millions) of lines of code in Word that were written by other people. This is never going to happen, ever.

    If you're not a computer programmer, you probably have no idea how hard it is to read someone else's code if it's not maintained well, never mind find bugs and fix them. It's even harder when the code is 6 years old, and you're an intern fresh out of college (just about the only person Microsoft, or most software companies would hire to fix a bug of this level of importance on a 6 year old software product.)
    posted by SweetJesus at 2:57 PM on September 13, 2002


    If I understand the "bug" correctly, to exploit it someone would have to know the file and path name of the file he wants to steal from your computer and get you to open, re-save and return a Word document to him. Doesn't this scenario seem wildly unlikely?
    posted by timeistight at 3:23 PM on September 13, 2002


    timeistight: certain files (Outlook e-mail archives) are in predictable locations. An exploiter wouldn't be able to grab documents from your HD willy-nilly, but there are some important files that are vulnerable.
    posted by hilker at 3:48 PM on September 13, 2002


    the complexity of programs which we create in this day and age have increased quite a bit, but the languages which we program in have not evolved to match.

    I hear this a lot, and while it sounds good, it's actually really deceptive. It implies that by fixing the language, you'll fix the software written in that language, which is not the case.

    In this specific example, the problem is an architectural one, and is essentially a feature of the design of the program, its file format, and possibly the security protocols of the underlying operating system.
    posted by inpHilltr8r at 3:58 PM on September 13, 2002


    I was reminded of this Win95-alike for Win3.1-era machines. I first heard of this software through a posted ad in front of the neighborhood supermarket, in which some guy was selling his old 386er with the claim that it ran "Calamira (sic) Windows 95, which provides all the functionality of Windows 95 in a fraction of the space" or something. Like anyone who wants an old beater PC is going to care.

    I was intrigued, mostly because it sounds like a Jeff Foxworthy joke ("'Calamira Windows 95' means yuh live in Cala-myra county and yer winders have nanny-five percenta their 'riginal glass").
    posted by britain at 4:12 PM on September 13, 2002


    It's not an issue of greed, but an issue of resources, and the ability to deploy resources intelligently.

    SweetJesus is correct. Not only does Microsoft have to have someone who knows the Word 97 code well enough to fix it, they have to maintain a computer for software build, someone who knows the Word 97 build process, test plans for Word 97, someone who knows how to run them, localization, and on and on.... This often means using archaic tools and processes that were great back in '96 but are substandard now so nobody who's been hired since then knows how to use them. And all this needs to be done for several different releases of Word 97 (different languages, distribution types, etc.) compounding the amount of resources needed.

    Eventually, the cost gets ridiculous compared to the number of existing users. Yes, Microsoft has billions of dollars, but they didn't that from making bad choices about resource usage.
    posted by ukamikanasi at 4:22 PM on September 13, 2002


    Just want to clarify Matt's earlier link to AbiWord (also available from the SourceForge page). The earlier link doesn't seem to work.
    posted by mikhail at 4:27 PM on September 13, 2002


    Grrrr. You win this round, Microsoft, but I am this much closer to moving to a different OS.
    posted by Joey Michaels at 4:29 PM on September 13, 2002


    infil:

    I hear this a lot, and while it sounds good, it's actually really deceptive. It implies that by fixing the language, you'll fix the software written in that language, which is not the case.

    that's a good point, infil. however, language enhancements can prevent classes of problems from occurring. for example, a language which incorporates garbage collection prevents memory leaks from occurring. in addition, one of the aims of modern languages is to decrease code size -- that goes to my point above about the N factorial nature of error potential. maybe you can't get rid of the factorial, but you can try to make N smaller. (of course, you can try to make a program written in a verbose language smaller -- but as certain complexities (such as memory allocation and deallocation) must be dealt with, code size could be made yet smaller still in other languages.) a good example of this is Python: it incorporates both lists and dictionaries (in essence hash maps) in the language, preventing a lot of needless code from being written.

