September 5, 2003

OpenOffice trails MS Office in vulnerabilities

- By Robin 'Roblimo' Miller -

This week Microsoft Office once again affirmed its leadership in the office software world by releasing news of not one, two, or three, but five security holes. Meanwhile,, the primary open source competitor to MS Office, has no vulnerabilities to report. And OpenOffice developers say they have no plans to introduce Microsoft-competitive vulnerabilities, even though most PC users obviously consider insecurity a vital part of the computing experience.

This is a sad blow to the open source community. OpenOffice already trails Microsoft Office severely in price, since it is free while the "pro" version of MS Office costs $252 or more. Finding that OpenOffice can't compete on the insecurity front either is downright disheartening. self-described "community cheerleader" Dan Bethe says it's almost impossible for developers to achieve Microsoft Office's level of insecurity unless "they work for a monopoly whose engineers are vertically segmented from each other, who only act upon immediate orders of self-preservation, and are disallowed a perspective on the actual scope of their actions." developer Chris Halls says that even if OOo people wanted to catch up to MS Office in vulnerabilities, "I haven't seen any plans for any of those features yet -- there's still much to do catching up with all the other features."

Besides insecurity, another MS Office feature OpenOffice lacks is the ever-popular "forced upgrade because of proprietary file format changes." Halls says this probably won't be added to OpenOffice any time soon, because when the thought was brought up, "there was a loud group of developers that protested and smothered the idea for 1.1, so MS gets to keep that idea to themselves. Maybe they have a patent on it already."

Microsoft has long held the leadership position in office software insecurity. We don't know how heavily this contributes to their market leadership position in the office software space, but it may be a major factor. Obviously, one of Windows's great attractions is the thrill of never knowing what new viruses, worms, spyware, and other Bad Things might suddenly come along and bring a user's system to a crashing halt. Compared to Windows, Linux is downright boring; it simply works, unaffected by viruses and worms, day in and day out., despite having some clunkinesses, is similar to Linux in that it just sits there and chugs along, doing its job -- and this is true not only of the Linux version but also of the Windows port, which shares the same sad invulnerability to MS Office problem-based excitement as OpenOffice for Linux.

Of course, there's also the price barrier to be overcome. At $0.00, OpenOffice simply can't compete. Heck, it can't even get on retail store shelves because a 40% markup on $0.00 gives the retailer a gross profit of approximately $0.00, and most don't feel that's high enough to devote valuable shelf space to OpenOffice.

Luckily, for those users (and retailers) who are uncomfortable with free software, OpenOffice has a commercial sibling, StarOffice, that currently sells for $66.67 or more, and includes corporate-level support. (Both Linux and Windows versions are included on the same CD, by the way.)

Sadly, it looks like both OpenOffice and StarOffice are going to lag far behind Microsoft Office in vital insecurity and "forced upgrade" features for many years to come, so there is little chance of either or both of these fine software packages becoming more popular than Microsoft Office in the foreseeable future -- unless a majority of office software users manage to put aside many years of marketing-induced conditioning that has led them to believe all programs are supposed to be insecure, and also figure out that a free or low-cost office suite that uses stable, open file formats is inherently better than a costly one that uses ever-changing proprietary file formats.


  • Management
Click Here!