    that doesn't address the speed of the resulting program, and sometimes speed is detrimentally affected. sometimes that can be helped by the language compiler or interpreter (that is to say, it could be more efficient than it currently is) or perhaps it's an unavoidable consequence. for a majority of programs available today, however, i do believe speed is not of the greatest essence, and yet it is considered a feature to which developers will not do without. (that is: you need speed in an OS kernel, or in a driver or a video game, but not necessarily in joe's spreadsheet program.)
    posted by moz at 8:36 PM on September 13, 2002


    Joey, obviously you need to email Bill Gates and ask him to donate upgrades for your school's software (and maybe the machines too while you're at it). After all, MS LOVES to get in early and tie up people's brand loyalty at an impressionable age (say, 11).
    posted by Raya at 9:02 AM on September 14, 2002


    But in general, if you are going to get into a "does it have these 120 features and scratch my butt" thing, then no, Abiword isn't right for you.

    I find the ability to use tables more important than having it scratch my butt, thanks. But for light word processing, AbiWord looks like it would work fine.

    Eventually, the cost gets ridiculous compared to the number of existing users.

    True. But they haven't reached that point at 32% of the user base. Besides, compare the cost of creating a fix for this to the money they spend creating all the new features that virtually no one actually uses?

    If you're not a computer programmer, you probably have no idea how hard it is to read someone else's code if it's not maintained well

    And whose fault is that if it's not maintained well?

    In the auto world they would compair to a 1985 mini-van, does Ford still recall autos this old?

    Actually yes, I've seen automakers recall very old vehicles if the problem was severe enough.

    As one of the 32% who finds Word 97 more than adequate for my needs, I think this will be an interesting test of how much Microsoft cares about its customers.
    posted by pmurray63 at 11:48 AM on September 14, 2002


    an interesting test of how much Microsoft cares about its customers.
    while you are at it, test if the sun rises in the west, willya?
    posted by quonsar at 1:38 PM on September 14, 2002


    Just a quick update, because I find it very annoying that this issue is getting so much press. I tested this out with several different types of files. Yes, it works very cleanly with other Word documents and/or text files. Insert a few Word fields -- some of which ensure that the theft is invisible to an end-user -- and suddenly the complete text of an entirely different file is hidden within my test document.

    But, no, it does not work with Excel spreadsheets, PowerPoint presentations, Access databases, or even Outlook e-mail archives. If you try to "include" an Excel spreadsheet, Word pops up a dialog box asking if you want to import the entire workbook, or a single worksheet. Not exactly stealthy. Remember, the command in question is INCLUDETEXT, not INCLUDEFILE. Attempting to do a stealth include of pretty much anything other than a simple text document will result in a dialog box prompting for a conversion method. In other words, this thing works in a simple test scenario, but the reality of it is much different than what's being reported.

    Hell, I can't even remember all the different names and locations of documents I work with. How on earth would some anonymous hacker be able to guess at my convoluted document and directory naming conventions?
    posted by RKB at 8:17 AM on September 15, 2002


    for example, a language which incorporates garbage collection prevents memory leaks from occurring.

    Actually it just makes them harder to create by accident. You can still leak memory (and other resources) in garbage collected languages. Indeed, you could argue that by relying on garbage collection to fix all your memory leaks, you're more likely to miss the truly pathological errors (which are invariably the ones that survive longest, and are the most likely to escape into the wild).
    posted by inpHilltr8r at 4:08 PM on September 16, 2002


    (that is: you need speed in an OS kernel, or in a driver or a video game, but not necessarily in joe's spreadsheet program.)

    True, true, although even in a video game (my personal specialist subject), you still have some code that recquires blistering speed (all of our transform and lighting code is still written in assembler), and some that does not (our tool pipeline is packed full of STL).

    Hmm, on preview that fact that I consider the STL to be slow, is probably betraying my roots. Arcane, yes, slow, no.
    posted by inpHilltr8r at 4:13 PM on September 16, 2002


    « Older   |   "Coz every girl crazy 'bout a sharp dressed man" Newer »


    This thread has been archived and is closed to new comments